Edit tour

Windows Analysis Report
SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe

Overview

General Information

Sample name:SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe
Analysis ID:1632574
MD5:4864dd1c69d3fa10d608c2483be1219a
SHA1:7cf739e0812972172cb321335aeb33cc527f08aa
SHA256:a56fc16a195fe09b8a210ce413f2519b52a13acc3709ce1528e616da0037506f
Tags:exeuser-SecuriteInfoCom
Infos:

Detection

Score:60
Range:0 - 100
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Joe Sandbox ML detected suspicious sample
Sigma detected: Invoke-Obfuscation CLIP+ Launcher
Sigma detected: Invoke-Obfuscation VAR+ Launcher
Creates a process in suspended mode (likely to inject code)
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Usage Of Web Request Commands And Cmdlets
Uses 32bit PE files

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe (PID: 7548 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe" MD5: 4864DD1C69D3FA10D608C2483BE1219A)
    • Extended-Training-Mode.exe (PID: 7980 cmdline: "C:\Users\user\AppData\Local\Temp\\Extended-Training-Mode.exe" MD5: D1B0632E0B415DADA059CD8917FF9096)
      • conhost.exe (PID: 7992 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 8040 cmdline: C:\Windows\system32\cmd.exe /c curl -s https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/latest MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • curl.exe (PID: 8056 cmdline: curl -s https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/latest MD5: 44E5BAEEE864F1E9EDBE3986246AB37A)
  • cleanup
No configs have been found
No yara matches

System Summary

barindex
Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: C:\Windows\system32\cmd.exe /c curl -s https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/latest, CommandLine: C:\Windows\system32\cmd.exe /c curl -s https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/latest, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\\Extended-Training-Mode.exe", ParentImage: C:\Users\user\AppData\Local\Temp\Extended-Training-Mode.exe, ParentProcessId: 7980, ParentProcessName: Extended-Training-Mode.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c curl -s https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/latest, ProcessId: 8040, ProcessName: cmd.exe
Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: C:\Windows\system32\cmd.exe /c curl -s https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/latest, CommandLine: C:\Windows\system32\cmd.exe /c curl -s https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/latest, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\\Extended-Training-Mode.exe", ParentImage: C:\Users\user\AppData\Local\Temp\Extended-Training-Mode.exe, ParentProcessId: 7980, ParentProcessName: Extended-Training-Mode.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c curl -s https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/latest, ProcessId: 8040, ProcessName: cmd.exe
Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: C:\Windows\system32\cmd.exe /c curl -s https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/latest, CommandLine: C:\Windows\system32\cmd.exe /c curl -s https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/latest, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\\Extended-Training-Mode.exe", ParentImage: C:\Users\user\AppData\Local\Temp\Extended-Training-Mode.exe, ParentProcessId: 7980, ParentProcessName: Extended-Training-Mode.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c curl -s https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/latest, ProcessId: 8040, ProcessName: cmd.exe
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeReversingLabs: Detection: 34%
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeVirustotal: Detection: 40%Perma Link
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 140.82.121.5:443 -> 192.168.2.4:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 140.82.121.5:443 -> 192.168.2.4:49719 version: TLS 1.2
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: D:\a\MBAACC-Extended-Training-Mode\MBAACC-Extended-Training-Mode\Release\Extended-Training-Mode-DLL.pdb source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, Extended-Training-Mode-DLL.dll.6.dr, Extended-Training-Mode.exe.0.dr
Source: Binary string: D:\a\MBAACC-Extended-Training-Mode\MBAACC-Extended-Training-Mode\Release\MBAACC-Extended-Training-Mode.pdb source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, Extended-Training-Mode.exe.0.dr
Source: Binary string: D:\a\MBAACC-Extended-Training-Mode\MBAACC-Extended-Training-Mode\Release\MBAACC-Extended-Training-Mode-Launcher.pdb)) source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe
Source: Binary string: D:\a\MBAACC-Extended-Training-Mode\MBAACC-Extended-Training-Mode\Release\MBAACC-Extended-Training-Mode-Launcher.pdb source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe
Source: Joe Sandbox ViewIP Address: 140.82.121.5 140.82.121.5
Source: Joe Sandbox ViewJA3 fingerprint: 74954a0c86284d0d6e1c4efefe92b521
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /repos/fangdreth/MBAACC-Extended-Training-Mode/releases/tags/bleeding-edge HTTP/1.1User-Agent: GitHubAPIHost: api.github.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /repos/fangdreth/MBAACC-Extended-Training-Mode/releases/latest HTTP/1.1Host: api.github.comUser-Agent: curl/7.83.1Accept: */*
Source: global trafficDNS traffic detected: DNS query: api.github.com
Source: Extended-Training-Mode.exe, 00000006.00000002.3127576584.0000000000B0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.gi
Source: Extended-Training-Mode.exe, 00000006.00000002.3127576584.0000000000B0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.github.cT
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, 00000000.00000002.1301044423.00000000018B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.github.com/
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, 00000000.00000002.1301044423.00000000018B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.github.com/AC
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, 00000000.00000003.1293871389.00000000018D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, 00000000.00000003.1293920829.0000000001912000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.github.com/repos/fangdreth/MBAACC-Extended
Source: bleeding-edge[1].json.0.drString found in binary or memory: https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/203206778
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, 00000000.00000002.1301793351.0000000001913000.00000004.00000020.00020000.00000000.sdmp, bleeding-edge[1].json.0.drString found in binary or memory: https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/203206778/assets
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, 00000000.00000002.1301793351.0000000001913000.00000004.00000020.00020000.00000000.sdmp, bleeding-edge[1].json.0.drString found in binary or memory: https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/assets/233845108
Source: curl.exe, 00000009.00000002.1333359034.0000000002910000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000002.1333359034.0000000002928000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332636733.0000000002920000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000002.1333359034.0000000002923000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, Extended-Training-Mode-DLL.dll.6.dr, Extended-Training-Mode.exe.0.drString found in binary or memory: https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/latest
Source: Extended-Training-Mode.exe, 00000006.00000002.3127576584.0000000000B0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/latest3
Source: Extended-Training-Mode.exe, 00000006.00000002.3127576584.0000000000B0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/latest:
Source: Extended-Training-Mode.exe, 00000006.00000003.1338894696.00000000009C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/latestC:
Source: curl.exe, 00000009.00000002.1333359034.0000000002910000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/latestT_
Source: curl.exe, 00000009.00000002.1333359034.0000000002910000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000002.1333316600.0000000000820000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/latestWinsta0
Source: curl.exe, 00000009.00000003.1332636733.0000000002928000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000002.1333359034.0000000002928000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/latestapi.github.com
Source: Extended-Training-Mode.exe, 00000006.00000002.3127576584.0000000000B0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/latestb
Source: curl.exe, 00000009.00000002.1333359034.0000000002910000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000002.1333316600.0000000000820000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/latestcurl
Source: Extended-Training-Mode.exe.0.drString found in binary or memory: https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/latesthttps://github.c
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, 00000000.00000002.1301044423.000000000185E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/tags/bleeding-edge
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeString found in binary or memory: https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/tags/bleeding-edgeInte
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, 00000000.00000002.1301044423.000000000185E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/tags/bleeding-edgell
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, 00000000.00000002.1301044423.000000000185E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/tags/bleeding-edges
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, 00000000.00000002.1301044423.000000000185E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/tags/bleeding-edgew
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, 00000000.00000002.1301793351.0000000001913000.00000004.00000020.00020000.00000000.sdmp, bleeding-edge[1].json.0.drString found in binary or memory: https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/tarball/bleeding-edge
Source: Extended-Training-Mode.exe, 00000006.00000002.3127576584.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332433747.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.000000000299F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/tarball/v2.0
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, 00000000.00000002.1301793351.0000000001913000.00000004.00000020.00020000.00000000.sdmp, bleeding-edge[1].json.0.drString found in binary or memory: https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/zipball/bleeding-edge
Source: Extended-Training-Mode.exe, 00000006.00000002.3127576584.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332433747.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.000000000299F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/zipball/v2.0
Source: curl.exe, 00000009.00000003.1332433747.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332346140.000000000292C000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.0000000002986000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.github.com/users/fangdreth
Source: curl.exe, 00000009.00000003.1332433747.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332346140.000000000292C000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.0000000002986000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.github.com/users/fangdreth/events
Source: curl.exe, 00000009.00000003.1332433747.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332346140.000000000292C000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.0000000002986000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.github.com/users/fangdreth/followers
Source: curl.exe, 00000009.00000003.1332433747.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332346140.000000000292C000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.0000000002986000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.github.com/users/fangdreth/following
Source: curl.exe, 00000009.00000003.1332433747.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332346140.000000000292C000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.0000000002986000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.github.com/users/fangdreth/gists
Source: curl.exe, 00000009.00000003.1332433747.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332346140.000000000292C000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.0000000002986000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.github.com/users/fangdreth/orgs
Source: curl.exe, 00000009.00000003.1332433747.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332346140.000000000292C000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.0000000002986000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.github.com/users/fangdreth/received_events
Source: curl.exe, 00000009.00000003.1332433747.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332346140.000000000292C000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.0000000002986000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.github.com/users/fangdreth/repos
Source: curl.exe, 00000009.00000003.1332433747.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332346140.000000000292C000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.0000000002986000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.github.com/users/fangdreth/starred
Source: curl.exe, 00000009.00000003.1332433747.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332346140.000000000292C000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.0000000002986000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.github.com/users/fangdreth/subscriptions
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, 00000000.00000002.1300538691.00000000016F8000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://api.github.com/users/githu
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, 00000000.00000002.1301793351.0000000001913000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.github.com/users/github-actions%5Bbot
Source: bleeding-edge[1].json.0.drString found in binary or memory: https://api.github.com/users/github-actions%5Bbot%5D
Source: bleeding-edge[1].json.0.drString found in binary or memory: https://api.github.com/users/github-actions%5Bbot%5D/events
Source: bleeding-edge[1].json.0.drString found in binary or memory: https://api.github.com/users/github-actions%5Bbot%5D/followers
Source: bleeding-edge[1].json.0.drString found in binary or memory: https://api.github.com/users/github-actions%5Bbot%5D/following
Source: bleeding-edge[1].json.0.drString found in binary or memory: https://api.github.com/users/github-actions%5Bbot%5D/gists
Source: bleeding-edge[1].json.0.drString found in binary or memory: https://api.github.com/users/github-actions%5Bbot%5D/orgs
Source: bleeding-edge[1].json.0.drString found in binary or memory: https://api.github.com/users/github-actions%5Bbot%5D/received_events
Source: bleeding-edge[1].json.0.drString found in binary or memory: https://api.github.com/users/github-actions%5Bbot%5D/repos
Source: bleeding-edge[1].json.0.drString found in binary or memory: https://api.github.com/users/github-actions%5Bbot%5D/starred
Source: bleeding-edge[1].json.0.drString found in binary or memory: https://api.github.com/users/github-actions%5Bbot%5D/subscriptions
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, 00000000.00000002.1301793351.0000000001913000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.github.com/users/githuk
Source: Extended-Training-Mode.exe, 00000006.00000002.3127576584.0000000000B0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.githubuserconten
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, 00000000.00000002.1301793351.0000000001913000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.githubusercontent.c
Source: bleeding-edge[1].json.0.drString found in binary or memory: https://avatars.githubusercontent.com/in/15368?v=4
Source: curl.exe, 00000009.00000003.1332433747.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332346140.000000000292C000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.0000000002986000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.githubusercontent.com/u/61390904?v=4
Source: bleeding-edge[1].json.0.drString found in binary or memory: https://github.com/apps/github-actions
Source: curl.exe, 00000009.00000003.1332433747.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332346140.000000000292C000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.0000000002986000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/fangdreth
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, 00000000.00000002.1301793351.0000000001913000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/fangdreth/MBAACC-Ex
Source: Extended-Training-Mode.exe, 00000006.00000002.3127576584.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp, Extended-Training-Mode.exe, 00000006.00000002.3128017297.0000000000FCD000.00000002.00000001.01000000.00000006.sdmp, SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, ConDrv.6.dr, Extended-Training-Mode-DLL.dll.6.dr, Extended-Training-Mode.exe.0.drString found in binary or memory: https://github.com/fangdreth/MBAACC-Extended-Training-Mode/releases
Source: Extended-Training-Mode.exe, 00000006.00000002.3127576584.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp, Extended-Training-Mode.exe, 00000006.00000002.3128017297.0000000000FCD000.00000002.00000001.01000000.00000006.sdmp, SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, Extended-Training-Mode-DLL.dll.6.dr, Extended-Training-Mode.exe.0.drString found in binary or memory: https://github.com/fangdreth/MBAACC-Extended-Training-Mode/releases/download/
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, bleeding-edge[1].json.0.drString found in binary or memory: https://github.com/fangdreth/MBAACC-Extended-Training-Mode/releases/download/bleeding-edge/MBAACC-Ex
Source: curl.exe, 00000009.00000003.1332433747.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.000000000299F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/fangdreth/MBAACC-Extended-Training-Mode/releases/download/v2.0/README.md
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, 00000000.00000002.1301793351.0000000001913000.00000004.00000020.00020000.00000000.sdmp, bleeding-edge[1].json.0.drString found in binary or memory: https://github.com/fangdreth/MBAACC-Extended-Training-Mode/releases/tag/bleeding-edge
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, 00000000.00000002.1301793351.0000000001913000.00000004.00000020.00020000.00000000.sdmp, bleeding-edge[1].json.0.drString found in binary or memory: https://uploads.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/203206778/assets
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownHTTPS traffic detected: 140.82.121.5:443 -> 192.168.2.4:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 140.82.121.5:443 -> 192.168.2.4:49719 version: TLS 1.2
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeStatic PE information: Resource name: EXE type: PE32 executable (console) Intel 80386, for MS Windows
Source: Extended-Training-Mode.exe.0.drStatic PE information: Resource name: DLL type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: mal60.winEXE@8/5@1/2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\bleeding-edge[1].jsonJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7992:120:WilError_03
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeFile created: C:\Users\user\AppData\Local\Temp\Extended-Training-Mode-Launcher.logJump to behavior
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeReversingLabs: Detection: 34%
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeVirustotal: Detection: 40%
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeString found in binary or memory: \Extended-Training-Mode-Launcher.log
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeString found in binary or memory: https://github.com/fangdreth/MBAACC-Extended-Training-Mode/releases/download/bleeding-edge/MBAACC-Extended-Training-Mode-Launcher.
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeString found in binary or memory: @Unknown exceptionbad array new lengthstring too longbad cast\Extended-Training-Mode-Launcher.loglog inited
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeString found in binary or memory: Downloaderhttps://github.com/fangdreth/MBAACC-Extended-Training-Mode/releases/download/bleeding-edge/MBAACC-Extended-Training-Mode-Launcher.exefailed to open updated file for writing
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeString found in binary or memory: D:\a\MBAACC-Extended-Training-Mode\MBAACC-Extended-Training-Mode\Release\MBAACC-Extended-Training-Mode-Launcher.pdb
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeString found in binary or memory: D:\a\MBAACC-Extended-Training-Mode\MBAACC-Extended-Training-Mode\Release\MBAACC-Extended-Training-Mode-Launcher.pdb))
Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe "C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeProcess created: C:\Users\user\AppData\Local\Temp\Extended-Training-Mode.exe "C:\Users\user\AppData\Local\Temp\\Extended-Training-Mode.exe"
Source: C:\Users\user\AppData\Local\Temp\Extended-Training-Mode.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\Extended-Training-Mode.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c curl -s https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/latest
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/latest
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeProcess created: C:\Users\user\AppData\Local\Temp\Extended-Training-Mode.exe "C:\Users\user\AppData\Local\Temp\\Extended-Training-Mode.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Extended-Training-Mode.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c curl -s https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/latestJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/latestJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\Extended-Training-Mode.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\Extended-Training-Mode.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\Extended-Training-Mode.exeSection loaded: msvcp140_atomic_wait.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\Extended-Training-Mode.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\Extended-Training-Mode.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\Extended-Training-Mode.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\Extended-Training-Mode.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\Extended-Training-Mode.exeSection loaded: icu.dllJump to behavior
Source: C:\Windows\SysWOW64\curl.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\SysWOW64\curl.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\curl.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\curl.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\SysWOW64\curl.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\curl.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\SysWOW64\curl.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\SysWOW64\curl.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\SysWOW64\curl.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\SysWOW64\curl.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\SysWOW64\curl.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\curl.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\SysWOW64\curl.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeStatic file information: File size 12606976 > 1048576
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0xbf1600
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\a\MBAACC-Extended-Training-Mode\MBAACC-Extended-Training-Mode\Release\Extended-Training-Mode-DLL.pdb source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, Extended-Training-Mode-DLL.dll.6.dr, Extended-Training-Mode.exe.0.dr
Source: Binary string: D:\a\MBAACC-Extended-Training-Mode\MBAACC-Extended-Training-Mode\Release\MBAACC-Extended-Training-Mode.pdb source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, Extended-Training-Mode.exe.0.dr
Source: Binary string: D:\a\MBAACC-Extended-Training-Mode\MBAACC-Extended-Training-Mode\Release\MBAACC-Extended-Training-Mode-Launcher.pdb)) source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe
Source: Binary string: D:\a\MBAACC-Extended-Training-Mode\MBAACC-Extended-Training-Mode\Release\MBAACC-Extended-Training-Mode-Launcher.pdb source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: Extended-Training-Mode-DLL.dll.6.drStatic PE information: section name: _RDATA
Source: C:\Users\user\AppData\Local\Temp\Extended-Training-Mode.exeFile created: C:\Users\user\AppData\Local\Temp\Extended-Training-Mode-DLL.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeFile created: C:\Users\user\AppData\Local\Temp\Extended-Training-Mode.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Extended-Training-Mode.exeWindow / User API: threadDelayed 1446Jump to behavior
Source: C:\Windows\System32\conhost.exeWindow / User API: threadDelayed 2918Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Extended-Training-Mode.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Extended-Training-Mode-DLL.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Extended-Training-Mode.exe TID: 7984Thread sleep time: -144600s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\Extended-Training-Mode.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, 00000000.00000002.1301044423.00000000018BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, 00000000.00000002.1301044423.000000000185E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWH
Source: SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, 00000000.00000002.1301044423.00000000018A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWL
Source: curl.exe, 00000009.00000003.1332636733.0000000002920000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll||
Source: C:\Users\user\AppData\Local\Temp\Extended-Training-Mode.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\Extended-Training-Mode.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c curl -s https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/latestJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl -s https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/latestJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exeCode function: 0_2_0071D133 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_0071D133
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter
1
DLL Side-Loading
11
Process Injection
1
Masquerading
OS Credential Dumping1
System Time Discovery
Remote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading
1
Virtualization/Sandbox Evasion
LSASS Memory1
Security Software Discovery
Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
Process Injection
Security Account Manager1
Virtualization/Sandbox Evasion
SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading
NTDS1
Process Discovery
Distributed Component Object ModelInput Capture3
Application Layer Protocol
Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
Application Window Discovery
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials2
System Information Discovery
VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1632574 Sample: SecuriteInfo.com.Variant.Zu... Startdate: 08/03/2025 Architecture: WINDOWS Score: 60 27 api.github.com 2->27 33 Multi AV Scanner detection for submitted file 2->33 35 Sigma detected: Invoke-Obfuscation CLIP+ Launcher 2->35 37 Joe Sandbox ML detected suspicious sample 2->37 39 Sigma detected: Invoke-Obfuscation VAR+ Launcher 2->39 9 SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe 16 2->9         started        signatures3 process4 dnsIp5 31 api.github.com 140.82.121.5, 443, 49715, 49719 GITHUBUS United States 9->31 23 C:\Users\user\...xtended-Training-Mode.exe, PE32 9->23 dropped 13 Extended-Training-Mode.exe 3 9->13         started        file6 process7 file8 25 C:\Users\...xtended-Training-Mode-DLL.dll, PE32 13->25 dropped 16 cmd.exe 1 13->16         started        18 conhost.exe 13->18         started        process9 process10 20 curl.exe 1 16->20         started        dnsIp11 29 127.0.0.1 unknown unknown 20->29

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version

windows-stand
SourceDetectionScannerLabelLink
SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe34%ReversingLabsWin32.Infostealer.Tinba
SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe40%VirustotalBrowse
SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\Extended-Training-Mode-DLL.dll3%ReversingLabs
C:\Users\user\AppData\Local\Temp\Extended-Training-Mode.exe4%ReversingLabs
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://avatars.githubuserconten0%Avira URL Cloudsafe
https://api.gi0%Avira URL Cloudsafe
https://api.github.cT0%Avira URL Cloudsafe
https://avatars.githubusercontent.c0%Avira URL Cloudsafe
https://uploads.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/203206778/assets0%Avira URL Cloudsafe

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
api.github.com
140.82.121.5
truefalse
    high
    NameMaliciousAntivirus DetectionReputation
    https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/latestfalse
      high
      https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/tags/bleeding-edgefalse
        high
        NameSourceMaliciousAntivirus DetectionReputation
        https://api.github.com/users/fangdreth/gistscurl.exe, 00000009.00000003.1332433747.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332346140.000000000292C000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.0000000002986000.00000004.00000020.00020000.00000000.sdmpfalse
          high
          https://api.github.com/users/fangdreth/followingcurl.exe, 00000009.00000003.1332433747.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332346140.000000000292C000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.0000000002986000.00000004.00000020.00020000.00000000.sdmpfalse
            high
            https://avatars.githubusercontenExtended-Training-Mode.exe, 00000006.00000002.3127576584.0000000000B0E000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            https://github.com/apps/github-actionsbleeding-edge[1].json.0.drfalse
              high
              https://github.com/fangdreth/MBAACC-ExSecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, 00000000.00000002.1301793351.0000000001913000.00000004.00000020.00020000.00000000.sdmpfalse
                high
                https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/latest:Extended-Training-Mode.exe, 00000006.00000002.3127576584.0000000000B0E000.00000004.00000020.00020000.00000000.sdmpfalse
                  high
                  https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/tags/bleeding-edgeInteSecuriteInfo.com.Variant.Zusy.582702.20219.11785.exefalse
                    high
                    https://api.github.com/users/fangdrethcurl.exe, 00000009.00000003.1332433747.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332346140.000000000292C000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.0000000002986000.00000004.00000020.00020000.00000000.sdmpfalse
                      high
                      https://github.com/fangdreth/MBAACC-Extended-Training-Mode/releases/download/Extended-Training-Mode.exe, 00000006.00000002.3127576584.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp, Extended-Training-Mode.exe, 00000006.00000002.3128017297.0000000000FCD000.00000002.00000001.01000000.00000006.sdmp, SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, Extended-Training-Mode-DLL.dll.6.dr, Extended-Training-Mode.exe.0.drfalse
                        high
                        https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/tags/bleeding-edgesSecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, 00000000.00000002.1301044423.000000000185E000.00000004.00000020.00020000.00000000.sdmpfalse
                          high
                          https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/203206778bleeding-edge[1].json.0.drfalse
                            high
                            https://github.com/fangdreth/MBAACC-Extended-Training-Mode/releases/download/bleeding-edge/MBAACC-ExSecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, bleeding-edge[1].json.0.drfalse
                              high
                              https://api.github.com/users/github-actions%5Bbot%5D/reposbleeding-edge[1].json.0.drfalse
                                high
                                https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/tags/bleeding-edgewSecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, 00000000.00000002.1301044423.000000000185E000.00000004.00000020.00020000.00000000.sdmpfalse
                                  high
                                  https://api.github.com/users/github-actions%5Bbot%5D/orgsbleeding-edge[1].json.0.drfalse
                                    high
                                    https://github.com/fangdreth/MBAACC-Extended-Training-Mode/releases/download/v2.0/README.mdcurl.exe, 00000009.00000003.1332433747.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.000000000299F000.00000004.00000020.00020000.00000000.sdmpfalse
                                      high
                                      https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/latestapi.github.comcurl.exe, 00000009.00000003.1332636733.0000000002928000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000002.1333359034.0000000002928000.00000004.00000020.00020000.00000000.sdmpfalse
                                        high
                                        https://api.github.com/users/github-actions%5Bbot%5D/subscriptionsbleeding-edge[1].json.0.drfalse
                                          high
                                          https://api.github.com/users/fangdreth/orgscurl.exe, 00000009.00000003.1332433747.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332346140.000000000292C000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.0000000002986000.00000004.00000020.00020000.00000000.sdmpfalse
                                            high
                                            https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/assets/233845108SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, 00000000.00000002.1301793351.0000000001913000.00000004.00000020.00020000.00000000.sdmp, bleeding-edge[1].json.0.drfalse
                                              high
                                              https://api.github.com/users/fangdreth/starredcurl.exe, 00000009.00000003.1332433747.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332346140.000000000292C000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.0000000002986000.00000004.00000020.00020000.00000000.sdmpfalse
                                                high
                                                https://api.github.com/users/github-actions%5BbotSecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, 00000000.00000002.1301793351.0000000001913000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  high
                                                  https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/latestT_curl.exe, 00000009.00000002.1333359034.0000000002910000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    high
                                                    https://api.github.com/users/github-actions%5Bbot%5D/gistsbleeding-edge[1].json.0.drfalse
                                                      high
                                                      https://api.github.com/repos/fangdreth/MBAACC-ExtendedSecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, 00000000.00000003.1293871389.00000000018D4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, 00000000.00000003.1293920829.0000000001912000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        high
                                                        https://api.github.com/users/fangdreth/subscriptionscurl.exe, 00000009.00000003.1332433747.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332346140.000000000292C000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.0000000002986000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          high
                                                          https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/latestWinsta0curl.exe, 00000009.00000002.1333359034.0000000002910000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000002.1333316600.0000000000820000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            high
                                                            https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/tags/bleeding-edgellSecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, 00000000.00000002.1301044423.000000000185E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              high
                                                              https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/zipball/v2.0Extended-Training-Mode.exe, 00000006.00000002.3127576584.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332433747.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.000000000299F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                high
                                                                https://api.github.com/users/github-actions%5Bbot%5Dbleeding-edge[1].json.0.drfalse
                                                                  high
                                                                  https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/latestbExtended-Training-Mode.exe, 00000006.00000002.3127576584.0000000000B0E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://api.github.com/users/fangdreth/received_eventscurl.exe, 00000009.00000003.1332433747.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332346140.000000000292C000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.0000000002986000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      high
                                                                      https://api.github.com/users/fangdreth/followerscurl.exe, 00000009.00000003.1332433747.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332346140.000000000292C000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.0000000002986000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        high
                                                                        https://api.github.com/users/github-actions%5Bbot%5D/followingbleeding-edge[1].json.0.drfalse
                                                                          high
                                                                          https://github.com/fangdreth/MBAACC-Extended-Training-Mode/releasesExtended-Training-Mode.exe, 00000006.00000002.3127576584.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp, Extended-Training-Mode.exe, 00000006.00000002.3128017297.0000000000FCD000.00000002.00000001.01000000.00000006.sdmp, SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, ConDrv.6.dr, Extended-Training-Mode-DLL.dll.6.dr, Extended-Training-Mode.exe.0.drfalse
                                                                            high
                                                                            https://api.giExtended-Training-Mode.exe, 00000006.00000002.3127576584.0000000000B0E000.00000004.00000020.00020000.00000000.sdmptrue
                                                                            • Avira URL Cloud: safe
                                                                            unknown
                                                                            https://api.github.com/users/github-actions%5Bbot%5D/followersbleeding-edge[1].json.0.drfalse
                                                                              high
                                                                              https://api.github.com/users/fangdreth/eventscurl.exe, 00000009.00000003.1332433747.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332346140.000000000292C000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.0000000002986000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                high
                                                                                https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/zipball/bleeding-edgeSecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, 00000000.00000002.1301793351.0000000001913000.00000004.00000020.00020000.00000000.sdmp, bleeding-edge[1].json.0.drfalse
                                                                                  high
                                                                                  https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/latesthttps://github.cExtended-Training-Mode.exe.0.drfalse
                                                                                    high
                                                                                    https://api.github.com/users/github-actions%5Bbot%5D/starredbleeding-edge[1].json.0.drfalse
                                                                                      high
                                                                                      https://github.com/fangdreth/MBAACC-Extended-Training-Mode/releases/tag/bleeding-edgeSecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, 00000000.00000002.1301793351.0000000001913000.00000004.00000020.00020000.00000000.sdmp, bleeding-edge[1].json.0.drfalse
                                                                                        high
                                                                                        https://api.github.com/users/githukSecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, 00000000.00000002.1301793351.0000000001913000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/latestcurlcurl.exe, 00000009.00000002.1333359034.0000000002910000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000002.1333316600.0000000000820000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            https://api.github.com/users/github-actions%5Bbot%5D/eventsbleeding-edge[1].json.0.drfalse
                                                                                              high
                                                                                              https://avatars.githubusercontent.com/u/61390904?v=4curl.exe, 00000009.00000003.1332433747.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332346140.000000000292C000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.0000000002986000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                https://api.github.com/users/github-actions%5Bbot%5D/received_eventsbleeding-edge[1].json.0.drfalse
                                                                                                  high
                                                                                                  https://avatars.githubusercontent.com/in/15368?v=4bleeding-edge[1].json.0.drfalse
                                                                                                    high
                                                                                                    https://uploads.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/203206778/assetsSecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, 00000000.00000002.1301793351.0000000001913000.00000004.00000020.00020000.00000000.sdmp, bleeding-edge[1].json.0.drfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    unknown
                                                                                                    https://avatars.githubusercontent.cSecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, 00000000.00000002.1301793351.0000000001913000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    unknown
                                                                                                    https://api.github.com/users/githuSecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, 00000000.00000002.1300538691.00000000016F8000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/latest3Extended-Training-Mode.exe, 00000006.00000002.3127576584.0000000000B0E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/203206778/assetsSecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, 00000000.00000002.1301793351.0000000001913000.00000004.00000020.00020000.00000000.sdmp, bleeding-edge[1].json.0.drfalse
                                                                                                          high
                                                                                                          https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/tarball/v2.0Extended-Training-Mode.exe, 00000006.00000002.3127576584.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332433747.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.000000000299F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            https://api.github.com/ACSecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, 00000000.00000002.1301044423.00000000018B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              https://github.com/fangdrethcurl.exe, 00000009.00000003.1332433747.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332346140.000000000292C000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.0000000002986000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/latestC:Extended-Training-Mode.exe, 00000006.00000003.1338894696.00000000009C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  https://api.github.com/users/fangdreth/reposcurl.exe, 00000009.00000003.1332433747.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.0000000002986000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332247365.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332346140.000000000292C000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1331829355.000000000299F000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000003.1332104114.0000000002986000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/tarball/bleeding-edgeSecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, 00000000.00000002.1301793351.0000000001913000.00000004.00000020.00020000.00000000.sdmp, bleeding-edge[1].json.0.drfalse
                                                                                                                      high
                                                                                                                      https://api.github.com/SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, 00000000.00000002.1301044423.00000000018B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        https://api.github.cTExtended-Training-Mode.exe, 00000006.00000002.3127576584.0000000000B0E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        unknown
                                                                                                                        • No. of IPs < 25%
                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                        • 75% < No. of IPs
                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                        140.82.121.5
                                                                                                                        api.github.comUnited States
                                                                                                                        36459GITHUBUSfalse
                                                                                                                        IP
                                                                                                                        127.0.0.1
                                                                                                                        Joe Sandbox version:42.0.0 Malachite
                                                                                                                        Analysis ID:1632574
                                                                                                                        Start date and time:2025-03-08 11:27:38 +01:00
                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                        Overall analysis duration:0h 7m 3s
                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                        Report type:full
                                                                                                                        Cookbook file name:default.jbs
                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                        Run name:Run with higher sleep bypass
                                                                                                                        Number of analysed new started processes analysed:14
                                                                                                                        Number of new started drivers analysed:0
                                                                                                                        Number of existing processes analysed:0
                                                                                                                        Number of existing drivers analysed:0
                                                                                                                        Number of injected processes analysed:0
                                                                                                                        Technologies:
                                                                                                                        • HCA enabled
                                                                                                                        • EGA enabled
                                                                                                                        • AMSI enabled
                                                                                                                        Analysis Mode:default
                                                                                                                        Analysis stop reason:Timeout
                                                                                                                        Sample name:SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe
                                                                                                                        Detection:MAL
                                                                                                                        Classification:mal60.winEXE@8/5@1/2
                                                                                                                        EGA Information:Failed
                                                                                                                        HCA Information:Failed
                                                                                                                        Cookbook Comments:
                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                        • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                                        • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored
                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                        • Excluded IPs from analysis (whitelisted): 23.199.214.10, 20.109.210.53
                                                                                                                        • Excluded domains from analysis (whitelisted): a-ring-fallback.msedge.net, fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, c.pki.goog, fe3cr.delivery.mp.microsoft.com
                                                                                                                        • Execution Graph export aborted for target Extended-Training-Mode.exe, PID 7980 because there are no executed function
                                                                                                                        • Execution Graph export aborted for target SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe, PID 7548 because there are no executed function
                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                        No simulations
                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                        140.82.121.5https://u1.tightlyreporter.shop/sosalkino.movGet hashmaliciousUnknownBrowse
                                                                                                                          http://kytelink.comGet hashmaliciousUnknownBrowse
                                                                                                                            https://github.com/Tautulli/Tautulli/releases/download/v2.15.1/Tautulli-windows-v2.15.1-x64.exeGet hashmaliciousUnknownBrowse
                                                                                                                              https://github.com/Berusol/Solara-V3/releases/tag/SetupGet hashmaliciousPureLog StealerBrowse
                                                                                                                                http://get-official-verified-badge-form-one.vercel.app/Get hashmaliciousUnknownBrowse
                                                                                                                                  SecuriteInfo.com.FileRepMalware.7131.28226.exeGet hashmaliciousUnknownBrowse
                                                                                                                                    SecuriteInfo.com.Gen.Variant.Lazy.564550.16803.23255.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      na.elfGet hashmaliciousDeadBoltBrowse
                                                                                                                                        https://vinitk1509.github.io/NETFLIXGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                          api.github.comhttps://u1.tightlyreporter.shop/sosalkino.movGet hashmaliciousUnknownBrowse
                                                                                                                                          • 140.82.121.6
                                                                                                                                          https://u1.tightlyreporter.shop/sosalkino.movGet hashmaliciousUnknownBrowse
                                                                                                                                          • 140.82.121.5
                                                                                                                                          http://kytelink.comGet hashmaliciousUnknownBrowse
                                                                                                                                          • 140.82.121.5
                                                                                                                                          https://github.com/Tautulli/Tautulli/releases/download/v2.15.1/Tautulli-windows-v2.15.1-x64.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 140.82.121.6
                                                                                                                                          GUI.for.SingBox.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 140.82.121.6
                                                                                                                                          rclone.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 140.82.121.6
                                                                                                                                          https://github.com/Berusol/Solara-V3/releases/tag/SetupGet hashmaliciousPureLog StealerBrowse
                                                                                                                                          • 140.82.121.5
                                                                                                                                          http://get-official-verified-badge-form-one.vercel.app/Get hashmaliciousUnknownBrowse
                                                                                                                                          • 140.82.121.5
                                                                                                                                          asB3nE8eVsGet hashmaliciousUnknownBrowse
                                                                                                                                          • 140.82.121.6
                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                          GITHUBUScombined.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 140.82.121.4
                                                                                                                                          https://live.dot.vu/p/dholcomb/landing-page-trends-report/Get hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                          • 140.82.121.3
                                                                                                                                          guard.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 140.82.121.4
                                                                                                                                          http://debbierhoades.gamerealm24.com/Get hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                          • 140.82.121.3
                                                                                                                                          https://hod.guedaib.ru/oh9Iwk/Get hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                          • 140.82.121.4
                                                                                                                                          https://e4.axshddjc.ru/4k46sET/Get hashmaliciousHTMLPhisher, Invisible JSBrowse
                                                                                                                                          • 140.82.116.4
                                                                                                                                          https://e4.axshddjc.ru/4k46sET/Get hashmaliciousHTMLPhisher, Invisible JSBrowse
                                                                                                                                          • 140.82.116.4
                                                                                                                                          OPwuNqXuHv.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 140.82.121.3
                                                                                                                                          yjYJ8QncaF.exeGet hashmaliciousFallen Miner, XmrigBrowse
                                                                                                                                          • 140.82.121.4
                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                          74954a0c86284d0d6e1c4efefe92b5211.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 140.82.121.5
                                                                                                                                          Dropper.exeGet hashmaliciousAsyncRAT, Trap Stealer, XWormBrowse
                                                                                                                                          • 140.82.121.5
                                                                                                                                          setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 140.82.121.5
                                                                                                                                          ggetokken.batGet hashmaliciousUnknownBrowse
                                                                                                                                          • 140.82.121.5
                                                                                                                                          hGlhyegaG6.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 140.82.121.5
                                                                                                                                          1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 140.82.121.5
                                                                                                                                          setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                          • 140.82.121.5
                                                                                                                                          5bf784.msiGet hashmaliciousUnknownBrowse
                                                                                                                                          • 140.82.121.5
                                                                                                                                          34.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 140.82.121.5
                                                                                                                                          37f463bf4616ecd445d4a1937da06e19Magic_V_pro_setup_stable_latest_release_version_9_709.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                          • 140.82.121.5
                                                                                                                                          Magic_V_pro_setup_stable_latest_release_version_9_709.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                          • 140.82.121.5
                                                                                                                                          1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 140.82.121.5
                                                                                                                                          1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 140.82.121.5
                                                                                                                                          BWllpq4Tel.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                          • 140.82.121.5
                                                                                                                                          uK5pfobYyD.exeGet hashmaliciousDarkCloudBrowse
                                                                                                                                          • 140.82.121.5
                                                                                                                                          MNLS4PjscF.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                          • 140.82.121.5
                                                                                                                                          MNLS4PjscF.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                          • 140.82.121.5
                                                                                                                                          OW1i3n5K3s.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                          • 140.82.121.5
                                                                                                                                          No context
                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe
                                                                                                                                          File Type:JSON data
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):3763
                                                                                                                                          Entropy (8bit):5.136570058070298
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:96:ouCAmQbHOt9LZ6CDC2JgOT4cvKQbHOt9LZ6CDC2Hi1O1Jn:0BVncBHR
                                                                                                                                          MD5:1C86807B89E53B1FFFF7DA6AAFB7E038
                                                                                                                                          SHA1:FDCE1540F3AA4187B6F5C9DB8AA441DB193A7865
                                                                                                                                          SHA-256:570A3ECA33EC97AEF9BEDC2378265F09A711E1F02E3A2D55DFF2163183D411FD
                                                                                                                                          SHA-512:A4F9B7E2349CE024B9B8C13DD96FBC355A6EDEBA6FC536AF15F01A8C0E6BF29D98C92DE511818D8AACED1D843D139D44040513A049F11A4151FFA84C7162A16F
                                                                                                                                          Malicious:false
                                                                                                                                          Reputation:low
                                                                                                                                          Preview:{"url":"https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/203206778","assets_url":"https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/203206778/assets","upload_url":"https://uploads.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/203206778/assets{?name,label}","html_url":"https://github.com/fangdreth/MBAACC-Extended-Training-Mode/releases/tag/bleeding-edge","id":203206778,"author":{"login":"github-actions[bot]","id":41898282,"node_id":"MDM6Qm90NDE4OTgyODI=","avatar_url":"https://avatars.githubusercontent.com/in/15368?v=4","gravatar_id":"","url":"https://api.github.com/users/github-actions%5Bbot%5D","html_url":"https://github.com/apps/github-actions","followers_url":"https://api.github.com/users/github-actions%5Bbot%5D/followers","following_url":"https://api.github.com/users/github-actions%5Bbot%5D/following{/other_user}","gists_url":"https://api.github.com/users/github-actions%5Bbot%5D/gists{/gist_id}","starred_ur
                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\Extended-Training-Mode.exe
                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):11091968
                                                                                                                                          Entropy (8bit):1.345063879261154
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:49152:HiQk777QK94lyaUG+S0R/xYnYAAaz5qQ+ch4A8VN:Hi5TCxZIZ0YAACE
                                                                                                                                          MD5:87F34FE4C1A4EA48EE3885D1AD0506EE
                                                                                                                                          SHA1:8A4F49E8DDABF3A13EC61B96570A0427664FC247
                                                                                                                                          SHA-256:7F38C81F9B5CD86AD0DD1F12389E12120FDC62B9233AC8D8B6280C041265BAE0
                                                                                                                                          SHA-512:2E898E4B4C71853A9A6F01846BE8FEA96F2312B1D2644CE6D9B7F842F1BF54A26BFD099A6709D93C1B0CEFEAD02DA11058C84FB5603ABB550A29AE4E401B306D
                                                                                                                                          Malicious:false
                                                                                                                                          Antivirus:
                                                                                                                                          • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                          Reputation:low
                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,..nh.p=h.p=h.p=a..=|.p=...=j.p=y.s<x.p=y.t<b.p=...=i.p=y.u<u.p=y.q<l.p=..q<e.p=h.q=s.p=..s<i.p=..y<e.p=...=i.p=h..=i.p=..r<i.p=Richh.p=................PE..L......g...........!...+.j...v.......*....................................................@..................................q..|........p..............................p...........................@...@...............X............................text....i.......j.................. ..`.rdata...............n..............@..@.data................|..............@..._RDATA...&...P...(..................@..@.rsrc....p.......r..................@..@.reloc...............2..............@..B........................................................................................................................................................................................................................................
                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe
                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):104
                                                                                                                                          Entropy (8bit):4.580003595441615
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:3:RMkArWgzAfu2lGOvGKROUu2lHtQmGJePZFUEEZa:RwrFAm2lGR2lHytSZFUEEA
                                                                                                                                          MD5:E3EED6966DCA3628B6F2CDC30E526597
                                                                                                                                          SHA1:85B4EF9867BF5C6D3B34816C69A01BBE2911D75C
                                                                                                                                          SHA-256:DE2BDE8A02FA3B1643724B80E8329BEBAD9705E7FE43AAB38975B2E59D2D464E
                                                                                                                                          SHA-512:497CABCC3F57D12EB0164CEA3B88BD3471F780E517959E16F6225B20D355EF202AF35D4741B798B5FDCC72EB3B33E3084B3737A1A5581B684D9C7031C8AE3E04
                                                                                                                                          Malicious:false
                                                                                                                                          Reputation:low
                                                                                                                                          Preview:log inited..release time: 1740918034..compile time: 1740918029..no update needed..exiting gracefully....
                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe
                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):12521984
                                                                                                                                          Entropy (8bit):1.809668192566949
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:49152:2haWdI61MiQk777QK94lyaUG+S0R/xYnYAAaz5qQ+ch4A8VNWdl:20WdI3i5TCxZIZ0YAACE
                                                                                                                                          MD5:D1B0632E0B415DADA059CD8917FF9096
                                                                                                                                          SHA1:138671DD6E05F6FEEED840449050687A393B66CB
                                                                                                                                          SHA-256:7FB1A410AA73AD6B9E761BD3AD2910ABFF6D0FF3596DB412BFDDF09184F0C226
                                                                                                                                          SHA-512:AD88229E70E2830E23D6F15F4592A8EE1F0A86C02872B0DAB24A692F9DB1D847E4CCC2280076CB4CD5C6F97ECA71F3FCDC9A0B44612859369B8B742B0E804B12
                                                                                                                                          Malicious:true
                                                                                                                                          Antivirus:
                                                                                                                                          • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........B.`z..`z..`z......`z...y..`z...~..`z......`z......`z...{..`z...{..`z..`{..az...s..`z.....`z..`...`z...x..`z.Rich.`z.........PE..L......g...............+............?.............@.......................................@.....................................|.......0B...................P..d...._..p...........................0_..@...............p............................text............................... ..`.rdata...&.......(..................@..@.data............P..................@....rsrc...0B.......D...<..............@..@.reloc..d....P......................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\Extended-Training-Mode.exe
                                                                                                                                          File Type:ASCII text, with CRLF line terminators, with escape sequences
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):748609
                                                                                                                                          Entropy (8bit):3.499873853748294
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:1536:8mmmmammmmmmmjmmmmmmmm8mmmmmmmm0mmmmmmmJmmmmmmOmmmmmmmSmmmmmmmzH:n
                                                                                                                                          MD5:E87722538AB06182BD31B83C9EF68848
                                                                                                                                          SHA1:C6BCB13F85C3ECE0A52A05AA3590BE1736EF45CE
                                                                                                                                          SHA-256:5C4B5B5DB4B6A344E59A837190870E678508F450832E746CA7D7AB731F957856
                                                                                                                                          SHA-512:8DEA85B934347046F51C00B471C820E82394C2247067C2D17D2D596C849771DE07DBC6DA07AAF56FA524BF423E3AE9D487369E8D0421D6D63C269427637146A1
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:.]0;Extended Training v2.1.===========================================================================.[K..| Fang, gonp, and meepster99(Inana)'s Extended Training Mode Mod v2.1 |.[K..| |.[K..| https://github.com/fangdreth/MBAACC-Extended-Training-Mode/releases |.[K..| |.[K..===========================================================================.[K...[KLooking for MBAA.exe... .[K.[J===========================================================================.[K..| Fang, gonp, and meepster99(Inana)'s Extended Training Mode Mod v2.1 |.[K..| |.[K..| https://github.com/fangdreth/MBAACC-Extended-Training-Mode/releases |.[K..| |.[K..========================================================
                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                          Entropy (8bit):1.8533786120072568
                                                                                                                                          TrID:
                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                          File name:SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe
                                                                                                                                          File size:12'606'976 bytes
                                                                                                                                          MD5:4864dd1c69d3fa10d608c2483be1219a
                                                                                                                                          SHA1:7cf739e0812972172cb321335aeb33cc527f08aa
                                                                                                                                          SHA256:a56fc16a195fe09b8a210ce413f2519b52a13acc3709ce1528e616da0037506f
                                                                                                                                          SHA512:f8710bdfa0a31a9958d957281d09c95a0af2238bb032ae19c506be1383a571544b92203d743eedb26162e6a988ff23d3972d6ad3b571fca18f0a2c85cb97cb53
                                                                                                                                          SSDEEP:49152:ibahaWdI61MiQk777QK94lyaUG+S0R/xYnYAAaz5qQ+ch4A8VNWdl:30WdI3i5TCxZIZ0YAACE
                                                                                                                                          TLSH:0BC65BD17302C4B6E18997F9F51DFBEA4228343A57E08CD3BAC1DF626A112CA5675F02
                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}..'9.it9.it9.it0..t7.it(.ju;.it(.mu5.it(.lu".it(.hu=.itM.hu<.it9.ht..it..`u;.it...t8.it9..t8.it..ku8.itRich9.it........PE..L..
                                                                                                                                          Icon Hash:90cececece8e8eb0
                                                                                                                                          Entrypoint:0x40cb72
                                                                                                                                          Entrypoint Section:.text
                                                                                                                                          Digitally signed:false
                                                                                                                                          Imagebase:0x400000
                                                                                                                                          Subsystem:windows gui
                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                          Time Stamp:0x67C406C0 [Sun Mar 2 07:20:32 2025 UTC]
                                                                                                                                          TLS Callbacks:
                                                                                                                                          CLR (.Net) Version:
                                                                                                                                          OS Version Major:6
                                                                                                                                          OS Version Minor:0
                                                                                                                                          File Version Major:6
                                                                                                                                          File Version Minor:0
                                                                                                                                          Subsystem Version Major:6
                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                          Import Hash:fec1b6a1f14ba582cb850c0df25a9440
                                                                                                                                          Instruction
                                                                                                                                          call 00007F9801223A2Eh
                                                                                                                                          jmp 00007F980122329Fh
                                                                                                                                          push ebp
                                                                                                                                          mov ebp, esp
                                                                                                                                          and dword ptr [004158C0h], 00000000h
                                                                                                                                          sub esp, 28h
                                                                                                                                          or dword ptr [00415008h], 01h
                                                                                                                                          push 0000000Ah
                                                                                                                                          call dword ptr [0040E03Ch]
                                                                                                                                          test eax, eax
                                                                                                                                          je 00007F980122372Bh
                                                                                                                                          push ebx
                                                                                                                                          push esi
                                                                                                                                          push edi
                                                                                                                                          xor eax, eax
                                                                                                                                          lea edi, dword ptr [ebp-28h]
                                                                                                                                          xor ecx, ecx
                                                                                                                                          push ebx
                                                                                                                                          cpuid
                                                                                                                                          mov esi, ebx
                                                                                                                                          pop ebx
                                                                                                                                          nop
                                                                                                                                          mov dword ptr [edi], eax
                                                                                                                                          mov dword ptr [edi+04h], esi
                                                                                                                                          mov dword ptr [edi+08h], ecx
                                                                                                                                          xor ecx, ecx
                                                                                                                                          mov dword ptr [edi+0Ch], edx
                                                                                                                                          mov eax, dword ptr [ebp-28h]
                                                                                                                                          mov edi, dword ptr [ebp-24h]
                                                                                                                                          mov dword ptr [ebp-04h], eax
                                                                                                                                          xor edi, 756E6547h
                                                                                                                                          mov eax, dword ptr [ebp-1Ch]
                                                                                                                                          xor eax, 49656E69h
                                                                                                                                          mov dword ptr [ebp-18h], eax
                                                                                                                                          mov eax, dword ptr [ebp-20h]
                                                                                                                                          xor eax, 6C65746Eh
                                                                                                                                          mov dword ptr [ebp-14h], eax
                                                                                                                                          xor eax, eax
                                                                                                                                          inc eax
                                                                                                                                          push ebx
                                                                                                                                          cpuid
                                                                                                                                          mov esi, ebx
                                                                                                                                          pop ebx
                                                                                                                                          nop
                                                                                                                                          lea ebx, dword ptr [ebp-28h]
                                                                                                                                          mov dword ptr [ebx], eax
                                                                                                                                          mov eax, dword ptr [ebp-18h]
                                                                                                                                          or eax, dword ptr [ebp-14h]
                                                                                                                                          or eax, edi
                                                                                                                                          mov dword ptr [ebx+04h], esi
                                                                                                                                          mov dword ptr [ebx+08h], ecx
                                                                                                                                          mov dword ptr [ebx+0Ch], edx
                                                                                                                                          jne 00007F980122345Bh
                                                                                                                                          mov eax, dword ptr [ebp-28h]
                                                                                                                                          and eax, 0FFF3FF0h
                                                                                                                                          cmp eax, 000106C0h
                                                                                                                                          je 00007F9801223445h
                                                                                                                                          cmp eax, 00020660h
                                                                                                                                          je 00007F980122343Eh
                                                                                                                                          cmp eax, 00020670h
                                                                                                                                          je 00007F9801223437h
                                                                                                                                          cmp eax, 00030650h
                                                                                                                                          je 00007F9801223430h
                                                                                                                                          cmp eax, 00030660h
                                                                                                                                          je 00007F9801223429h
                                                                                                                                          cmp eax, 00030670h
                                                                                                                                          jne 00007F9801223429h
                                                                                                                                          or dword ptr [000000C4h], 00000000h
                                                                                                                                          Programming Language:
                                                                                                                                          • [IMP] VS2008 SP1 build 30729
                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x1288c0xf0.rdata
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x160000xbf1430.rsrc
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xc080000xaf4.reloc
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x112d80x70.rdata
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x112180x40.rdata
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0xe0000x280.rdata
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                          .text0x10000xcf470xd000927b54b3fc83b0a3611a25212c36d31fFalse0.5348745492788461data6.5122549354551245IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                          .rdata0xe0000x61340x62009c635844891549b437249de0ddc4c09cFalse0.27841996173469385data5.351173852622964IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                          .data0x150000x9380x600c29096c00a15f63102686cdf80492068False0.24153645833333334data4.085658188114203IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                          .rsrc0x160000xbf14300xbf1600db4567eb8230c465347c2868bdfb7998unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                          .reloc0xc080000xaf40xc00175bafe0b41ac8c3621ad94b453f6a95False0.76953125data6.27701941807933IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                          EXE0x160b00xbf1200PE32 executable (console) Intel 80386, for MS WindowsEnglishUnited States0.29232120513916016
                                                                                                                                          RT_MANIFEST0xc072b00x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727
                                                                                                                                          DLLImport
                                                                                                                                          KERNEL32.dllSizeofResource, OutputDebugStringA, GetModuleFileNameW, GetTempPathW, GetLastError, LockResource, DeleteFileW, LoadResource, FindResourceW, CreateProcessW, GetModuleHandleW, MoveFileW, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, UnhandledExceptionFilter
                                                                                                                                          MSVCP140.dll?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z, ?id@?$ctype@D@std@@2V0locale@2@A, ?_Xlength_error@std@@YAXPBD@Z, ?id@?$collate@D@std@@2V0locale@2@A, _Strcoll, ?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z, ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z, ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z, ?get@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QBE?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AAVios_base@2@AAHPAUtm@@PBD4@Z, ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ, ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z, ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z, ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ, ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ, ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z, ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z, ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ, ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ, ?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z, ?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z, ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z, ?id@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A, ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z, ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ, ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z, ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ, ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ, ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ, ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ, ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ, ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z, ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z, ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z, ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ, ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z, ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ, ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ, ?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z, ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ, ?getloc@ios_base@std@@QBE?AVlocale@2@XZ, ?good@ios_base@std@@QBE_NXZ, ??Bios_base@std@@QBE_NXZ, ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z, ?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z, ?tolower@?$ctype@D@std@@QBEDD@Z, ?always_noconv@codecvt_base@std@@QBE_NXZ, ??1facet@locale@std@@MAE@XZ, ??0facet@locale@std@@IAE@I@Z, ?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ, ?_Incref@facet@locale@std@@UAEXXZ, ?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ, ??1_Locinfo@std@@QAE@XZ, ??0_Locinfo@std@@QAE@PBD@Z, ?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z, ?_Xout_of_range@std@@YAXPBD@Z, ?_Id_cnt@id@locale@std@@0HA, ?_Xbad_alloc@std@@YAXXZ, ?uncaught_exception@std@@YA_NXZ, ?_Init@locale@std@@CAPAV_Locimp@12@_N@Z, ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ, ??0_Lockit@std@@QAE@H@Z, ??1_Lockit@std@@QAE@XZ, _Strxfrm, ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
                                                                                                                                          WININET.dllInternetCloseHandle, InternetReadFile, InternetOpenW, InternetOpenUrlW
                                                                                                                                          VCRUNTIME140.dll_CxxThrowException, __current_exception, __current_exception_context, _except_handler4_common, memset, memcpy, __CxxFrameHandler3, __std_exception_destroy, __std_exception_copy, __std_terminate, strchr, memmove
                                                                                                                                          api-ms-win-crt-stdio-l1-1-0.dll_set_fmode, fwrite, __stdio_common_vsprintf, __stdio_common_vfprintf, __p__commode, _get_stream_buffer_pointers, _fseeki64, fread, fclose, fflush, __acrt_iob_func, fsetpos, fputc, ungetc, setvbuf, fgetpos, fgetc
                                                                                                                                          api-ms-win-crt-heap-l1-1-0.dllrealloc, _callnewh, free, _set_new_mode, malloc
                                                                                                                                          api-ms-win-crt-time-l1-1-0.dll_mktime64
                                                                                                                                          api-ms-win-crt-filesystem-l1-1-0.dll_unlock_file, _lock_file
                                                                                                                                          api-ms-win-crt-runtime-l1-1-0.dll_configure_narrow_argv, _initialize_narrow_environment, _get_narrow_winmain_command_line, _set_app_type, _seh_filter_exe, exit, _exit, _invalid_parameter_noinfo_noreturn, _cexit, _c_exit, _register_thread_local_exe_atexit_callback, _initterm, _initterm_e, terminate, _initialize_onexit_table, _register_onexit_function, _crt_atexit, _controlfp_s
                                                                                                                                          api-ms-win-crt-math-l1-1-0.dll__setusermatherr
                                                                                                                                          api-ms-win-crt-locale-l1-1-0.dll_configthreadlocale
                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                          EnglishUnited States

                                                                                                                                          Download Network PCAP: filteredfull

                                                                                                                                          • Total Packets: 30
                                                                                                                                          • 443 (HTTPS)
                                                                                                                                          • 53 (DNS)
                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                          Mar 8, 2025 11:28:45.537193060 CET49715443192.168.2.4140.82.121.5
                                                                                                                                          Mar 8, 2025 11:28:45.537251949 CET44349715140.82.121.5192.168.2.4
                                                                                                                                          Mar 8, 2025 11:28:45.537379980 CET49715443192.168.2.4140.82.121.5
                                                                                                                                          Mar 8, 2025 11:28:45.552481890 CET49715443192.168.2.4140.82.121.5
                                                                                                                                          Mar 8, 2025 11:28:45.552500963 CET44349715140.82.121.5192.168.2.4
                                                                                                                                          Mar 8, 2025 11:28:47.593972921 CET44349715140.82.121.5192.168.2.4
                                                                                                                                          Mar 8, 2025 11:28:47.594134092 CET49715443192.168.2.4140.82.121.5
                                                                                                                                          Mar 8, 2025 11:28:47.654829025 CET49715443192.168.2.4140.82.121.5
                                                                                                                                          Mar 8, 2025 11:28:47.654861927 CET44349715140.82.121.5192.168.2.4
                                                                                                                                          Mar 8, 2025 11:28:47.655941963 CET44349715140.82.121.5192.168.2.4
                                                                                                                                          Mar 8, 2025 11:28:47.656097889 CET49715443192.168.2.4140.82.121.5
                                                                                                                                          Mar 8, 2025 11:28:47.660037994 CET49715443192.168.2.4140.82.121.5
                                                                                                                                          Mar 8, 2025 11:28:47.700438023 CET44349715140.82.121.5192.168.2.4
                                                                                                                                          Mar 8, 2025 11:28:48.358340025 CET44349715140.82.121.5192.168.2.4
                                                                                                                                          Mar 8, 2025 11:28:48.358587027 CET49715443192.168.2.4140.82.121.5
                                                                                                                                          Mar 8, 2025 11:28:48.358603001 CET44349715140.82.121.5192.168.2.4
                                                                                                                                          Mar 8, 2025 11:28:48.358648062 CET49715443192.168.2.4140.82.121.5
                                                                                                                                          Mar 8, 2025 11:28:48.377917051 CET44349715140.82.121.5192.168.2.4
                                                                                                                                          Mar 8, 2025 11:28:48.378027916 CET49715443192.168.2.4140.82.121.5
                                                                                                                                          Mar 8, 2025 11:28:48.378076077 CET44349715140.82.121.5192.168.2.4
                                                                                                                                          Mar 8, 2025 11:28:48.378118038 CET49715443192.168.2.4140.82.121.5
                                                                                                                                          Mar 8, 2025 11:28:48.378190994 CET44349715140.82.121.5192.168.2.4
                                                                                                                                          Mar 8, 2025 11:28:48.378262043 CET49715443192.168.2.4140.82.121.5
                                                                                                                                          Mar 8, 2025 11:28:48.378269911 CET44349715140.82.121.5192.168.2.4
                                                                                                                                          Mar 8, 2025 11:28:48.378307104 CET49715443192.168.2.4140.82.121.5
                                                                                                                                          Mar 8, 2025 11:28:48.378323078 CET44349715140.82.121.5192.168.2.4
                                                                                                                                          Mar 8, 2025 11:28:48.378326893 CET49715443192.168.2.4140.82.121.5
                                                                                                                                          Mar 8, 2025 11:28:48.378349066 CET44349715140.82.121.5192.168.2.4
                                                                                                                                          Mar 8, 2025 11:28:48.378355026 CET49715443192.168.2.4140.82.121.5
                                                                                                                                          Mar 8, 2025 11:28:48.378385067 CET49715443192.168.2.4140.82.121.5
                                                                                                                                          Mar 8, 2025 11:28:48.378408909 CET49715443192.168.2.4140.82.121.5
                                                                                                                                          Mar 8, 2025 11:28:49.464601040 CET49719443192.168.2.4140.82.121.5
                                                                                                                                          Mar 8, 2025 11:28:49.464638948 CET44349719140.82.121.5192.168.2.4
                                                                                                                                          Mar 8, 2025 11:28:49.465010881 CET49719443192.168.2.4140.82.121.5
                                                                                                                                          Mar 8, 2025 11:28:49.473433971 CET49719443192.168.2.4140.82.121.5
                                                                                                                                          Mar 8, 2025 11:28:49.473454952 CET44349719140.82.121.5192.168.2.4
                                                                                                                                          Mar 8, 2025 11:28:51.423677921 CET44349719140.82.121.5192.168.2.4
                                                                                                                                          Mar 8, 2025 11:28:51.423772097 CET49719443192.168.2.4140.82.121.5
                                                                                                                                          Mar 8, 2025 11:28:51.425441980 CET49719443192.168.2.4140.82.121.5
                                                                                                                                          Mar 8, 2025 11:28:51.425456047 CET44349719140.82.121.5192.168.2.4
                                                                                                                                          Mar 8, 2025 11:28:51.426323891 CET44349719140.82.121.5192.168.2.4
                                                                                                                                          Mar 8, 2025 11:28:51.429794073 CET49719443192.168.2.4140.82.121.5
                                                                                                                                          Mar 8, 2025 11:28:51.472332001 CET44349719140.82.121.5192.168.2.4
                                                                                                                                          Mar 8, 2025 11:28:52.156394005 CET44349719140.82.121.5192.168.2.4
                                                                                                                                          Mar 8, 2025 11:28:52.169991016 CET44349719140.82.121.5192.168.2.4
                                                                                                                                          Mar 8, 2025 11:28:52.170049906 CET44349719140.82.121.5192.168.2.4
                                                                                                                                          Mar 8, 2025 11:28:52.170067072 CET49719443192.168.2.4140.82.121.5
                                                                                                                                          Mar 8, 2025 11:28:52.170089006 CET44349719140.82.121.5192.168.2.4
                                                                                                                                          Mar 8, 2025 11:28:52.170130968 CET49719443192.168.2.4140.82.121.5
                                                                                                                                          Mar 8, 2025 11:28:52.170140028 CET44349719140.82.121.5192.168.2.4
                                                                                                                                          Mar 8, 2025 11:28:52.173880100 CET44349719140.82.121.5192.168.2.4
                                                                                                                                          Mar 8, 2025 11:28:52.173953056 CET49719443192.168.2.4140.82.121.5
                                                                                                                                          Mar 8, 2025 11:28:52.173962116 CET44349719140.82.121.5192.168.2.4
                                                                                                                                          Mar 8, 2025 11:28:52.180516958 CET44349719140.82.121.5192.168.2.4
                                                                                                                                          Mar 8, 2025 11:28:52.180608988 CET49719443192.168.2.4140.82.121.5
                                                                                                                                          Mar 8, 2025 11:28:52.180617094 CET44349719140.82.121.5192.168.2.4
                                                                                                                                          Mar 8, 2025 11:28:52.180638075 CET44349719140.82.121.5192.168.2.4
                                                                                                                                          Mar 8, 2025 11:28:52.180706024 CET49719443192.168.2.4140.82.121.5
                                                                                                                                          Mar 8, 2025 11:28:52.208219051 CET49719443192.168.2.4140.82.121.5
                                                                                                                                          Mar 8, 2025 11:28:52.208246946 CET44349719140.82.121.5192.168.2.4
                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                          Mar 8, 2025 11:28:45.487421989 CET6354253192.168.2.41.1.1.1
                                                                                                                                          Mar 8, 2025 11:28:45.495441914 CET53635421.1.1.1192.168.2.4
                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                          Mar 8, 2025 11:28:45.487421989 CET192.168.2.41.1.1.10x3a70Standard query (0)api.github.comA (IP address)IN (0x0001)false
                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                          Mar 8, 2025 11:28:45.495441914 CET1.1.1.1192.168.2.40x3a70No error (0)api.github.com140.82.121.5A (IP address)IN (0x0001)false
                                                                                                                                          • api.github.com
                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          0192.168.2.449715140.82.121.54437548C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-03-08 10:28:47 UTC161OUTGET /repos/fangdreth/MBAACC-Extended-Training-Mode/releases/tags/bleeding-edge HTTP/1.1
                                                                                                                                          User-Agent: GitHubAPI
                                                                                                                                          Host: api.github.com
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2025-03-08 10:28:48 UTC1308INHTTP/1.1 200 OK
                                                                                                                                          Date: Sat, 08 Mar 2025 10:28:48 GMT
                                                                                                                                          Content-Type: application/json; charset=utf-8
                                                                                                                                          Cache-Control: public, max-age=60, s-maxage=60
                                                                                                                                          Vary: Accept,Accept-Encoding, Accept, X-Requested-With
                                                                                                                                          ETag: W/"570a3eca33ec97aef9bedc2378265f09a711e1f02e3a2d55dff2163183d411fd"
                                                                                                                                          Last-Modified: Sun, 02 Mar 2025 07:20:35 GMT
                                                                                                                                          X-GitHub-Media-Type: github.v3; format=json
                                                                                                                                          x-github-api-version-selected: 2022-11-28
                                                                                                                                          Access-Control-Expose-Headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
                                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                                          Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                                                                          X-Frame-Options: deny
                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                          Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
                                                                                                                                          Content-Security-Policy: default-src 'none'
                                                                                                                                          Server: github.com
                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                          X-RateLimit-Limit: 60
                                                                                                                                          X-RateLimit-Remaining: 57
                                                                                                                                          X-RateLimit-Reset: 1741432772
                                                                                                                                          X-RateLimit-Resource: core
                                                                                                                                          X-RateLimit-Used: 3
                                                                                                                                          Content-Length: 3763
                                                                                                                                          X-GitHub-Request-Id: B6EC:2904DB:7F8983E:8378F9B:67CC1BDF
                                                                                                                                          connection: close
                                                                                                                                          2025-03-08 10:28:48 UTC62INData Raw: 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 72 65 70 6f 73 2f 66 61 6e 67 64 72 65 74 68 2f 4d 42 41 41 43 43 2d 45 78 74 65 6e 64 65 64
                                                                                                                                          Data Ascii: {"url":"https://api.github.com/repos/fangdreth/MBAACC-Extended
                                                                                                                                          2025-03-08 10:28:48 UTC1370INData Raw: 2d 54 72 61 69 6e 69 6e 67 2d 4d 6f 64 65 2f 72 65 6c 65 61 73 65 73 2f 32 30 33 32 30 36 37 37 38 22 2c 22 61 73 73 65 74 73 5f 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 72 65 70 6f 73 2f 66 61 6e 67 64 72 65 74 68 2f 4d 42 41 41 43 43 2d 45 78 74 65 6e 64 65 64 2d 54 72 61 69 6e 69 6e 67 2d 4d 6f 64 65 2f 72 65 6c 65 61 73 65 73 2f 32 30 33 32 30 36 37 37 38 2f 61 73 73 65 74 73 22 2c 22 75 70 6c 6f 61 64 5f 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 72 65 70 6f 73 2f 66 61 6e 67 64 72 65 74 68 2f 4d 42 41 41 43 43 2d 45 78 74 65 6e 64 65 64 2d 54 72 61 69 6e 69 6e 67 2d 4d 6f 64 65 2f 72 65 6c 65 61 73 65 73 2f 32 30 33 32 30 36 37 37 38 2f 61 73 73 65
                                                                                                                                          Data Ascii: -Training-Mode/releases/203206778","assets_url":"https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/203206778/assets","upload_url":"https://uploads.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/203206778/asse
                                                                                                                                          2025-03-08 10:28:48 UTC1370INData Raw: 74 74 70 73 3a 2f 2f 61 70 69 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 75 73 65 72 73 2f 67 69 74 68 75 62 2d 61 63 74 69 6f 6e 73 25 35 42 62 6f 74 25 35 44 2f 72 65 63 65 69 76 65 64 5f 65 76 65 6e 74 73 22 2c 22 74 79 70 65 22 3a 22 42 6f 74 22 2c 22 75 73 65 72 5f 76 69 65 77 5f 74 79 70 65 22 3a 22 70 75 62 6c 69 63 22 2c 22 73 69 74 65 5f 61 64 6d 69 6e 22 3a 66 61 6c 73 65 7d 2c 22 6e 6f 64 65 5f 69 64 22 3a 22 52 45 5f 6b 77 44 4f 4c 75 46 33 56 63 34 4d 48 4c 42 36 22 2c 22 74 61 67 5f 6e 61 6d 65 22 3a 22 62 6c 65 65 64 69 6e 67 2d 65 64 67 65 22 2c 22 74 61 72 67 65 74 5f 63 6f 6d 6d 69 74 69 73 68 22 3a 22 6d 61 69 6e 22 2c 22 6e 61 6d 65 22 3a 22 42 6c 65 65 64 69 6e 67 20 45 64 67 65 22 2c 22 64 72 61 66 74 22 3a 66 61 6c 73 65 2c 22 70 72 65 72
                                                                                                                                          Data Ascii: ttps://api.github.com/users/github-actions%5Bbot%5D/received_events","type":"Bot","user_view_type":"public","site_admin":false},"node_id":"RE_kwDOLuF3Vc4MHLB6","tag_name":"bleeding-edge","target_commitish":"main","name":"Bleeding Edge","draft":false,"prer
                                                                                                                                          2025-03-08 10:28:48 UTC961INData Raw: 22 72 65 70 6f 73 5f 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 75 73 65 72 73 2f 67 69 74 68 75 62 2d 61 63 74 69 6f 6e 73 25 35 42 62 6f 74 25 35 44 2f 72 65 70 6f 73 22 2c 22 65 76 65 6e 74 73 5f 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 75 73 65 72 73 2f 67 69 74 68 75 62 2d 61 63 74 69 6f 6e 73 25 35 42 62 6f 74 25 35 44 2f 65 76 65 6e 74 73 7b 2f 70 72 69 76 61 63 79 7d 22 2c 22 72 65 63 65 69 76 65 64 5f 65 76 65 6e 74 73 5f 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 75 73 65 72 73 2f 67 69 74 68 75 62 2d 61 63 74 69 6f 6e 73 25 35 42 62 6f 74 25 35 44 2f 72 65 63 65 69 76 65 64 5f 65 76 65 6e 74 73 22 2c 22 74 79 70
                                                                                                                                          Data Ascii: "repos_url":"https://api.github.com/users/github-actions%5Bbot%5D/repos","events_url":"https://api.github.com/users/github-actions%5Bbot%5D/events{/privacy}","received_events_url":"https://api.github.com/users/github-actions%5Bbot%5D/received_events","typ


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          1192.168.2.449719140.82.121.54438056C:\Windows\SysWOW64\curl.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-03-08 10:28:51 UTC139OUTGET /repos/fangdreth/MBAACC-Extended-Training-Mode/releases/latest HTTP/1.1
                                                                                                                                          Host: api.github.com
                                                                                                                                          User-Agent: curl/7.83.1
                                                                                                                                          Accept: */*
                                                                                                                                          2025-03-08 10:28:52 UTC1308INHTTP/1.1 200 OK
                                                                                                                                          Date: Sat, 08 Mar 2025 10:28:51 GMT
                                                                                                                                          Content-Type: application/json; charset=utf-8
                                                                                                                                          Cache-Control: public, max-age=60, s-maxage=60
                                                                                                                                          Vary: Accept,Accept-Encoding, Accept, X-Requested-With
                                                                                                                                          ETag: W/"f45619b92d3471966920c43de4f9d09cecf5dc3b126dc145ab7ef1aa6c8c9aab"
                                                                                                                                          Last-Modified: Sat, 05 Oct 2024 19:18:19 GMT
                                                                                                                                          X-GitHub-Media-Type: github.v3; format=json
                                                                                                                                          x-github-api-version-selected: 2022-11-28
                                                                                                                                          Access-Control-Expose-Headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
                                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                                          Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                                                                          X-Frame-Options: deny
                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                          Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
                                                                                                                                          Content-Security-Policy: default-src 'none'
                                                                                                                                          Server: github.com
                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                          X-RateLimit-Limit: 60
                                                                                                                                          X-RateLimit-Remaining: 56
                                                                                                                                          X-RateLimit-Reset: 1741432772
                                                                                                                                          X-RateLimit-Resource: core
                                                                                                                                          X-RateLimit-Used: 4
                                                                                                                                          Content-Length: 9473
                                                                                                                                          X-GitHub-Request-Id: B6F4:1C8C98:7469228:7858406:67CC1BE3
                                                                                                                                          connection: close
                                                                                                                                          2025-03-08 10:28:52 UTC62INData Raw: 7b 0a 20 20 22 75 72 6c 22 3a 20 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 72 65 70 6f 73 2f 66 61 6e 67 64 72 65 74 68 2f 4d 42 41 41 43 43 2d 45 78 74 65
                                                                                                                                          Data Ascii: { "url": "https://api.github.com/repos/fangdreth/MBAACC-Exte
                                                                                                                                          2025-03-08 10:28:52 UTC1370INData Raw: 6e 64 65 64 2d 54 72 61 69 6e 69 6e 67 2d 4d 6f 64 65 2f 72 65 6c 65 61 73 65 73 2f 31 37 38 35 33 34 37 38 30 22 2c 0a 20 20 22 61 73 73 65 74 73 5f 75 72 6c 22 3a 20 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 72 65 70 6f 73 2f 66 61 6e 67 64 72 65 74 68 2f 4d 42 41 41 43 43 2d 45 78 74 65 6e 64 65 64 2d 54 72 61 69 6e 69 6e 67 2d 4d 6f 64 65 2f 72 65 6c 65 61 73 65 73 2f 31 37 38 35 33 34 37 38 30 2f 61 73 73 65 74 73 22 2c 0a 20 20 22 75 70 6c 6f 61 64 5f 75 72 6c 22 3a 20 22 68 74 74 70 73 3a 2f 2f 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 72 65 70 6f 73 2f 66 61 6e 67 64 72 65 74 68 2f 4d 42 41 41 43 43 2d 45 78 74 65 6e 64 65 64 2d 54 72 61 69 6e 69 6e 67 2d 4d 6f 64 65 2f 72 65 6c 65 61 73 65 73 2f 31 37
                                                                                                                                          Data Ascii: nded-Training-Mode/releases/178534780", "assets_url": "https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/178534780/assets", "upload_url": "https://uploads.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/17
                                                                                                                                          2025-03-08 10:28:52 UTC1370INData Raw: 72 65 74 68 2f 72 65 63 65 69 76 65 64 5f 65 76 65 6e 74 73 22 2c 0a 20 20 20 20 22 74 79 70 65 22 3a 20 22 55 73 65 72 22 2c 0a 20 20 20 20 22 75 73 65 72 5f 76 69 65 77 5f 74 79 70 65 22 3a 20 22 70 75 62 6c 69 63 22 2c 0a 20 20 20 20 22 73 69 74 65 5f 61 64 6d 69 6e 22 3a 20 66 61 6c 73 65 0a 20 20 7d 2c 0a 20 20 22 6e 6f 64 65 5f 69 64 22 3a 20 22 52 45 5f 6b 77 44 4f 4c 75 46 33 56 63 34 4b 70 44 6c 38 22 2c 0a 20 20 22 74 61 67 5f 6e 61 6d 65 22 3a 20 22 76 32 2e 30 22 2c 0a 20 20 22 74 61 72 67 65 74 5f 63 6f 6d 6d 69 74 69 73 68 22 3a 20 22 6d 61 69 6e 22 2c 0a 20 20 22 6e 61 6d 65 22 3a 20 22 76 32 2e 30 22 2c 0a 20 20 22 64 72 61 66 74 22 3a 20 66 61 6c 73 65 2c 0a 20 20 22 70 72 65 72 65 6c 65 61 73 65 22 3a 20 66 61 6c 73 65 2c 0a 20 20 22 63
                                                                                                                                          Data Ascii: reth/received_events", "type": "User", "user_view_type": "public", "site_admin": false }, "node_id": "RE_kwDOLuF3Vc4KpDl8", "tag_name": "v2.0", "target_commitish": "main", "name": "v2.0", "draft": false, "prerelease": false, "c
                                                                                                                                          2025-03-08 10:28:52 UTC1370INData Raw: 72 6c 22 3a 20 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 75 73 65 72 73 2f 66 61 6e 67 64 72 65 74 68 2f 6f 72 67 73 22 2c 0a 20 20 20 20 20 20 20 20 22 72 65 70 6f 73 5f 75 72 6c 22 3a 20 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 75 73 65 72 73 2f 66 61 6e 67 64 72 65 74 68 2f 72 65 70 6f 73 22 2c 0a 20 20 20 20 20 20 20 20 22 65 76 65 6e 74 73 5f 75 72 6c 22 3a 20 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 75 73 65 72 73 2f 66 61 6e 67 64 72 65 74 68 2f 65 76 65 6e 74 73 7b 2f 70 72 69 76 61 63 79 7d 22 2c 0a 20 20 20 20 20 20 20 20 22 72 65 63 65 69 76 65 64 5f 65 76 65 6e 74 73 5f 75 72 6c 22 3a 20 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e 67 69 74 68 75 62 2e 63 6f
                                                                                                                                          Data Ascii: rl": "https://api.github.com/users/fangdreth/orgs", "repos_url": "https://api.github.com/users/fangdreth/repos", "events_url": "https://api.github.com/users/fangdreth/events{/privacy}", "received_events_url": "https://api.github.co
                                                                                                                                          2025-03-08 10:28:52 UTC1370INData Raw: 70 73 3a 2f 2f 61 70 69 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 75 73 65 72 73 2f 66 61 6e 67 64 72 65 74 68 2f 66 6f 6c 6c 6f 77 65 72 73 22 2c 0a 20 20 20 20 20 20 20 20 22 66 6f 6c 6c 6f 77 69 6e 67 5f 75 72 6c 22 3a 20 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 75 73 65 72 73 2f 66 61 6e 67 64 72 65 74 68 2f 66 6f 6c 6c 6f 77 69 6e 67 7b 2f 6f 74 68 65 72 5f 75 73 65 72 7d 22 2c 0a 20 20 20 20 20 20 20 20 22 67 69 73 74 73 5f 75 72 6c 22 3a 20 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 75 73 65 72 73 2f 66 61 6e 67 64 72 65 74 68 2f 67 69 73 74 73 7b 2f 67 69 73 74 5f 69 64 7d 22 2c 0a 20 20 20 20 20 20 20 20 22 73 74 61 72 72 65 64 5f 75 72 6c 22 3a 20 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e 67 69
                                                                                                                                          Data Ascii: ps://api.github.com/users/fangdreth/followers", "following_url": "https://api.github.com/users/fangdreth/following{/other_user}", "gists_url": "https://api.github.com/users/fangdreth/gists{/gist_id}", "starred_url": "https://api.gi
                                                                                                                                          2025-03-08 10:28:52 UTC1370INData Raw: 52 45 41 44 4d 45 2e 6d 64 22 2c 0a 20 20 20 20 20 20 22 6c 61 62 65 6c 22 3a 20 6e 75 6c 6c 2c 0a 20 20 20 20 20 20 22 75 70 6c 6f 61 64 65 72 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6c 6f 67 69 6e 22 3a 20 22 66 61 6e 67 64 72 65 74 68 22 2c 0a 20 20 20 20 20 20 20 20 22 69 64 22 3a 20 36 31 33 39 30 39 30 34 2c 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 5f 69 64 22 3a 20 22 4d 44 51 36 56 58 4e 6c 63 6a 59 78 4d 7a 6b 77 4f 54 41 30 22 2c 0a 20 20 20 20 20 20 20 20 22 61 76 61 74 61 72 5f 75 72 6c 22 3a 20 22 68 74 74 70 73 3a 2f 2f 61 76 61 74 61 72 73 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 75 2f 36 31 33 39 30 39 30 34 3f 76 3d 34 22 2c 0a 20 20 20 20 20 20 20 20 22 67 72 61 76 61 74 61 72 5f 69 64 22 3a 20 22 22 2c 0a
                                                                                                                                          Data Ascii: README.md", "label": null, "uploader": { "login": "fangdreth", "id": 61390904, "node_id": "MDQ6VXNlcjYxMzkwOTA0", "avatar_url": "https://avatars.githubusercontent.com/u/61390904?v=4", "gravatar_id": "",
                                                                                                                                          2025-03-08 10:28:52 UTC1370INData Raw: 20 22 75 70 64 61 74 65 64 5f 61 74 22 3a 20 22 32 30 32 34 2d 31 30 2d 30 35 54 31 38 3a 35 30 3a 32 33 5a 22 2c 0a 20 20 20 20 20 20 22 62 72 6f 77 73 65 72 5f 64 6f 77 6e 6c 6f 61 64 5f 75 72 6c 22 3a 20 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 66 61 6e 67 64 72 65 74 68 2f 4d 42 41 41 43 43 2d 45 78 74 65 6e 64 65 64 2d 54 72 61 69 6e 69 6e 67 2d 4d 6f 64 65 2f 72 65 6c 65 61 73 65 73 2f 64 6f 77 6e 6c 6f 61 64 2f 76 32 2e 30 2f 52 45 41 44 4d 45 2e 6d 64 22 0a 20 20 20 20 7d 0a 20 20 5d 2c 0a 20 20 22 74 61 72 62 61 6c 6c 5f 75 72 6c 22 3a 20 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 72 65 70 6f 73 2f 66 61 6e 67 64 72 65 74 68 2f 4d 42 41 41 43 43 2d 45 78 74 65 6e 64 65 64 2d 54 72 61 69 6e 69 6e 67
                                                                                                                                          Data Ascii: "updated_at": "2024-10-05T18:50:23Z", "browser_download_url": "https://github.com/fangdreth/MBAACC-Extended-Training-Mode/releases/download/v2.0/README.md" } ], "tarball_url": "https://api.github.com/repos/fangdreth/MBAACC-Extended-Training
                                                                                                                                          2025-03-08 10:28:52 UTC623INData Raw: 74 6b 65 79 5c 72 5c 6e 5c 72 5c 6e 2b 20 4d 6f 72 65 20 66 65 61 74 75 72 65 73 20 74 6f 20 45 6e 65 6d 79 20 52 65 76 65 72 73 61 6c 73 5c 72 5c 6e 20 20 2b 20 43 61 6e 20 62 65 20 74 75 72 6e 65 64 20 6f 66 66 20 77 69 74 68 6f 75 74 20 73 65 74 74 69 6e 67 20 65 76 65 72 79 74 68 69 6e 67 20 74 6f 20 4e 4f 4e 45 5c 72 5c 6e 20 20 2b 20 52 65 76 65 72 73 61 6c 20 6f 75 74 20 6f 66 20 73 68 69 65 6c 64 5c 72 5c 6e 20 20 2b 20 52 65 76 65 72 73 61 6c 20 77 69 74 68 20 61 20 68 6f 74 6b 65 79 5c 72 5c 6e 5c 72 5c 6e 2b 20 43 75 73 74 6f 6d 20 52 4e 47 20 43 6f 6e 74 72 6f 6c 73 5c 72 5c 6e 20 20 2b 20 50 69 63 6b 20 61 20 63 75 73 74 6f 6d 20 53 65 65 64 20 6f 72 20 61 20 73 70 65 63 69 66 69 63 20 52 4e 47 20 76 61 6c 75 65 5c 72 5c 6e 20 20 2b 20 43 61
                                                                                                                                          Data Ascii: tkey\r\n\r\n+ More features to Enemy Reversals\r\n + Can be turned off without setting everything to NONE\r\n + Reversal out of shield\r\n + Reversal with a hotkey\r\n\r\n+ Custom RNG Controls\r\n + Pick a custom Seed or a specific RNG value\r\n + Ca
                                                                                                                                          2025-03-08 10:28:52 UTC568INData Raw: 6f 6c 69 64 20 63 6f 6c 6f 72 2e 20 20 55 73 65 66 75 6c 20 66 6f 72 20 63 68 72 6f 6d 61 20 6b 65 79 69 6e 67 5c 72 5c 6e 20 20 2b 20 44 69 73 61 62 6c 65 20 73 68 61 64 6f 77 73 5c 72 5c 6e 5c 72 5c 6e 2b 20 54 72 61 69 6e 69 6e 67 20 44 69 73 70 6c 61 79 5c 72 5c 6e 20 20 2b 20 49 6d 70 72 6f 76 65 64 20 74 68 65 20 61 63 63 75 72 61 63 79 20 6f 66 20 6d 65 74 65 72 20 62 75 69 6c 74 20 64 75 72 69 6e 67 20 61 20 63 6f 6d 62 6f 5c 72 5c 6e 5c 72 5c 6e 2b 20 4d 6f 72 65 20 63 68 61 72 61 63 74 65 72 20 73 70 65 63 69 66 69 63 20 63 6f 6e 74 72 6f 6c 73 5c 72 5c 6e 20 20 2b 20 46 4d 61 69 64 73 20 48 65 61 72 74 73 5c 72 5c 6e 20 20 2b 20 52 79 6f 75 67 69 20 4b 6e 69 66 65 5c 72 5c 6e 5c 72 5c 6e 2b 20 45 74 20 63 65 74 65 72 61 5c 72 5c 6e 20 20 2b 20
                                                                                                                                          Data Ascii: olid color. Useful for chroma keying\r\n + Disable shadows\r\n\r\n+ Training Display\r\n + Improved the accuracy of meter built during a combo\r\n\r\n+ More character specific controls\r\n + FMaids Hearts\r\n + Ryougi Knife\r\n\r\n+ Et cetera\r\n +


                                                                                                                                          Target ID:0
                                                                                                                                          Start time:05:28:44
                                                                                                                                          Start date:08/03/2025
                                                                                                                                          Path:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.582702.20219.11785.exe"
                                                                                                                                          Imagebase:0x710000
                                                                                                                                          File size:12'606'976 bytes
                                                                                                                                          MD5 hash:4864DD1C69D3FA10D608C2483BE1219A
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:low
                                                                                                                                          Has exited:true
                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                                                                          Target ID:6
                                                                                                                                          Start time:05:28:47
                                                                                                                                          Start date:08/03/2025
                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\Extended-Training-Mode.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\\Extended-Training-Mode.exe"
                                                                                                                                          Imagebase:0xf30000
                                                                                                                                          File size:12'521'984 bytes
                                                                                                                                          MD5 hash:D1B0632E0B415DADA059CD8917FF9096
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Antivirus matches:
                                                                                                                                          • Detection: 4%, ReversingLabs
                                                                                                                                          Reputation:low
                                                                                                                                          Has exited:false

                                                                                                                                          Target ID:7
                                                                                                                                          Start time:05:28:47
                                                                                                                                          Start date:08/03/2025
                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                          Imagebase:0x7ff62fc20000
                                                                                                                                          File size:862'208 bytes
                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:false

                                                                                                                                          Target ID:8
                                                                                                                                          Start time:05:28:48
                                                                                                                                          Start date:08/03/2025
                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:C:\Windows\system32\cmd.exe /c curl -s https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/latest
                                                                                                                                          Imagebase:0xc70000
                                                                                                                                          File size:236'544 bytes
                                                                                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:true

                                                                                                                                          Target ID:9
                                                                                                                                          Start time:05:28:48
                                                                                                                                          Start date:08/03/2025
                                                                                                                                          Path:C:\Windows\SysWOW64\curl.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:curl -s https://api.github.com/repos/fangdreth/MBAACC-Extended-Training-Mode/releases/latest
                                                                                                                                          Imagebase:0x850000
                                                                                                                                          File size:470'528 bytes
                                                                                                                                          MD5 hash:44E5BAEEE864F1E9EDBE3986246AB37A
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:moderate
                                                                                                                                          Has exited:true

                                                                                                                                          Non-executed Functions

                                                                                                                                          APIs
                                                                                                                                          • GetSystemTimeAsFileTime.KERNEL32(?), ref: 0071D145
                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0071D154
                                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 0071D15D
                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?), ref: 0071D16A
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1298533227.0000000000711000.00000020.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.1298513992.0000000000710000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.1298556708.000000000071E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.1298581777.0000000000725000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.1298600991.0000000000726000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.1298600991.0000000000879000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.1298600991.00000000012B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_710000_SecuriteInfo.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2933794660-0
                                                                                                                                          • Opcode ID: ac8187eb9dbf13ad60949d67e13fd03365dd53fc86d24130ce17572ae093ad6e
                                                                                                                                          • Instruction ID: 144abe3488332e796dc55b6644193271f9e8440d0bb810459b5cbce83a4d8854
                                                                                                                                          • Opcode Fuzzy Hash: ac8187eb9dbf13ad60949d67e13fd03365dd53fc86d24130ce17572ae093ad6e
                                                                                                                                          • Instruction Fuzzy Hash: 52F0A470C0020CEBCB00DBB4C6489CEB7F4EF1C200B618995E812E6150E678A7448B51

                                                                                                                                          Non-executed Functions

                                                                                                                                          APIs
                                                                                                                                          • GetSystemTimeAsFileTime.KERNEL32(?), ref: 00FC085F
                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00FC086E
                                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 00FC0877
                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?), ref: 00FC0884
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000006.00000002.3127887499.0000000000F31000.00000020.00000001.01000000.00000006.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                          • Associated: 00000006.00000002.3127844563.0000000000F30000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                          • Associated: 00000006.00000002.3128017297.0000000000FCD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                          • Associated: 00000006.00000002.3128101482.0000000001000000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                          • Associated: 00000006.00000002.3128160129.0000000001084000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                          • Associated: 00000006.00000002.3128160129.00000000010CE000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                          • Associated: 00000006.00000002.3128240476.00000000010D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                          • Associated: 00000006.00000002.3128240476.0000000001B07000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_6_2_f30000_Extended-Training-Mode.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2933794660-0
                                                                                                                                          • Opcode ID: 63c19ac3691d4c0e76940e45655c321cd8b4d77ec7729dcbd09e24d7ececc9e9
                                                                                                                                          • Instruction ID: f87041f696bcc67ac66d25a1d36a848c4d36ea4707eaad8b2e7166930031d6fc
                                                                                                                                          • Opcode Fuzzy Hash: 63c19ac3691d4c0e76940e45655c321cd8b4d77ec7729dcbd09e24d7ececc9e9
                                                                                                                                          • Instruction Fuzzy Hash: 8DF06274D5020DEBCB00DBB8DA4999EBBF4FF1C204F9145A5E412F7114E730AB499B50