Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 5.42.66.10 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 5.42.66.10 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 193.233.132.226 |
Source: j1zkOQTx4q.exe, 00000000.00000002.2893328950.00000000017A6000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.253/lumma2104.exe |
Source: j1zkOQTx4q.exe, 00000000.00000002.2895460297.0000000006484000.00000004.00000020.00020000.00000000.sdmp, j1zkOQTx4q.exe, 00000000.00000002.2891814780.000000000016F000.00000004.00000010.00020000.00000000.sdmp, j1zkOQTx4q.exe, 00000000.00000002.2895460297.0000000006463000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://5.42.66.10/download/th/Retailer_prog.exe |
Source: j1zkOQTx4q.exe, 00000000.00000002.2895460297.0000000006484000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://5.42.66.10/download/th/Retailer_prog.exe( |
Source: j1zkOQTx4q.exe, 00000000.00000002.2895460297.0000000006463000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://5.42.66.10/download/th/Retailer_prog.exe845-4e4c-bd18-02b67a |
Source: j1zkOQTx4q.exe, 00000000.00000002.2893126435.000000000152F000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: j1zkOQTx4q.exe, 00000000.00000002.2893126435.000000000152F000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0 |
Source: j1zkOQTx4q.exe, 00000000.00000002.2893126435.000000000152F000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0 |
Source: j1zkOQTx4q.exe, 00000000.00000002.2893126435.000000000152F000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0 |
Source: j1zkOQTx4q.exe |
String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t |
Source: j1zkOQTx4q.exe, 00000000.00000002.2893126435.000000000152F000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P |
Source: j1zkOQTx4q.exe, 00000000.00000002.2893126435.000000000152F000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0 |
Source: j1zkOQTx4q.exe, 00000000.00000002.2893126435.000000000152F000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07 |
Source: j1zkOQTx4q.exe, 00000000.00000002.2893126435.000000000152F000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02 |
Source: j1zkOQTx4q.exe, 00000000.00000002.2893126435.000000000152F000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: j1zkOQTx4q.exe, 00000000.00000002.2893126435.000000000152F000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0 |
Source: j1zkOQTx4q.exe, 00000000.00000002.2893126435.000000000152F000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K |
Source: j1zkOQTx4q.exe, 00000000.00000002.2893126435.000000000152F000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0 |
Source: j1zkOQTx4q.exe |
String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0# |
Source: j1zkOQTx4q.exe, 00000000.00000002.2893126435.000000000152F000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: j1zkOQTx4q.exe, 00000000.00000002.2893126435.000000000152F000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://ocsp.digicert.com0H |
Source: j1zkOQTx4q.exe, 00000000.00000002.2893126435.000000000152F000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://ocsp.digicert.com0I |
Source: j1zkOQTx4q.exe, 00000000.00000002.2893126435.000000000152F000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://ocsp.digicert.com0O |
Source: j1zkOQTx4q.exe |
String found in binary or memory: http://ocsp.sectigo.com0 |
Source: j1zkOQTx4q.exe, 00000000.00000002.2893126435.000000000152F000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: j1zkOQTx4q.exe, 00000000.00000002.2893126435.000000000152F000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0 |
Source: j1zkOQTx4q.exe, 00000000.00000002.2891954895.0000000000515000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://www.winimage.com/zLibDll |
Source: j1zkOQTx4q.exe, 00000000.00000002.2891954895.0000000000515000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://www.winimage.com/zLibDllDpRTpR |
Source: j1zkOQTx4q.exe, 00000000.00000003.2880279507.0000000006494000.00000004.00000020.00020000.00000000.sdmp, j1zkOQTx4q.exe, 00000000.00000003.2881720930.00000000064A0000.00000004.00000020.00020000.00000000.sdmp, j1zkOQTx4q.exe, 00000000.00000003.2880002087.0000000006466000.00000004.00000020.00020000.00000000.sdmp, B0tQxZcgttPJWeb Data.0.dr, iYfCU4QVZjt3Web Data.0.dr, 4SpdqMeYgXg6Web Data.0.dr |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: j1zkOQTx4q.exe, 00000000.00000003.2880279507.0000000006494000.00000004.00000020.00020000.00000000.sdmp, j1zkOQTx4q.exe, 00000000.00000003.2881720930.00000000064A0000.00000004.00000020.00020000.00000000.sdmp, j1zkOQTx4q.exe, 00000000.00000003.2880002087.0000000006466000.00000004.00000020.00020000.00000000.sdmp, B0tQxZcgttPJWeb Data.0.dr, iYfCU4QVZjt3Web Data.0.dr, 4SpdqMeYgXg6Web Data.0.dr |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: j1zkOQTx4q.exe, 00000000.00000003.2880279507.0000000006494000.00000004.00000020.00020000.00000000.sdmp, j1zkOQTx4q.exe, 00000000.00000003.2881720930.00000000064A0000.00000004.00000020.00020000.00000000.sdmp, j1zkOQTx4q.exe, 00000000.00000003.2880002087.0000000006466000.00000004.00000020.00020000.00000000.sdmp, B0tQxZcgttPJWeb Data.0.dr, iYfCU4QVZjt3Web Data.0.dr, 4SpdqMeYgXg6Web Data.0.dr |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: j1zkOQTx4q.exe, 00000000.00000003.2880279507.0000000006494000.00000004.00000020.00020000.00000000.sdmp, j1zkOQTx4q.exe, 00000000.00000003.2881720930.00000000064A0000.00000004.00000020.00020000.00000000.sdmp, j1zkOQTx4q.exe, 00000000.00000003.2880002087.0000000006466000.00000004.00000020.00020000.00000000.sdmp, B0tQxZcgttPJWeb Data.0.dr, iYfCU4QVZjt3Web Data.0.dr, 4SpdqMeYgXg6Web Data.0.dr |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: j1zkOQTx4q.exe, 00000000.00000002.2893328950.00000000017A6000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/ |
Source: j1zkOQTx4q.exe, 00000000.00000002.2893328950.00000000017A6000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/demo/home.php?s=102.129.152.220 |
Source: j1zkOQTx4q.exe, 00000000.00000002.2893328950.00000000017A6000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/demo/home.php?s=102.129.152.220e |
Source: j1zkOQTx4q.exe, 00000000.00000002.2893328950.00000000017A6000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com:443/demo/home.php?s=102.129.152.220 |
Source: j1zkOQTx4q.exe, 00000000.00000003.2880279507.0000000006494000.00000004.00000020.00020000.00000000.sdmp, j1zkOQTx4q.exe, 00000000.00000003.2881720930.00000000064A0000.00000004.00000020.00020000.00000000.sdmp, j1zkOQTx4q.exe, 00000000.00000003.2880002087.0000000006466000.00000004.00000020.00020000.00000000.sdmp, B0tQxZcgttPJWeb Data.0.dr, iYfCU4QVZjt3Web Data.0.dr, 4SpdqMeYgXg6Web Data.0.dr |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: j1zkOQTx4q.exe, 00000000.00000003.2880279507.0000000006494000.00000004.00000020.00020000.00000000.sdmp, j1zkOQTx4q.exe, 00000000.00000003.2881720930.00000000064A0000.00000004.00000020.00020000.00000000.sdmp, j1zkOQTx4q.exe, 00000000.00000003.2880002087.0000000006466000.00000004.00000020.00020000.00000000.sdmp, B0tQxZcgttPJWeb Data.0.dr, iYfCU4QVZjt3Web Data.0.dr, 4SpdqMeYgXg6Web Data.0.dr |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: j1zkOQTx4q.exe, 00000000.00000003.2880279507.0000000006494000.00000004.00000020.00020000.00000000.sdmp, j1zkOQTx4q.exe, 00000000.00000003.2881720930.00000000064A0000.00000004.00000020.00020000.00000000.sdmp, j1zkOQTx4q.exe, 00000000.00000003.2880002087.0000000006466000.00000004.00000020.00020000.00000000.sdmp, B0tQxZcgttPJWeb Data.0.dr, iYfCU4QVZjt3Web Data.0.dr, 4SpdqMeYgXg6Web Data.0.dr |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: j1zkOQTx4q.exe, 00000000.00000002.2893328950.000000000176A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/ |
Source: j1zkOQTx4q.exe, 00000000.00000002.2893328950.000000000179A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/Mozilla/5.0 |
Source: j1zkOQTx4q.exe, 00000000.00000002.2891954895.0000000000515000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll |
Source: j1zkOQTx4q.exe, 00000000.00000002.2893328950.000000000179A000.00000004.00000020.00020000.00000000.sdmp, j1zkOQTx4q.exe, 00000000.00000002.2893328950.0000000001770000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/widget/demo/102.129.152.220 |
Source: j1zkOQTx4q.exe, 00000000.00000002.2893328950.000000000179A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io:443/widget/demo/102.129.152.220 |
Source: j1zkOQTx4q.exe |
String found in binary or memory: https://sectigo.com/CPS0 |
Source: D87fZN3R3jFeplaces.sqlite.0.dr |
String found in binary or memory: https://support.mozilla.org |
Source: D87fZN3R3jFeplaces.sqlite.0.dr |
String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
Source: D87fZN3R3jFeplaces.sqlite.0.dr |
String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF |
Source: j1zkOQTx4q.exe, 00000000.00000003.2881418203.000000000648F000.00000004.00000020.00020000.00000000.sdmp, j1zkOQTx4q.exe, 00000000.00000003.2879892603.0000000006473000.00000004.00000020.00020000.00000000.sdmp, Dh4UFB9VlaROHistory.0.dr, 44JkKLWCBNJ9History.0.dr |
String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016 |
Source: Dh4UFB9VlaROHistory.0.dr, 44JkKLWCBNJ9History.0.dr |
String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples |
Source: j1zkOQTx4q.exe, 00000000.00000003.2881418203.000000000648F000.00000004.00000020.00020000.00000000.sdmp, j1zkOQTx4q.exe, 00000000.00000003.2879892603.0000000006473000.00000004.00000020.00020000.00000000.sdmp, Dh4UFB9VlaROHistory.0.dr, 44JkKLWCBNJ9History.0.dr |
String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17 |
Source: Dh4UFB9VlaROHistory.0.dr, 44JkKLWCBNJ9History.0.dr |
String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install |
Source: j1zkOQTx4q.exe, 00000000.00000002.2895460297.0000000006420000.00000004.00000020.00020000.00000000.sdmp, jTkI2DeqFXDxQHXHJ7lSt1A.zip.0.dr |
String found in binary or memory: https://t.me/RiseProSUPPORT |
Source: j1zkOQTx4q.exe, 00000000.00000002.2893328950.00000000017A6000.00000004.00000020.00020000.00000000.sdmp, j1zkOQTx4q.exe, 00000000.00000003.2885919526.00000000064D7000.00000004.00000020.00020000.00000000.sdmp, j1zkOQTx4q.exe, 00000000.00000002.2893328950.00000000017FF000.00000004.00000020.00020000.00000000.sdmp, passwords.txt.0.dr |
String found in binary or memory: https://t.me/risepro_bot |
Source: j1zkOQTx4q.exe, 00000000.00000002.2893126435.000000000152F000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://www.digicert.com/CPS0 |
Source: j1zkOQTx4q.exe, 00000000.00000003.2880279507.0000000006494000.00000004.00000020.00020000.00000000.sdmp, j1zkOQTx4q.exe, 00000000.00000003.2881720930.00000000064A0000.00000004.00000020.00020000.00000000.sdmp, j1zkOQTx4q.exe, 00000000.00000003.2880002087.0000000006466000.00000004.00000020.00020000.00000000.sdmp, B0tQxZcgttPJWeb Data.0.dr, iYfCU4QVZjt3Web Data.0.dr, 4SpdqMeYgXg6Web Data.0.dr |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: j1zkOQTx4q.exe, 00000000.00000003.2880279507.0000000006494000.00000004.00000020.00020000.00000000.sdmp, j1zkOQTx4q.exe, 00000000.00000003.2881720930.00000000064A0000.00000004.00000020.00020000.00000000.sdmp, j1zkOQTx4q.exe, 00000000.00000003.2880002087.0000000006466000.00000004.00000020.00020000.00000000.sdmp, B0tQxZcgttPJWeb Data.0.dr, iYfCU4QVZjt3Web Data.0.dr, 4SpdqMeYgXg6Web Data.0.dr |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: D87fZN3R3jFeplaces.sqlite.0.dr |
String found in binary or memory: https://www.mozilla.org |
Source: D87fZN3R3jFeplaces.sqlite.0.dr |
String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2 |
Source: D87fZN3R3jFeplaces.sqlite.0.dr |
String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR |
Source: j1zkOQTx4q.exe, 00000000.00000002.2895460297.0000000006420000.00000004.00000020.00020000.00000000.sdmp, j1zkOQTx4q.exe, 00000000.00000002.2893328950.00000000017A6000.00000004.00000020.00020000.00000000.sdmp, j1zkOQTx4q.exe, 00000000.00000002.2893328950.0000000001727000.00000004.00000020.00020000.00000000.sdmp, Firefox_fqs92o4p.default-release.txt.0.dr |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ |
Source: j1zkOQTx4q.exe, 00000000.00000002.2893328950.0000000001727000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/;Q |
Source: j1zkOQTx4q.exe, 00000000.00000002.2895460297.000000000644B000.00000004.00000020.00020000.00000000.sdmp, 3b6N2Xdh3CYwplaces.sqlite.0.dr, D87fZN3R3jFeplaces.sqlite.0.dr |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox |
Source: D87fZN3R3jFeplaces.sqlite.0.dr |
String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
Source: j1zkOQTx4q.exe, 00000000.00000002.2895460297.0000000006420000.00000004.00000020.00020000.00000000.sdmp, j1zkOQTx4q.exe, 00000000.00000002.2893328950.00000000017A6000.00000004.00000020.00020000.00000000.sdmp, j1zkOQTx4q.exe, 00000000.00000002.2893328950.0000000001770000.00000004.00000020.00020000.00000000.sdmp, Firefox_fqs92o4p.default-release.txt.0.dr |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/ |
Source: j1zkOQTx4q.exe, 00000000.00000002.2895460297.000000000644B000.00000004.00000020.00020000.00000000.sdmp, 3b6N2Xdh3CYwplaces.sqlite.0.dr, D87fZN3R3jFeplaces.sqlite.0.dr |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www. |
Source: j1zkOQTx4q.exe, 00000000.00000002.2893328950.00000000017A6000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/tes_1; |
Source: j1zkOQTx4q.exe, 00000000.00000002.2893328950.0000000001770000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/txt |
Source: j1zkOQTx4q.exe, 00000000.00000002.2893126435.000000000152F000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://www.wireguard.com/ |
Source: j1zkOQTx4q.exe, 00000000.00000002.2893126435.000000000152F000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://www.wireguard.com/D |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: rstrtmgr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: d3d11.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: resourcepolicyclient.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: d3d10warp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: dxcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: devobj.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: vaultcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: j1zkOQTx4q.exe, 00000000.00000002.2893328950.0000000001720000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000& |
Source: j1zkOQTx4q.exe, 00000000.00000003.1690726517.0000000001787000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b};O |
Source: j1zkOQTx4q.exe, 00000000.00000003.1665895243.0000000001710000.00000004.00001000.00020000.00000000.sdmp, j1zkOQTx4q.exe, 00000000.00000003.1665980539.0000000001710000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: \SystemRoot\system32\ntkrnlp.exeSDT\VBOX__ |
Source: j1zkOQTx4q.exe, 00000000.00000002.2893328950.000000000177F000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: ?\#disk&ven_vmware&prouask#4&1656f219&0&0000f5-b6bf-11d0-94f2-00a08b |
Source: j1zkOQTx4q.exe, 00000000.00000003.1690726517.0000000001787000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} |
Source: j1zkOQTx4q.exe, 00000000.00000002.2893328950.00000000017A6000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAWQi |
Source: j1zkOQTx4q.exe, 00000000.00000002.2895460297.000000000645E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}xsegments_url_id |
Source: j1zkOQTx4q.exe, 00000000.00000002.2893328950.00000000017A6000.00000004.00000020.00020000.00000000.sdmp, j1zkOQTx4q.exe, 00000000.00000002.2893328950.0000000001770000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: j1zkOQTx4q.exe, 00000000.00000003.1666222697.0000000001710000.00000004.00001000.00020000.00000000.sdmp, j1zkOQTx4q.exe, 00000000.00000003.1666299396.0000000001710000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: \SystemRoot\system32\ntkrnlmp.exeSDT\VBOX__ |
Source: j1zkOQTx4q.exe, 00000000.00000002.2895460297.0000000006463000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&0000 |
Source: j1zkOQTx4q.exe, 00000000.00000003.1666141703.0000000001710000.00000004.00001000.00020000.00000000.sdmp, j1zkOQTx4q.exe, 00000000.00000003.1666375447.0000000001710000.00000004.00001000.00020000.00000000.sdmp, j1zkOQTx4q.exe, 00000000.00000003.1666065568.0000000001710000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: \SystemRoot\system32\ntkrnlm.exeSDT\VBOX__ |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENT |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig\CURRENT |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi\CURRENT |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj\CURRENT |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\places.sqlite |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao\CURRENT |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn\CURRENT |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi\CURRENT |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqlite |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENT |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_blnieiiffboillknjnepogjhkgnoapac_0.indexeddb.leveldb\CURRENT |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_cjelfplplebdjjenllpjcblmjkfcffne_0.indexeddb.leveldb\CURRENT |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj\CURRENT |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih\CURRENT |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENT |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln\CURRENT |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\signons.sqlite |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.json |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\blnieiiffboillknjnepogjhkgnoapac\CURRENT |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\formhistory.sqlite |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec\CURRENT |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec\CURRENT |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln\CURRENT |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac\CURRENT |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk\CURRENT |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\signons.sqlite |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\logins.json |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih\CURRENT |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENT |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai\CURRENT |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao\CURRENT |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENT |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig\CURRENT |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne\CURRENT |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai\CURRENT |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk\CURRENT |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kpfopkelmapcoipemfendmdcghnegimn\CURRENT |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENT |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\j1zkOQTx4q.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne\CURRENT |
Jump to behavior |