sectigo.c om/COMODOT imeStampin gCA_2.crt0 # sectigo.c om/COMODOT imeStampin gCA_2.crl0 r com/COMODO RSACertifi cationAuth ority.crl0 q bullzip.c om/downloa d/gsl2760/ gslite.exe w? bullzip.c om/downloa d/gsl2760/ gslite.exe inter bullzip.c om/downloa d/gsl2760/ gslite.exe e? bullzip.c om/downloa d/gsl2760/ gslite.exe a bullzip.c om/downloa d/gsl2760/ gslite.exe Y bullzip.c om/downloa d/gsl2760/ gslite.exe C: bullzip.c om/downloa d/gsl2760/ gslite.exe = bullzip.c om/downloa d/gsl2760/ gslite.exe 3 bullzip.c om/downloa d/gsl2760/ gslite.exe ) bullzip.c om/downloa d/gsl2760/ gslite.exe 1Accept: * /*User-Age nt: IS Dow nload DLLH ost: cdn.b Connection : Keep-Ali veCache-Co ntrol: no- cacheĭNS traffic detected: queries fo r: Urls found in memory or binary data HTTP traffic detected: GET /downl oad/gsl276 0/gslite.e xe HTTP/1. HTTP/1.1Ac cept: */*U ser-Agent: IS Downlo ad DLLHost : nection: K eep-AliveC ache-Contr ol: no-cac he HTTP traffic detected: GET /produ cts/pdf/mi rror/?type =gsl&frame work=4.0&v ersion=11. tmpĬode function: 2_2_004D4A 44 FindFir stFileW,Fi ndNextFile W,FindClos e,Ĭode function: 2_2_004ACF 2C FindFir stFileW,Ge tLastError ,Ĭode function: 2_2_004081 74 GetModu leHandleW, GetProcAdd ress,lstrc pynW,lstrc pynW,lstrc pynW,FindF irstFileW, FindClose, lstrlenW,l strcpynW,l strlenW,ls trcpynW,Ĭode function: 2_2_004C08 58 SetErro rMode,Find FirstFileW ,FindNextF ileW,FindC lose,SetEr rorMode,Ĭode function: 2_2_004C0D 14 SetErro rMode,Find FirstFileW ,FindNextF ileW,FindC lose,SetEr rorMode,Ĭode function: 2_2_004FDA 8C FindFir stFileW,Se tFileAttri butesW,Del eteFileW,F indNextFil eW,FindClo se,Ĭode function: 2_2_004BF0 D4 FindFir stFileW,Fi ndNextFile W,FindClos e, Source: C:\Users\u ser\AppDat a\Local\Te mp\is-G606 C.tmp\Setu p_BullzipP DFPrinter_ 11_10_0_27 61_PRO_EXP. Source: C:\Users\u ser\Deskto p\Setup_Bu llzipPDFPr inter_11_1 0_0_2761_P RO_EXP.exeĬode function: 0_2_00405B EC GetModu leHandleW, GetProcAdd ress,lstrc pynW,lstrc pynW,lstrc pynW,FindF irstFileW, FindClose, lstrlenW,l strcpynW,l strlenW,ls trcpynW, Standard Non-Application Layer Protocol 2Įxfiltration Over Command and Control ChannelĬontains functionality to enumerate / list files inside a directory