File name: | allegato_708.js |
Full analysis: | https://app.any.run/tasks/a886894d-8ae4-4d59-a990-b59536885da8 |
Verdict: | Malicious activity |
Threats: | Danabot is an advanced banking Trojan malware that was designed to steal financial information from victims. Out of the Trojans in the wild, this is one of the most advanced thanks to the modular design and a complex delivery method. |
Analysis date: | February 14, 2024, 22:37:03 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | text/plain |
File info: | ASCII text, with very long lines (5558), with no line terminators |
MD5: | 5DAF53BF848BB4CDA008A655BDECF425 |
SHA1: | 422EDA5A133D4BD324C634F113639A57C38BB552 |
SHA256: | 847B4AD90B1DABA2D9117A8E05776F3F902DDA593FB1252289538ACF476C4268 |
SSDEEP: | 96:j1Xp6Fi8ComWlyo5kxb2mRWcxHnLVRmqq4mAP0JEp7USUO5ip5iW33KlKXFd18eH:D6FismQVmamRVHLVwtKP8KK6uGiut3W |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3672 | "C:\Windows\System32\WScript.exe" "C:\Users\admin\Desktop\allegato_708.js" | C:\Windows\System32\wscript.exe | explorer.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Version: 5.8.7600.16385 Modules
| |||||||||||||||
3304 | "C:\Windows\System32\rundll32.exe" /B C:\Users\admin\AppData\Local\Temp\JffleeTicl.dll,start | C:\Windows\System32\rundll32.exe | wscript.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
DanaBot(PID) Process(3304) rundll32.exe C2 (3)195.133.88.98:443 62.173.146.41:443 31.41.244.38:443 Attributes (218)0123456789ABCDEF0123456789abcdef 77777777777777777777777777777777 424a0d380332858ee55bdebc4af3789f 74e70a2b3ba1cf29d84b9b4bcf3e2e37 10099790675505530477208181553592 52248698410825720534578748235158 75577147990529272777244152852699 29879648335669968284202797289605 27471731754805904856071347468521 41928680912561502802222185647539 19090265611636784727014501906679 42909301854462163997308722217328 89830323194097355403213400972588 12702124828893241746590704277717 64435257876535089165358128175072 65705031260985098497423188333483 40118092599999512098893413065920 56149967242541210492743493570749 20312769561451689224110579311248 81261022967853463840169352001328 89950003622606842227508135323070 04517341633685004541062586971416 68363196144955700784444165611827 25289510217088876144205509505128 42941826148615804143873447737955 50239267234596860714306679811299 40894712314200270603852166995638 48719957657284814898909770759462 61343766945636488273037083893479 10808359326479767786019153434744 00961034231316672578686920482194 93287863336020338479709268434224 76210557602350161326147806527610 13945487119911582560140965510769 07131070417070599280317977580014 54375765357722984094124368522288 23983303911468164807668823692122 07373226721607407477717009111345 50432053804647694904686120113087 81624074018480047704715733666292 62494235712488239685422217536601 43391485680840520336859458494803 79885141663410976897627118935756 32374730795191650763975830047269 81655271797088101601789319141530 03482262544051353358162468249467 68187662128347821288428654584401 39551426222087723485023722868022 27500950222482786620174449402169 77164820083536398202298024892620 48089869933550806433231352972533 22088194568951085155178100221003 45937058829107307118655300596214 11062467923351196304051895241701 70402485862954819831383774196396 29858439594897060895617022421062 85255603278638246716655439297654 40292184474789307951866999282788 07921929927011428546551433875806 37711044353429355406671265303499 62770993207157743542287621283671 84370370914135017194504580505029 11346886119981935056486823337887 51980432679477764885109979612316 75697661102170730178212875780161 06280855283803109571158829574281 41920853258904166001701785985821 63414003714687551412794400562878 93526663075439267701459858210336 59831191739244732511225464712252 38680331590270772766871534347608 63504720252982827271461690125050 61685823838436633108977746354101 90545764962192996590429095877462 53156113056083907389766971404812 52442226251255605447462085599609 15707867135849550236741915584185 99062780106646580951009578471398 98194138208715964648914493053407 92073707889052048273062303883776 77101736648382398574828787891286 47120146047432661269784969366551 10898843579635350691237459149897 21926201904875576195823347717353 13353181327272067343385951994831 90012179423759678474868994823595 99369642528734712461590403327731 82141032801252925387191478859899 31033105677441361963648030647213 77826656898686468463277710150809 40118260877020161532499046833293 12949209127762411378780302243557 46606283971659376426832674269780 14201174159756348119636828602231 80897432761383952437387628725734 41927459393512718973631166078467 60036084894662356762579528277471 92122419290710461342083806363940 84512691828894000571524625445295 76934935675272895683154177544176 31393844571917550968471078465956 62547942312293338483924514339614 91771529896554605945588149018382 75021729685839352072417274332572 88908647278284231516999958018757 57891031463338652579140051973659 30481314406858570673698294079477 44496306656291505503608252399443 79002723867491459962308678322286 61977543992816745254823298629859 87535754662860517388378547361676 85769017780335804511440773337196 25384235329193944778736647528245 10289461266249948596765520743605 30315217970499989304888248413244 84749230227584701679988710036046 70704877377286176171227694098633 15390895687841291101095126905033 45393869871295783467257264868341 72001966298605611936667524296823 67397084815179752036423595736533 68957392061769855284593965042530 91096713918026269165823180506035 55673628769498182593088388796888 44306184642975841824731350308098 59326863990650118941756995270074 86099731814269502352396232391105 57450826919295792878938752101867 70471816232510275169531004318559 64837602657827828194249605561893 69658653255131371944831362477736 53468410118796740709840825496997 93755607223451067047210860259793 12469963669934775136071472657940 64436203408861395055989217248455 72998707376989996514806623647239 92859320868822848751165438350943 32766472226259406155605804500409 47211826027729977563540237169063 04480797157716494477784470005974 19032457722226253269698374446528 35352729304393746106576383349151 67878761373365912343802950200656 82527118129468050147943114675429 C0000000000000000000000000000000 000000000000000000000000000003c4 2d06B4265ebc749ff7d0f1f1f88232e8 1632e9088fd44b7787d5e407e955080c C0000000000000000000000000000000 000000000000000000000000000003C7 5fffffffffffffffffffffffffffffff 606117a2f4bde428b7458a54b6e87b85 a20e034bf8813ef5c18d01105e726a17 eb248b264ae9706f440bedc8ccb6b22c 5FBFF498AA938CE739B8E022FBAFEF40 563F6E6A3472FC2A514C0CE9DAE23B7E 80000000000000000000000000000000 00000000000000000000000000000431 80000000000000000000000000000001 50FE8A1892976154C59CFC193ACCF5B3 08E2A8A0E65147D4BD6316030E16D19C 85C97F0A9CA267122B96ABBCEA7E8FC8 FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFFFFFFFFFFFFFFFD94 FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFFFFFFFFFFFFFFFD97 FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 6C611070995AD10045841B09B761B893 8D91E471E0989CDA27DF505A453F2B76 35294F2DDF23E3B122ACC99C9E9F1E14 80000000000000000000000000000000 00000000000000000000000000000C96 3E1AF419A269A5F866A7D3C25C3DF80A E979259373FF2B182F49D4CE7E1BBC8B 80000000000000000000000000000000 00000000000000000000000000000C99 80000000000000000000000000000001 5F700CFFF1A624E5E497161BCC8A198F 3FA8124359F96680B83D1C3EB2C070E5 C545C9858D03ECFB744BF8D717717EFC 9B9F605F5A858107AB1EC85E6B41C8AA CF846E86789051D37998F7B9022D7598 9B9F605F5A858107AB1EC85E6B41C8AA CF846E86789051D37998F7B9022D759B 9B9F605F5A858107AB1EC85E6B41C8AA 582CA3511EDDFB74F02F3A6598980BB9 41ECE55743711A8C3CBF3783CD08C0EE 4D4DC440D4641A8F366E550DFDB3BB67 FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFFFFFFFFFFFFFFFD94 FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFFFFFFFFFFFFFFFD97 FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 6C611070995AD10045841B09B761B893 8D91E471E0989CDA27DF505A453F2B76 35294F2DDF23E3B122ACC99C9E9F1E14 9B9F605F5A858107AB1EC85E6B41C8AA CF846E86789051D37998F7B9022D7598 9B9F605F5A858107AB1EC85E6B41C8AA CF846E86789051D37998F7B9022D759B 9B9F605F5A858107AB1EC85E6B41C8AA 582CA3511EDDFB74F02F3A6598980BB9 41ECE55743711A8C3CBF3783CD08C0EE 4D4DC440D4641A8F366E550DFDB3BB67 66666666666666666666666666666666 00001111222233334444555566667777 20142015201620172018201920202021 20222023202420252026202720282029 20302031203220332034203520362037 20132012201120102009200820072006 20052004200320022001200019991998 19971996199519941993199219911990 19891988198719861985198419831982 19811980197919781977197619751974 19731972197119701969196819671966 19651964196319621961196019591958 19571956195519541953195219511950 325A68480D26E4D86E6C62E0DBD3E325 Certificates (29)-----BEGIN CERTIFICATE-----
MIICvDCCAiUCEEoZ0jiMglkcpV1zXxVd3KMwDQYJKoZIhvcNAQEEBQAwgZ4xHzAd
BgNVBAoTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxFzAVBgNVBAsTDlZlcmlTaWdu
LCBJbmMuMSwwKgYDVQQLEyNWZXJpU2lnbiBUaW1lIFN0YW1waW5nIFNlcnZpY2Ug
Um9vdDE0MDIGA1UECxMrTk8gTElBQklMSVRZIEFDQ0VQVEVELCAoYyk5NyBWZXJp
U2lnbiw... -----BEGIN CERTIFICATE-----
MIIEZjCCA06gAwIBAgIQRL4Mi1AAJLQR0zYt4LNfGzANBgkqhkiG9w0BAQUFADCB
lTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHTAbBgNVBAMTFFVUTi1VU0VSRmlyc3Qt
T2JqZWN... -----BEGIN CERTIFICATE-----
MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
R2xvYmF... -----BEGIN CERTIFICATE-----
MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
BAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2ln
biBHb2xkIENBIC0gRzIwHhcNMDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBF
MQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMR8wHQYDVQQDExZT
d2lzc1N... -----BEGIN CERTIFICATE-----
MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ
RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD
VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX
DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y
ZTETMBE... -----BEGIN CERTIFICATE-----
MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy
dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1
MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx
dWlmYXg... -----BEGIN CERTIFICATE-----
MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x
GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv
b3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNV
BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W
YWRpcyB... -----BEGIN CERTIFICATE-----
MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMx
EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT
HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVs
ZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAw
MFoXDTM... -----BEGIN CERTIFICATE-----
MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMC
VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0
Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW
KGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsGA1UEAxMkRW50cnVzdCBSb290IENl
cnRpZml... -----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
YWxTaWd... -----BEGIN CERTIFICATE-----
MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCB
hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV
BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMTE5
MDAwMDA... -----BEGIN CERTIFICATE-----
MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
ChMcU3R... -----BEGIN CERTIFICATE-----
MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT
MRUwEwY... -----BEGIN CERTIFICATE-----
MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCB
qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw
MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV
BAMTFnR... -----BEGIN CERTIFICATE-----
MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMC
VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50
cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3Qs
IEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVz
dCBSb29... -----BEGIN CERTIFICATE-----
MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBI
MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x
FzAVBgNVBAMTDlNlY3VyZVRydXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIz
MTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF1NlY3VyZVRydXN0IENv
cnBvcmF... -----BEGIN CERTIFICATE-----
MIIDnzCCAoegAwIBAgIBJjANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJERTEc
MBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxlU2Vj
IFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290IENB
IDIwHhcNOTkwNzA5MTIxMTAwWhcNMTkwNzA5MjM1OTAwWjBxMQswCQYDVQQGEwJE
RTEcMBo... -----BEGIN CERTIFICATE-----
MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
BAoTDlZ... -----BEGIN CERTIFICATE-----
MIIDkjCCAnqgAwIBAgIRAIW9S/PY2uNp9pTXX8OlRCMwDQYJKoZIhvcNAQEFBQAw
PTELMAkGA1UEBhMCRlIxETAPBgNVBAoTCENlcnRwbHVzMRswGQYDVQQDExJDbGFz
cyAyIFByaW1hcnkgQ0EwHhcNOTkwNzA3MTcwNTAwWhcNMTkwNzA2MjM1OTU5WjA9
MQswCQYDVQQGEwJGUjERMA8GA1UEChMIQ2VydHBsdXMxGzAZBgNVBAMTEkNsYXNz
IDIgUHJ... -----BEGIN CERTIFICATE-----
MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCWkEx
FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
biBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFByZW1pdW0gU2Vy
dmVyIEN... -----BEGIN CERTIFICATE-----
MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL
MAkGA1U... -----BEGIN CERTIFICATE-----
MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML
RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp
bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5
IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp
ZmljYXR... -----BEGIN CERTIFICATE-----
MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB
yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
ZXJpU2l... -----BEGIN CERTIFICATE-----
MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx
EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT
EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp
ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIz
NTk1OVo... -----BEGIN CERTIFICATE-----
MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW
MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg
Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM2WhcNMzYwOTE3MTk0NjM2WjB9
MQswCQY... -----BEGIN CERTIFICATE-----
MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh
MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE
YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3
MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo
ZSBHbyB... -----BEGIN CERTIFICATE-----
MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv
b3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQG
EwJVUzE... -----BEGIN CERTIFICATE-----
MIIEdDCCA1ygAwIBAgIQRL4Mi1AAJLQR0zYq/mUK/TANBgkqhkiG9w0BAQUFADCB
lzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3Qt
SGFyZHd... -----BEGIN CERTIFICATE-----
MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
FDASBgN... (PID) Process(3304) rundll32.exe C2 (0) Attributes (217)0123456789ABCDEF0123456789abcdef 77777777777777777777777777777777 424a0d380332858ee55bdebc4af3789f 74e70a2b3ba1cf29d84b9b4bcf3e2e37 10099790675505530477208181553592 52248698410825720534578748235158 75577147990529272777244152852699 29879648335669968284202797289605 27471731754805904856071347468521 41928680912561502802222185647539 19090265611636784727014501906679 42909301854462163997308722217328 89830323194097355403213400972588 12702124828893241746590704277717 64435257876535089165358128175072 65705031260985098497423188333483 40118092599999512098893413065920 56149967242541210492743493570749 20312769561451689224110579311248 81261022967853463840169352001328 89950003622606842227508135323070 04517341633685004541062586971416 68363196144955700784444165611827 25289510217088876144205509505128 42941826148615804143873447737955 50239267234596860714306679811299 40894712314200270603852166995638 48719957657284814898909770759462 61343766945636488273037083893479 10808359326479767786019153434744 00961034231316672578686920482194 93287863336020338479709268434224 76210557602350161326147806527610 13945487119911582560140965510769 07131070417070599280317977580014 54375765357722984094124368522288 23983303911468164807668823692122 07373226721607407477717009111345 50432053804647694904686120113087 81624074018480047704715733666292 62494235712488239685422217536601 43391485680840520336859458494803 79885141663410976897627118935756 32374730795191650763975830047269 81655271797088101601789319141530 03482262544051353358162468249467 68187662128347821288428654584401 39551426222087723485023722868022 27500950222482786620174449402169 77164820083536398202298024892620 48089869933550806433231352972533 22088194568951085155178100221003 45937058829107307118655300596214 11062467923351196304051895241701 70402485862954819831383774196396 29858439594897060895617022421062 85255603278638246716655439297654 40292184474789307951866999282788 07921929927011428546551433875806 37711044353429355406671265303499 62770993207157743542287621283671 84370370914135017194504580505029 11346886119981935056486823337887 51980432679477764885109979612316 75697661102170730178212875780161 06280855283803109571158829574281 41920853258904166001701785985821 63414003714687551412794400562878 93526663075439267701459858210336 59831191739244732511225464712252 38680331590270772766871534347608 63504720252982827271461690125050 61685823838436633108977746354101 90545764962192996590429095877462 53156113056083907389766971404812 52442226251255605447462085599609 15707867135849550236741915584185 99062780106646580951009578471398 98194138208715964648914493053407 92073707889052048273062303883776 77101736648382398574828787891286 47120146047432661269784969366551 10898843579635350691237459149897 21926201904875576195823347717353 13353181327272067343385951994831 90012179423759678474868994823595 99369642528734712461590403327731 82141032801252925387191478859899 31033105677441361963648030647213 77826656898686468463277710150809 40118260877020161532499046833293 12949209127762411378780302243557 46606283971659376426832674269780 14201174159756348119636828602231 80897432761383952437387628725734 41927459393512718973631166078467 60036084894662356762579528277471 92122419290710461342083806363940 84512691828894000571524625445295 76934935675272895683154177544176 31393844571917550968471078465956 62547942312293338483924514339614 91771529896554605945588149018382 75021729685839352072417274332572 88908647278284231516999958018757 57891031463338652579140051973659 30481314406858570673698294079477 44496306656291505503608252399443 79002723867491459962308678322286 61977543992816745254823298629859 87535754662860517388378547361676 85769017780335804511440773337196 25384235329193944778736647528245 10289461266249948596765520743605 30315217970499989304888248413244 84749230227584701679988710036046 70704877377286176171227694098633 15390895687841291101095126905033 45393869871295783467257264868341 72001966298605611936667524296823 67397084815179752036423595736533 68957392061769855284593965042530 91096713918026269165823180506035 55673628769498182593088388796888 44306184642975841824731350308098 59326863990650118941756995270074 86099731814269502352396232391105 57450826919295792878938752101867 70471816232510275169531004318559 64837602657827828194249605561893 69658653255131371944831362477736 53468410118796740709840825496997 93755607223451067047210860259793 12469963669934775136071472657940 64436203408861395055989217248455 72998707376989996514806623647239 92859320868822848751165438350943 32766472226259406155605804500409 47211826027729977563540237169063 04480797157716494477784470005974 19032457722226253269698374446528 35352729304393746106576383349151 67878761373365912343802950200656 82527118129468050147943114675429 C0000000000000000000000000000000 000000000000000000000000000003c4 2d06B4265ebc749ff7d0f1f1f88232e8 1632e9088fd44b7787d5e407e955080c C0000000000000000000000000000000 000000000000000000000000000003C7 5fffffffffffffffffffffffffffffff 606117a2f4bde428b7458a54b6e87b85 a20e034bf8813ef5c18d01105e726a17 eb248b264ae9706f440bedc8ccb6b22c 5FBFF498AA938CE739B8E022FBAFEF40 563F6E6A3472FC2A514C0CE9DAE23B7E 80000000000000000000000000000000 00000000000000000000000000000431 80000000000000000000000000000001 50FE8A1892976154C59CFC193ACCF5B3 08E2A8A0E65147D4BD6316030E16D19C 85C97F0A9CA267122B96ABBCEA7E8FC8 FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFFFFFFFFFFFFFFFD94 FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFFFFFFFFFFFFFFFD97 FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 6C611070995AD10045841B09B761B893 8D91E471E0989CDA27DF505A453F2B76 35294F2DDF23E3B122ACC99C9E9F1E14 80000000000000000000000000000000 00000000000000000000000000000C96 3E1AF419A269A5F866A7D3C25C3DF80A E979259373FF2B182F49D4CE7E1BBC8B 80000000000000000000000000000000 00000000000000000000000000000C99 80000000000000000000000000000001 5F700CFFF1A624E5E497161BCC8A198F 3FA8124359F96680B83D1C3EB2C070E5 C545C9858D03ECFB744BF8D717717EFC 9B9F605F5A858107AB1EC85E6B41C8AA CF846E86789051D37998F7B9022D7598 9B9F605F5A858107AB1EC85E6B41C8AA CF846E86789051D37998F7B9022D759B 9B9F605F5A858107AB1EC85E6B41C8AA 582CA3511EDDFB74F02F3A6598980BB9 41ECE55743711A8C3CBF3783CD08C0EE 4D4DC440D4641A8F366E550DFDB3BB67 FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFFFFFFFFFFFFFFFD94 FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFFFFFFFFFFFFFFFD97 FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 6C611070995AD10045841B09B761B893 8D91E471E0989CDA27DF505A453F2B76 35294F2DDF23E3B122ACC99C9E9F1E14 9B9F605F5A858107AB1EC85E6B41C8AA CF846E86789051D37998F7B9022D7598 9B9F605F5A858107AB1EC85E6B41C8AA CF846E86789051D37998F7B9022D759B 9B9F605F5A858107AB1EC85E6B41C8AA 582CA3511EDDFB74F02F3A6598980BB9 41ECE55743711A8C3CBF3783CD08C0EE 4D4DC440D4641A8F366E550DFDB3BB67 66666666666666666666666666666666 00001111222233334444555566667777 20142015201620172018201920202021 20222023202420252026202720282029 20302031203220332034203520362037 20132012201120102009200820072006 20052004200320022001200019991998 19971996199519941993199219911990 19891988198719861985198419831982 19811980197919781977197619751974 19731972197119701969196819671966 19651964196319621961196019591958 19571956195519541953195219511950 Certificates (29)-----BEGIN CERTIFICATE-----
MIICvDCCAiUCEEoZ0jiMglkcpV1zXxVd3KMwDQYJKoZIhvcNAQEEBQAwgZ4xHzAd
BgNVBAoTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxFzAVBgNVBAsTDlZlcmlTaWdu
LCBJbmMuMSwwKgYDVQQLEyNWZXJpU2lnbiBUaW1lIFN0YW1waW5nIFNlcnZpY2Ug
Um9vdDE0MDIGA1UECxMrTk8gTElBQklMSVRZIEFDQ0VQVEVELCAoYyk5NyBWZXJp
U2lnbiw... -----BEGIN CERTIFICATE-----
MIIEZjCCA06gAwIBAgIQRL4Mi1AAJLQR0zYt4LNfGzANBgkqhkiG9w0BAQUFADCB
lTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHTAbBgNVBAMTFFVUTi1VU0VSRmlyc3Qt
T2JqZWN... -----BEGIN CERTIFICATE-----
MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
R2xvYmF... -----BEGIN CERTIFICATE-----
MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
BAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2ln
biBHb2xkIENBIC0gRzIwHhcNMDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBF
MQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMR8wHQYDVQQDExZT
d2lzc1N... -----BEGIN CERTIFICATE-----
MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ
RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD
VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX
DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y
ZTETMBE... -----BEGIN CERTIFICATE-----
MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy
dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1
MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx
dWlmYXg... -----BEGIN CERTIFICATE-----
MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x
GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv
b3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNV
BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W
YWRpcyB... -----BEGIN CERTIFICATE-----
MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMx
EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT
HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVs
ZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAw
MFoXDTM... -----BEGIN CERTIFICATE-----
MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMC
VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0
Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW
KGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsGA1UEAxMkRW50cnVzdCBSb290IENl
cnRpZml... -----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
YWxTaWd... -----BEGIN CERTIFICATE-----
MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCB
hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV
BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMTE5
MDAwMDA... -----BEGIN CERTIFICATE-----
MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
ChMcU3R... -----BEGIN CERTIFICATE-----
MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT
MRUwEwY... -----BEGIN CERTIFICATE-----
MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCB
qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw
MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV
BAMTFnR... -----BEGIN CERTIFICATE-----
MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMC
VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50
cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3Qs
IEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVz
dCBSb29... -----BEGIN CERTIFICATE-----
MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBI
MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x
FzAVBgNVBAMTDlNlY3VyZVRydXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIz
MTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF1NlY3VyZVRydXN0IENv
cnBvcmF... -----BEGIN CERTIFICATE-----
MIIDnzCCAoegAwIBAgIBJjANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJERTEc
MBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxlU2Vj
IFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290IENB
IDIwHhcNOTkwNzA5MTIxMTAwWhcNMTkwNzA5MjM1OTAwWjBxMQswCQYDVQQGEwJE
RTEcMBo... -----BEGIN CERTIFICATE-----
MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
BAoTDlZ... -----BEGIN CERTIFICATE-----
MIIDkjCCAnqgAwIBAgIRAIW9S/PY2uNp9pTXX8OlRCMwDQYJKoZIhvcNAQEFBQAw
PTELMAkGA1UEBhMCRlIxETAPBgNVBAoTCENlcnRwbHVzMRswGQYDVQQDExJDbGFz
cyAyIFByaW1hcnkgQ0EwHhcNOTkwNzA3MTcwNTAwWhcNMTkwNzA2MjM1OTU5WjA9
MQswCQYDVQQGEwJGUjERMA8GA1UEChMIQ2VydHBsdXMxGzAZBgNVBAMTEkNsYXNz
IDIgUHJ... -----BEGIN CERTIFICATE-----
MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCWkEx
FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
biBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFByZW1pdW0gU2Vy
dmVyIEN... -----BEGIN CERTIFICATE-----
MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL
MAkGA1U... -----BEGIN CERTIFICATE-----
MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML
RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp
bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5
IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp
ZmljYXR... -----BEGIN CERTIFICATE-----
MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB
yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
ZXJpU2l... -----BEGIN CERTIFICATE-----
MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx
EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT
EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp
ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIz
NTk1OVo... -----BEGIN CERTIFICATE-----
MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW
MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg
Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM2WhcNMzYwOTE3MTk0NjM2WjB9
MQswCQY... -----BEGIN CERTIFICATE-----
MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh
MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE
YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3
MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo
ZSBHbyB... -----BEGIN CERTIFICATE-----
MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv
b3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQG
EwJVUzE... -----BEGIN CERTIFICATE-----
MIIEdDCCA1ygAwIBAgIQRL4Mi1AAJLQR0zYq/mUK/TANBgkqhkiG9w0BAQUFADCB
lzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3Qt
SGFyZHd... -----BEGIN CERTIFICATE-----
MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
FDASBgN... | |||||||||||||||
3940 | schtasks /End /tn \Microsoft\Windows\Wininet\CacheTask | C:\Windows\System32\schtasks.exe | — | rundll32.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Manages scheduled tasks Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
2756 | schtasks /Run /tn \Microsoft\Windows\Wininet\CacheTask | C:\Windows\System32\schtasks.exe | — | rundll32.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Manages scheduled tasks Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
2064 | "taskhost.exe" | C:\Windows\System32\taskhost.exe | services.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Host Process for Windows Tasks Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
|
(PID) Process: | (3672) wscript.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 | |||
(PID) Process: | (3672) wscript.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | IntranetName |
Value: 1 | |||
(PID) Process: | (3672) wscript.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 1 | |||
(PID) Process: | (3672) wscript.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | AutoDetect |
Value: 0 | |||
(PID) Process: | (3672) wscript.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings |
Operation: | write | Name: | ProxyEnable |
Value: 0 | |||
(PID) Process: | (3672) wscript.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings |
Operation: | delete value | Name: | ProxyServer |
Value: | |||
(PID) Process: | (3672) wscript.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings |
Operation: | delete value | Name: | ProxyOverride |
Value: | |||
(PID) Process: | (3672) wscript.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings |
Operation: | delete value | Name: | AutoConfigURL |
Value: | |||
(PID) Process: | (3672) wscript.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings |
Operation: | delete value | Name: | AutoDetect |
Value: | |||
(PID) Process: | (3672) wscript.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections |
Operation: | write | Name: | SavedLegacySettings |
Value: 460000005C010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3304 | rundll32.exe | C:\Users\admin\AppData\Local\Temp\tmp4C17.tmp | — | |
MD5:— | SHA256:— | |||
3304 | rundll32.exe | C:\Users\admin\Desktop\tmp.edb | — | |
MD5:— | SHA256:— | |||
3672 | wscript.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\resources[1].dll | executable | |
MD5:E758E07113016ACA55D9EDA2B0FFEEBE | SHA256:2597322A49A6252445CA4C8D713320B238113B3B8FD8A2D6FC1088A5934CEE0E | |||
3304 | rundll32.exe | C:\Users\admin\AppData\Local\Temp\Hassfeo | sqlite | |
MD5:49E1E66E8EEFE2553D2ECEC4B7EF1D3E | SHA256:A664C359ACE3BFC149323E5403BB7140A84519043BDBA59B064EBC1BDADD32D4 | |||
3672 | wscript.exe | C:\Users\admin\AppData\Local\Temp\JffleeTicl.dll | executable | |
MD5:E758E07113016ACA55D9EDA2B0FFEEBE | SHA256:2597322A49A6252445CA4C8D713320B238113B3B8FD8A2D6FC1088A5934CEE0E | |||
3304 | rundll32.exe | C:\Users\admin\AppData\Local\Temp\Etwsewrq-shm | binary | |
MD5:B7C14EC6110FA820CA6B65F5AEC85911 | SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB | |||
3304 | rundll32.exe | C:\Users\admin\AppData\Local\Temp\Eqtthwte | sqlite | |
MD5:46A7758AC3C84B687720253442F2EADE | SHA256:71304D0BF373897D5A1942765036B52A8E4D4E52F707355E2F8188A3E0780FC0 | |||
3304 | rundll32.exe | C:\Users\admin\AppData\Local\Temp\Fhfsey | binary | |
MD5:F47EB60CDF981C17722D0CE740129927 | SHA256:0210071DF12CA42D70DCB679926668AE072264705AC139A24F94BBC5A129DD8F | |||
3304 | rundll32.exe | C:\Users\admin\AppData\Local\Temp\Etwsewrq | binary | |
MD5:23D08A78BC908C0B29E9800D3D5614E7 | SHA256:F6BD7DF5DFAE9FD88811A807DBA14085E00C1B5A6D7CC3D06CC68F6015363D59 | |||
3304 | rundll32.exe | C:\Users\admin\AppData\Local\Temp\Wetaqdstiepypar | sqlite | |
MD5:F47EB60CDF981C17722D0CE740129927 | SHA256:0210071DF12CA42D70DCB679926668AE072264705AC139A24F94BBC5A129DD8F |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3672 | wscript.exe | GET | 200 | 188.114.96.3:80 | http://soundata.top/resources.dll | unknown | executable | 11.3 Mb | — |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
4 | System | 192.168.100.255:138 | — | — | — | unknown |
4 | System | 192.168.100.255:137 | — | — | — | unknown |
3672 | wscript.exe | 188.114.96.3:80 | soundata.top | CLOUDFLARENET | NL | unknown |
1080 | svchost.exe | 224.0.0.252:5355 | — | — | — | unknown |
3304 | rundll32.exe | 62.173.146.41:443 | — | Internet-Cosmos LLC | RU | unknown |
3304 | rundll32.exe | 195.133.88.98:443 | — | Global Internet Solutions LLC | AT | unknown |
3304 | rundll32.exe | 91.201.67.85:443 | — | Melbikomas UAB | IT | unknown |
Domain | IP | Reputation |
---|---|---|
soundata.top |
| unknown |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET DNS Query to a *.top domain - Likely Hostile |
— | — | Potentially Bad Traffic | ET INFO HTTP Request to a *.top domain |
— | — | Potential Corporate Privacy Violation | ET POLICY PE EXE or DLL Windows file download HTTP |
— | — | A Network Trojan was detected | ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 |
— | — | Misc activity | ET HUNTING Possible EXE Download From Suspicious TLD |
— | — | Malware Command and Control Activity Detected | STEALER [ANY.RUN] Danabot |
— | — | Malware Command and Control Activity Detected | STEALER [ANY.RUN] Danabot |