Source: calc.exe, 00000000.00000002.367540151.0000000003141000.00000004.00000001.sdmp |
String found in binary or memory: http://cdn.discordapp.com |
Source: calc.exe, 00000000.00000000.335045493.0000000007F04000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: calc.exe, 00000000.00000002.375768006.0000000007F8B000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.verisT |
Source: calc.exe, 00000000.00000002.372198113.0000000006E40000.00000004.00000001.sdmp |
String found in binary or memory: http://my.netscape.com/publish/formats/rss-0.91.dtd |
Source: calc.exe, 00000000.00000002.372198113.0000000006E40000.00000004.00000001.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/ |
Source: calc.exe, 00000000.00000002.367511473.0000000003128000.00000004.00000001.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: calc.exe, 00000000.00000002.372198113.0000000006E40000.00000004.00000001.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/wsdl/ |
Source: Amcache.hve.6.dr |
String found in binary or memory: http://upx.sf.net |
Source: calc.exe, 00000000.00000000.343254796.00000000030D1000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.d |
Source: calc.exe, 00000000.00000000.343254796.00000000030D1000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.di |
Source: calc.exe, 00000000.00000000.343254796.00000000030D1000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.dis |
Source: calc.exe, 00000000.00000000.343254796.00000000030D1000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.disc |
Source: calc.exe, 00000000.00000000.343254796.00000000030D1000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.disco |
Source: calc.exe, 00000000.00000000.343254796.00000000030D1000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discor |
Source: calc.exe, 00000000.00000000.343254796.00000000030D1000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discord |
Source: calc.exe, 00000000.00000000.343254796.00000000030D1000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discorda |
Source: calc.exe, 00000000.00000000.343254796.00000000030D1000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordap |
Source: calc.exe, 00000000.00000000.343254796.00000000030D1000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp |
Source: calc.exe, 00000000.00000000.343254796.00000000030D1000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp. |
Source: calc.exe, 00000000.00000000.343254796.00000000030D1000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.c |
Source: calc.exe, 00000000.00000000.343254796.00000000030D1000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.co |
Source: calc.exe, 00000000.00000000.343254796.00000000030D1000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com |
Source: calc.exe, 00000000.00000000.343254796.00000000030D1000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/ |
Source: calc.exe, 00000000.00000000.343254796.00000000030D1000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/a |
Source: calc.exe, 00000000.00000000.343254796.00000000030D1000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/at |
Source: calc.exe, 00000000.00000000.343254796.00000000030D1000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/att |
Source: calc.exe, 00000000.00000000.343254796.00000000030D1000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/atta |
Source: calc.exe, 00000000.00000000.343254796.00000000030D1000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attac |
Source: calc.exe, 00000000.00000000.343254796.00000000030D1000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attach |
Source: calc.exe, 00000000.00000000.343254796.00000000030D1000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachm |
Source: calc.exe, 00000000.00000000.343254796.00000000030D1000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachme |
Source: calc.exe, 00000000.00000000.343254796.00000000030D1000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachmen |
Source: calc.exe, 00000000.00000000.343254796.00000000030D1000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachment |
Source: calc.exe, 00000000.00000000.343254796.00000000030D1000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments |
Source: calc.exe, 00000000.00000000.343254796.00000000030D1000.00000004.00000001.sdmp, calc.exe, 00000000.00000000.342834254.000000000117B000.00000004.00000020.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/ |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/8 |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/89 |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897 |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/8972 |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/89722 |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897223 |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/8972237 |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/89722370 |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897223707 |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/8972237076 |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/89722370764 |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897223707649 |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/8972237076495 |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/89722370764951 |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897223707649515 |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/8972237076495156 |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/89722370764951560 |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897223707649515602 |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897223707649515602/ |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897223707649515602/8 |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897223707649515602/89 |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897223707649515602/897 |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897223707649515602/8972 |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897223707649515602/89722 |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897223707649515602/897228 |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897223707649515602/8972285 |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897223707649515602/89722859 |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897223707649515602/897228595 |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897223707649515602/8972285953 |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897223707649515602/89722859531 |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897223707649515602/897228595318 |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897223707649515602/8972285953181 |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897223707649515602/89722859531812 |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897223707649515602/897228595318124 |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897223707649515602/8972285953181245 |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897223707649515602/89722859531812455 |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897223707649515602/897228595318124554 |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897223707649515602/897228595318124554/ |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897223707649515602/897228595318124554/a |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897223707649515602/897228595318124554/as |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897223707649515602/897228595318124554/asc |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897223707649515602/897228595318124554/asci |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897223707649515602/897228595318124554/ascii |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897223707649515602/897228595318124554/ascii_ |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897223707649515602/897228595318124554/ascii_A |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897223707649515602/897228595318124554/ascii_AR |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897223707649515602/897228595318124554/ascii_ART |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897223707649515602/897228595318124554/ascii_ART. |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897223707649515602/897228595318124554/ascii_ART.t |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897223707649515602/897228595318124554/ascii_ART.tx |
Source: calc.exe, 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897223707649515602/897228595318124554/ascii_ART.txt |
Source: calc.exe, 00000000.00000002.374635326.00000000074B0000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897223707649515602/897228595318124554/ascii_ART.txtd |
Source: calc.exe, 00000000.00000002.374635326.00000000074B0000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897223707649515602/897228595318124554/ascii_ART.txteB |
Source: calc.exe, 00000000.00000000.343240898.0000000002FDE000.00000004.00000010.sdmp, calc.exe, 00000000.00000002.367511473.0000000003128000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897402450376536075/897465559711633408/8NMrqq.txt |
Source: calc.exe, 00000000.00000000.343254796.00000000030D1000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/897402450376536075/897465559711633408/8NMrqq.txtP |
Source: calc.exe, 00000000.00000002.367511473.0000000003128000.00000004.00000001.sdmp |
String found in binary or memory: https://cdn.discordapp.comhgb |
Source: calc.exe, type: SAMPLE |
Matched rule: SUSP_Encoded_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score = |
Source: 0.0.calc.exe.aa0000.1.unpack, type: UNPACKEDPE |
Matched rule: SUSP_Encoded_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score = |
Source: 0.0.calc.exe.aa0000.3.unpack, type: UNPACKEDPE |
Matched rule: SUSP_Encoded_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score = |
Source: 0.0.calc.exe.aa0000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_Encoded_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score = |
Source: 0.2.calc.exe.aa0000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_Encoded_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score = |
Source: 00000000.00000000.343240898.0000000002FDE000.00000004.00000010.sdmp, type: MEMORY |
Matched rule: SUSP_Encoded_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score = |
Source: 00000000.00000000.343254796.00000000030D1000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: SUSP_Encoded_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score = |
Source: 00000000.00000002.367609669.0000000003183000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: SUSP_Encoded_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score = |
Source: 00000000.00000000.329674852.0000000003183000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: SUSP_Encoded_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score = |
Source: 00000000.00000000.343824955.0000000005750000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: SUSP_Encoded_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score = |
Source: 00000000.00000000.305223353.0000000000AA2000.00000002.00020000.sdmp, type: MEMORY |
Matched rule: SUSP_Encoded_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score = |
Source: 00000000.00000002.367418794.00000000030D1000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: SUSP_Encoded_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score = |
Source: 00000000.00000000.342834254.000000000117B000.00000004.00000020.sdmp, type: MEMORY |
Matched rule: SUSP_Encoded_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score = |
Source: 00000000.00000002.366800750.000000000117B000.00000004.00000020.sdmp, type: MEMORY |
Matched rule: SUSP_Encoded_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score = |
Source: 00000000.00000000.329221190.000000000117B000.00000004.00000020.sdmp, type: MEMORY |
Matched rule: SUSP_Encoded_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score = |
Source: 00000000.00000002.366316265.0000000000AA2000.00000002.00020000.sdmp, type: MEMORY |
Matched rule: SUSP_Encoded_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score = |
Source: 00000000.00000002.368179872.0000000005750000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: SUSP_Encoded_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score = |
Source: 00000000.00000000.343377343.0000000003183000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: SUSP_Encoded_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score = |
Source: 00000000.00000002.367396933.0000000002FDE000.00000004.00000010.sdmp, type: MEMORY |
Matched rule: SUSP_Encoded_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score = |
Source: 00000000.00000000.339982172.0000000000AA2000.00000002.00020000.sdmp, type: MEMORY |
Matched rule: SUSP_Encoded_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score = |
Source: 00000000.00000000.330105874.0000000005750000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: SUSP_Encoded_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score = |
Source: 00000000.00000000.329031309.0000000000AA2000.00000002.00020000.sdmp, type: MEMORY |
Matched rule: SUSP_Encoded_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score = |
Source: 00000000.00000000.329564277.00000000030D1000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: SUSP_Encoded_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score = |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_06437EC8 |
0_2_06437EC8 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_0643A720 |
0_2_0643A720 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_0643BB50 |
0_2_0643BB50 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_064381E0 |
0_2_064381E0 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_06439988 |
0_2_06439988 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_06439EE0 |
0_2_06439EE0 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_06436EE9 |
0_2_06436EE9 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_06436EF8 |
0_2_06436EF8 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_064337D8 |
0_2_064337D8 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_064364D8 |
0_2_064364D8 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_064364E0 |
0_2_064364E0 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_0643BB4F |
0_2_0643BB4F |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_06438B99 |
0_2_06438B99 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_06438BA8 |
0_2_06438BA8 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_06432840 |
0_2_06432840 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_06431010 |
0_2_06431010 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_06431020 |
0_2_06431020 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_064328D8 |
0_2_064328D8 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_064328B0 |
0_2_064328B0 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_0643997A |
0_2_0643997A |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_064331F0 |
0_2_064331F0 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_07950DA8 |
0_2_07950DA8 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_0795DD78 |
0_2_0795DD78 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_07955CD0 |
0_2_07955CD0 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_0795AB58 |
0_2_0795AB58 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_079579A0 |
0_2_079579A0 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_07953938 |
0_2_07953938 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_0795BE58 |
0_2_0795BE58 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_07950D99 |
0_2_07950D99 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_0795AB48 |
0_2_0795AB48 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_07957990 |
0_2_07957990 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_07E60EF0 |
0_2_07E60EF0 |
Source: C:\Users\user\Desktop\calc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: Amcache.hve.6.dr |
Binary or memory string: VMware |
Source: Amcache.hve.6.dr |
Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000 |
Source: Amcache.hve.6.dr |
Binary or memory string: @scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000 |
Source: Amcache.hve.6.dr |
Binary or memory string: VMware Virtual USB Mouse |
Source: Amcache.hve.6.dr |
Binary or memory string: VMware, Inc. |
Source: Amcache.hve.6.dr |
Binary or memory string: VMware Virtual disk SCSI Disk Devicehbin |
Source: Amcache.hve.6.dr |
Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.6.dr |
Binary or memory string: VMware7,1 |
Source: Amcache.hve.6.dr |
Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.6.dr |
Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: Amcache.hve.6.dr |
Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW71.00V.13989454.B64.1906190538,BiosReleaseDate:06/19/2019,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware7,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: Amcache.hve.6.dr |
Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: Amcache.hve.6.dr |
Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.6.dr |
Binary or memory string: VMware, Inc.me |
Source: Amcache.hve.6.dr |
Binary or memory string: VMware-42 35 d8 20 48 cb c7 ff-aa 5e d0 37 a0 49 53 d7 |
Source: calc.exe, 00000000.00000002.374478680.00000000073F8000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll|y |
Source: Amcache.hve.6.dr |
Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000 |
Source: Amcache.hve.6.dr |
Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000 |