Windows Analysis Report
t9TtulOQal

Overview

General Information

Sample Name: t9TtulOQal (renamed file extension from none to exe)
Analysis ID: 612095
MD5: 0106f60704d6018b9b6bd639eefc9a0f
SHA1: 3bdec122251c1ca23bedf8d8a8c344142880ec47
SHA256: cf22ef8f6ac6d20fe2a863930cee6fac249deb610f378e5e6c77f177a6ea3dce
Tags: exe
Infos:

Detection

Xmrig
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected Xmrig cryptocurrency miner
Malicious sample detected (through community Yara rule)
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found strings related to Crypto-Mining
Contains functionality to registers a callback to get notified when the system is suspended or resumed (often done by Miners)
Machine Learning detection for sample
Machine Learning detection for dropped file
Drops executables to the windows directory (C:\Windows) and starts them
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Uses insecure TLS / SSL version for HTTPS connection
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Extensive use of GetProcAddress (often used to hide API calls)
Drops PE files
Uses a known web browser user agent for HTTP communication
Drops PE files to the windows directory (C:\Windows)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Detected TCP or UDP traffic on non-standard ports
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Found large amount of non-executed APIs
Sigma detected: Windows Suspicious Use Of Web Request in CommandLine

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: t9TtulOQal.exe Virustotal: Detection: 80% Perma Link
Source: t9TtulOQal.exe ReversingLabs: Detection: 85%
Antivirus / Scanner detection for submitted sample
Source: t9TtulOQal.exe Avira: detected
Antivirus detection for dropped file
Source: C:\Windows\System\DGHKyFn.exe Avira: detection malicious, Label: HEUR/AGEN.1215229
Source: C:\Windows\System\BUaaHVm.exe Avira: detection malicious, Label: HEUR/AGEN.1215229
Source: C:\Windows\System\BgzddBq.exe Avira: detection malicious, Label: HEUR/AGEN.1215229
Source: C:\Windows\System\ESsAvrN.exe Avira: detection malicious, Label: HEUR/AGEN.1215229
Source: C:\Windows\System\DNPJrAp.exe Avira: detection malicious, Label: HEUR/AGEN.1215229
Source: C:\Windows\System\DnqcwtK.exe Avira: detection malicious, Label: HEUR/AGEN.1215229
Machine Learning detection for sample
Source: t9TtulOQal.exe Joe Sandbox ML: detected
Machine Learning detection for dropped file
Source: C:\Windows\System\DGHKyFn.exe Joe Sandbox ML: detected
Source: C:\Windows\System\BUaaHVm.exe Joe Sandbox ML: detected
Source: C:\Windows\System\BgzddBq.exe Joe Sandbox ML: detected
Source: C:\Windows\System\ESsAvrN.exe Joe Sandbox ML: detected
Source: C:\Windows\System\DNPJrAp.exe Joe Sandbox ML: detected
Source: C:\Windows\System\DnqcwtK.exe Joe Sandbox ML: detected

Bitcoin Miner
barindex
Yara detected Xmrig cryptocurrency miner
Source: Yara match File source: 13.2.ESsAvrN.exe.7ff7655e0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.xfTIPLt.exe.7ff769430000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 4.2.EqjbEoF.exe.7ff77bde0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 25.2.muxfLeg.exe.7ff7a45c0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 6.2.SphOrRR.exe.7ff7d85e0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 24.2.eICKJjV.exe.7ff726c50000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 9.2.wzZdyFs.exe.7ff7b05a0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.2.uyinQiQ.exe.7ff620050000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 8.2.qNlhNvn.exe.7ff624290000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 26.2.JXaKkbf.exe.7ff6d4dc0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 10.2.jNieyqN.exe.7ff7721a0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 7.2.pFPFzsF.exe.7ff670c90000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000003.00000002.265827699.00007FF620051000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.275903963.00007FF670C91000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.268803687.00007FF77BDE1000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match File source: 00000009.00000002.280577827.00007FF7B05A1000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.271272173.00007FF769431000.00000040.00000001.01000000.00000006.sdmp, type: MEMORY
Source: Yara match File source: 00000027.00000002.391495548.00007FF78C711000.00000040.00000001.01000000.0000001F.sdmp, type: MEMORY
Source: Yara match File source: 00000029.00000002.395820235.00007FF690B41000.00000040.00000001.01000000.00000021.sdmp, type: MEMORY
Source: Yara match File source: 00000019.00000002.353325081.00007FF7A45C1000.00000040.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000002.277972732.00007FF624291000.00000040.00000001.01000000.00000009.sdmp, type: MEMORY
Source: Yara match File source: 0000001E.00000002.371111045.00007FF69AD41000.00000040.00000001.01000000.00000016.sdmp, type: MEMORY
Source: Yara match File source: 00000018.00000002.350031950.00007FF726C51000.00000040.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match File source: 00000021.00000002.378325882.00007FF7C3391000.00000040.00000001.01000000.00000019.sdmp, type: MEMORY
Source: Yara match File source: 00000022.00000002.380551881.00007FF762061000.00000040.00000001.01000000.0000001A.sdmp, type: MEMORY
Source: Yara match File source: 00000026.00000002.389318375.00007FF6E7BB1000.00000040.00000001.01000000.0000001E.sdmp, type: MEMORY
Source: Yara match File source: 00000020.00000002.375743834.00007FF6698C1000.00000040.00000001.01000000.00000018.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000002.282891481.00007FF7721A1000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match File source: 00000023.00000002.383336348.00007FF64B0A1000.00000040.00000001.01000000.0000001B.sdmp, type: MEMORY
Source: Yara match File source: 0000001B.00000002.358106918.00007FF7AC671000.00000040.00000001.01000000.00000013.sdmp, type: MEMORY
Source: Yara match File source: 0000001A.00000002.355821077.00007FF6D4DC1000.00000040.00000001.01000000.00000012.sdmp, type: MEMORY
Source: Yara match File source: 00000025.00000002.387092219.00007FF7D12A1000.00000040.00000001.01000000.0000001D.sdmp, type: MEMORY
Source: Yara match File source: 00000028.00000002.393674852.00007FF6F9A41000.00000040.00000001.01000000.00000020.sdmp, type: MEMORY
Source: Yara match File source: 0000001C.00000002.361036763.00007FF624C81000.00000040.00000001.01000000.00000014.sdmp, type: MEMORY
Source: Yara match File source: 0000000D.00000002.296851628.00007FF7655E1000.00000040.00000001.01000000.0000000C.sdmp, type: MEMORY
Source: Yara match File source: 0000001F.00000002.373519604.00007FF7DE0B1000.00000040.00000001.01000000.00000017.sdmp, type: MEMORY
Source: Yara match File source: 0000001D.00000002.363272090.00007FF7BD901000.00000040.00000001.01000000.00000015.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.273494599.00007FF7D85E1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.385221889.00007FF64DC51000.00000040.00000001.01000000.0000001C.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: uyinQiQ.exe PID: 4216, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: EqjbEoF.exe PID: 4900, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: xfTIPLt.exe PID: 4940, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: SphOrRR.exe PID: 3580, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: pFPFzsF.exe PID: 3032, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: qNlhNvn.exe PID: 6148, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: wzZdyFs.exe PID: 6164, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: jNieyqN.exe PID: 6188, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: ESsAvrN.exe PID: 6992, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: eICKJjV.exe PID: 1908, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: muxfLeg.exe PID: 3548, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: JXaKkbf.exe PID: 3388, type: MEMORYSTR
Found strings related to Crypto-Mining
Source: uyinQiQ.exe String found in binary or memory: stratum+tcp://
Source: uyinQiQ.exe String found in binary or memory: cryptonight/0
Source: uyinQiQ.exe String found in binary or memory: stratum+tcp://
Contains functionality to registers a callback to get notified when the system is suspended or resumed (often done by Miners)
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200BEBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError, 3_2_00007FF6200BEBF0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE4EBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError, 4_2_00007FF77BE4EBF0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76949EBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError, 5_2_00007FF76949EBF0
Source: C:\Windows\System\SphOrRR.exe Code function: 6_2_00007FF7D864EBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError, 6_2_00007FF7D864EBF0
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 185.199.111.133:443 -> 192.168.2.4:49747 version: TLS 1.0
Source: unknown HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.4:49750 version: TLS 1.0
Source: unknown HTTPS traffic detected: 185.199.108.154:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.199.108.154:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.4:49761 version: TLS 1.2
Source: t9TtulOQal.exe Static PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620164470 HeapFree,SetEndOfFile,FindFirstFileExW,GetOEMCP, 3_2_00007FF620164470
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620164478 RtlAllocateHeap,FindFirstFileExW,GetOEMCP, 3_2_00007FF620164478
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62011B6F8 _invalid_parameter_noinfo,RtlSizeHeap,RtlSizeHeap,FindFirstFileExW,GetOEMCP, 3_2_00007FF62011B6F8
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200DCA78 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,TerminateProcess,RtlInterlockedPushEntrySList,FindFirstFileExW,GetOEMCP, 3_2_00007FF6200DCA78
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE6CA78 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,TerminateProcess,RtlInterlockedPushEntrySList,FindFirstFileExW,GetOEMCP, 4_2_00007FF77BE6CA78
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BEF4478 RtlAllocateHeap,FindFirstFileExW,GetOEMCP, 4_2_00007FF77BEF4478
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BEF4470 HeapFree,SetEndOfFile,FindFirstFileExW,GetOEMCP, 4_2_00007FF77BEF4470
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BEAB6F8 _invalid_parameter_noinfo,RtlSizeHeap,RtlSizeHeap,FindFirstFileExW,GetOEMCP, 4_2_00007FF77BEAB6F8
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF7694BCA78 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,TerminateProcess,RtlInterlockedPushEntrySList,FindFirstFileExW,GetOEMCP, 5_2_00007FF7694BCA78
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769544478 RtlAllocateHeap,FindFirstFileExW,GetOEMCP, 5_2_00007FF769544478
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769544470 HeapFree,SetEndOfFile,FindFirstFileExW,GetOEMCP, 5_2_00007FF769544470
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF7694FB6F8 _invalid_parameter_noinfo,RtlSizeHeap,RtlSizeHeap,FindFirstFileExW,GetOEMCP, 5_2_00007FF7694FB6F8
Source: C:\Windows\System\SphOrRR.exe Code function: 6_2_00007FF7D866CA78 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,TerminateProcess,RtlInterlockedPushEntrySList,FindFirstFileExW,GetOEMCP, 6_2_00007FF7D866CA78
Source: C:\Windows\System\SphOrRR.exe Code function: 6_2_00007FF7D86F4478 RtlAllocateHeap,FindFirstFileExW,GetOEMCP, 6_2_00007FF7D86F4478
Source: C:\Windows\System\SphOrRR.exe Code function: 6_2_00007FF7D86F4470 HeapFree,SetEndOfFile,FindFirstFileExW,GetOEMCP, 6_2_00007FF7D86F4470
Source: C:\Windows\System\SphOrRR.exe Code function: 6_2_00007FF7D86AB6F8 _invalid_parameter_noinfo,RtlSizeHeap,RtlSizeHeap,FindFirstFileExW,GetOEMCP, 6_2_00007FF7D86AB6F8
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 185.199.111.133:443 -> 192.168.2.4:49747 version: TLS 1.0
Source: unknown HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.4:49750 version: TLS 1.0
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.17134.1Host: raw.githubusercontent.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.17134.1Host: github.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/light-92c7d381038e.css HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/dark-d4a90c367f0c.css HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/frameworks-6903f4471853.css HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/behaviors-76de0719b85a.css HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/github-5661da47685a.css HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /nplasterer?s=64&v=4 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: avatars.githubusercontent.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/site-c0607420942f.css HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /jasonetco?s=64&v=4 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: avatars.githubusercontent.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /joshaber?s=64&v=4 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: avatars.githubusercontent.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /ampinsk?s=64&v=4 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: avatars.githubusercontent.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/runtime-51fc180fd3a8.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/home-e461cf7ec7b7.css HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /sophshep?s=64&v=4 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: avatars.githubusercontent.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/environment-bec046a69997.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /pmarsceill?s=64&v=4 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: avatars.githubusercontent.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /tensorflow?s=64&v=4 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: avatars.githubusercontent.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/5329-98db7da29ab9.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/2486-d89868d3cb25.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /gatsbyjs?s=64&v=4 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: avatars.githubusercontent.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /home-assistant?s=64&v=4 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: avatars.githubusercontent.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/3706-a9e5e1421754.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /rust-lang?s=64&v=4 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: avatars.githubusercontent.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/github-elements-29d8293f1694.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /kubernetes?s=64&v=4 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: avatars.githubusercontent.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /apple?s=64&v=4 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: avatars.githubusercontent.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/element-registry-d86468692d21.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /ansible?s=64&v=4 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: avatars.githubusercontent.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/5724-640299416084.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /hashicorp?s=64&v=4 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: avatars.githubusercontent.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/5388-1dbf1debd575.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /ohmyzsh?s=64&v=4 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: avatars.githubusercontent.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/93-8fdb428884fb.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /flutter?s=64&v=4 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: avatars.githubusercontent.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/8932-24f1e0ea55c2.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/1717-85e1b724ca10.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /facebook?s=64&v=4 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: avatars.githubusercontent.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /npm?s=64&v=4 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: avatars.githubusercontent.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/8646-b11421a6cbd6.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/3682-e91f7f4f1ce8.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/3826-6af63b920599.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/3932-24b9e74cf858.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/5222-6b85a0658795.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/behaviors-b1bd0e37a9b4.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/7749-832f2a20ce72.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/notifications-global-28a2c6fa1139.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/home-b03d01c8df61.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/marketing-9af736bab4dd.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/3198-f068837ff3a6.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/webgl-globe-72040f00cce7.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/globe.jpg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/hero-glow.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/astro-mona.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/enterprise-city-w-logos.jpg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/repo-browser.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/icons/folder.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/icons/file.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/repo-editor-glow.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/repo-terminal-glow.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/pr-comment.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/pr-description.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/pr-merge.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/iphone-notch.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/logos/platform-apple.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/logos/platform-google.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/gh-desktop.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/logos/platform-windows.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/logos/platform-linux.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/codespaces-vscode-1.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/codespaces-vscode-2.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/codespaces-vscode-3.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/codespaces-glow.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/actions-autocomplete.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/actions-editor-actions.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/actions-editor-sidebar.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/actions-editor.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/logos/platform-arm.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/matrix-workflow-build.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/matrix-workflow-test-tab.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/matrix-workflow-test.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/matrix-workflow-publish-tab.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/matrix-workflow-spinner.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/matrix-workflow-success.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/matrix-workflow-publish.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/matrix-workflow-canvas.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/icons/actions-check.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/actions-spinner.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/dependabot-pr.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/dependabot-merge.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/codeql-step-3.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/codeql-step-2.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/codeql-step-1.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/codeql-description.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/secret-alert.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/secret-list.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/security-alert-fan.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/community-discussions-1.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/discussions-answered-check.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/discussions-check.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/community-discussions-2.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/community-readme-1.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/community-readme-2.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/icons/heart.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/community-sponsor-1.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/community-sponsor-2.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/icons/footer/twitter.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/footer-illustration.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/icons/footer/github-logo.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/icons/footer/facebook.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/icons/footer/youtube.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/icons/footer/linkedin.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/icons/footer/github-mark.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/pr-screen.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Detected TCP or UDP traffic on non-standard ports
Source: global traffic TCP traffic: 192.168.2.4:49740 -> 3.120.98.217:8080
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: unknown TCP traffic detected without corresponding DNS query: 3.120.98.217
Source: JXaKkbf.exe, 0000001A.00000002.355821077.00007FF6D4DC1000.00000040.00000001.01000000.00000012.sdmp String found in binary or memory: https://raw.githubusercontent.com/
Source: unknown DNS traffic detected: queries for: raw.githubusercontent.com
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200BC380 WSARecvFrom,WSAGetLastError, 3_2_00007FF6200BC380
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.17134.1Host: raw.githubusercontent.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.17134.1Host: github.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/light-92c7d381038e.css HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/dark-d4a90c367f0c.css HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/frameworks-6903f4471853.css HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/behaviors-76de0719b85a.css HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/github-5661da47685a.css HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /nplasterer?s=64&v=4 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: avatars.githubusercontent.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/site-c0607420942f.css HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /jasonetco?s=64&v=4 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: avatars.githubusercontent.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /joshaber?s=64&v=4 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: avatars.githubusercontent.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /ampinsk?s=64&v=4 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: avatars.githubusercontent.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/runtime-51fc180fd3a8.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/home-e461cf7ec7b7.css HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /sophshep?s=64&v=4 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: avatars.githubusercontent.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/environment-bec046a69997.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /pmarsceill?s=64&v=4 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: avatars.githubusercontent.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /tensorflow?s=64&v=4 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: avatars.githubusercontent.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/5329-98db7da29ab9.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/2486-d89868d3cb25.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /gatsbyjs?s=64&v=4 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: avatars.githubusercontent.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /home-assistant?s=64&v=4 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: avatars.githubusercontent.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/3706-a9e5e1421754.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /rust-lang?s=64&v=4 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: avatars.githubusercontent.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/github-elements-29d8293f1694.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /kubernetes?s=64&v=4 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: avatars.githubusercontent.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /apple?s=64&v=4 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: avatars.githubusercontent.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/element-registry-d86468692d21.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /ansible?s=64&v=4 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: avatars.githubusercontent.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/5724-640299416084.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /hashicorp?s=64&v=4 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: avatars.githubusercontent.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/5388-1dbf1debd575.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /ohmyzsh?s=64&v=4 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: avatars.githubusercontent.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/93-8fdb428884fb.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /flutter?s=64&v=4 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: avatars.githubusercontent.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/8932-24f1e0ea55c2.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/1717-85e1b724ca10.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /facebook?s=64&v=4 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: avatars.githubusercontent.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /npm?s=64&v=4 HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: avatars.githubusercontent.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/8646-b11421a6cbd6.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/3682-e91f7f4f1ce8.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/3826-6af63b920599.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/3932-24b9e74cf858.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/5222-6b85a0658795.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/behaviors-b1bd0e37a9b4.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/7749-832f2a20ce72.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/notifications-global-28a2c6fa1139.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/home-b03d01c8df61.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/marketing-9af736bab4dd.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/3198-f068837ff3a6.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/webgl-globe-72040f00cce7.js HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/globe.jpg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/hero-glow.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/astro-mona.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/enterprise-city-w-logos.jpg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/repo-browser.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/icons/folder.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/icons/file.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/repo-editor-glow.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/repo-terminal-glow.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/pr-comment.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/pr-description.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/pr-merge.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/iphone-notch.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/logos/platform-apple.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/logos/platform-google.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/gh-desktop.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/logos/platform-windows.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/logos/platform-linux.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/codespaces-vscode-1.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/codespaces-vscode-2.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/codespaces-vscode-3.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/codespaces-glow.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/actions-autocomplete.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/actions-editor-actions.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/actions-editor-sidebar.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/actions-editor.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/logos/platform-arm.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/matrix-workflow-build.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/matrix-workflow-test-tab.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/matrix-workflow-test.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/matrix-workflow-publish-tab.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/matrix-workflow-spinner.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/matrix-workflow-success.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/matrix-workflow-publish.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/matrix-workflow-canvas.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/icons/actions-check.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/actions-spinner.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/dependabot-pr.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/dependabot-merge.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/codeql-step-3.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/codeql-step-2.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/codeql-step-1.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/codeql-description.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/secret-alert.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/secret-list.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/security-alert-fan.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/community-discussions-1.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/discussions-answered-check.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/discussions-check.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/community-discussions-2.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/community-readme-1.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/community-readme-2.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/icons/heart.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/community-sponsor-1.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/community-sponsor-2.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/icons/footer/twitter.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/footer-illustration.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/icons/footer/github-logo.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/icons/footer/facebook.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/icons/footer/youtube.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/icons/footer/linkedin.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/icons/footer/github-mark.svg HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /images/modules/site/home/pr-screen.png HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: github.githubassets.comConnection: Keep-Alive
Source: unknown HTTPS traffic detected: 185.199.108.154:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.199.108.154:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.4:49761 version: TLS 1.2

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: 13.2.ESsAvrN.exe.7ff7655e0000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 5.2.xfTIPLt.exe.7ff769430000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 4.2.EqjbEoF.exe.7ff77bde0000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 25.2.muxfLeg.exe.7ff7a45c0000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 6.2.SphOrRR.exe.7ff7d85e0000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 24.2.eICKJjV.exe.7ff726c50000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 9.2.wzZdyFs.exe.7ff7b05a0000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 3.2.uyinQiQ.exe.7ff620050000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 8.2.qNlhNvn.exe.7ff624290000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 26.2.JXaKkbf.exe.7ff6d4dc0000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 10.2.jNieyqN.exe.7ff7721a0000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 7.2.pFPFzsF.exe.7ff670c90000.0.unpack, type: UNPACKEDPE Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Yara signature match
Source: 13.2.ESsAvrN.exe.7ff7655e0000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
Source: 5.2.xfTIPLt.exe.7ff769430000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
Source: 4.2.EqjbEoF.exe.7ff77bde0000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
Source: 25.2.muxfLeg.exe.7ff7a45c0000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
Source: 6.2.SphOrRR.exe.7ff7d85e0000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
Source: 24.2.eICKJjV.exe.7ff726c50000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
Source: 9.2.wzZdyFs.exe.7ff7b05a0000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
Source: 3.2.uyinQiQ.exe.7ff620050000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
Source: 8.2.qNlhNvn.exe.7ff624290000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
Source: 26.2.JXaKkbf.exe.7ff6d4dc0000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
Source: 10.2.jNieyqN.exe.7ff7721a0000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
Source: 7.2.pFPFzsF.exe.7ff670c90000.0.unpack, type: UNPACKEDPE Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
Source: 00000003.00000002.265827699.00007FF620051000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
Source: 00000007.00000002.275903963.00007FF670C91000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
Source: 00000004.00000002.268803687.00007FF77BDE1000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
Source: 00000009.00000002.280577827.00007FF7B05A1000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
Source: 00000005.00000002.271272173.00007FF769431000.00000040.00000001.01000000.00000006.sdmp, type: MEMORY Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
Source: 00000027.00000002.391495548.00007FF78C711000.00000040.00000001.01000000.0000001F.sdmp, type: MEMORY Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
Source: 00000029.00000002.395820235.00007FF690B41000.00000040.00000001.01000000.00000021.sdmp, type: MEMORY Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
Source: 00000019.00000002.353325081.00007FF7A45C1000.00000040.00000001.01000000.00000011.sdmp, type: MEMORY Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
Source: 00000008.00000002.277972732.00007FF624291000.00000040.00000001.01000000.00000009.sdmp, type: MEMORY Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
Source: 0000001E.00000002.371111045.00007FF69AD41000.00000040.00000001.01000000.00000016.sdmp, type: MEMORY Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
Source: 00000018.00000002.350031950.00007FF726C51000.00000040.00000001.01000000.00000010.sdmp, type: MEMORY Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
Source: 00000021.00000002.378325882.00007FF7C3391000.00000040.00000001.01000000.00000019.sdmp, type: MEMORY Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
Source: 00000022.00000002.380551881.00007FF762061000.00000040.00000001.01000000.0000001A.sdmp, type: MEMORY Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
Source: 00000026.00000002.389318375.00007FF6E7BB1000.00000040.00000001.01000000.0000001E.sdmp, type: MEMORY Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
Source: 00000020.00000002.375743834.00007FF6698C1000.00000040.00000001.01000000.00000018.sdmp, type: MEMORY Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
Source: 0000000A.00000002.282891481.00007FF7721A1000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
Source: 00000023.00000002.383336348.00007FF64B0A1000.00000040.00000001.01000000.0000001B.sdmp, type: MEMORY Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
Source: 0000001B.00000002.358106918.00007FF7AC671000.00000040.00000001.01000000.00000013.sdmp, type: MEMORY Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
Source: 0000001A.00000002.355821077.00007FF6D4DC1000.00000040.00000001.01000000.00000012.sdmp, type: MEMORY Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
Source: 00000025.00000002.387092219.00007FF7D12A1000.00000040.00000001.01000000.0000001D.sdmp, type: MEMORY Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
Source: 00000028.00000002.393674852.00007FF6F9A41000.00000040.00000001.01000000.00000020.sdmp, type: MEMORY Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
Source: 0000001C.00000002.361036763.00007FF624C81000.00000040.00000001.01000000.00000014.sdmp, type: MEMORY Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
Source: 0000000D.00000002.296851628.00007FF7655E1000.00000040.00000001.01000000.0000000C.sdmp, type: MEMORY Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
Source: 0000001F.00000002.373519604.00007FF7DE0B1000.00000040.00000001.01000000.00000017.sdmp, type: MEMORY Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
Source: 0000001D.00000002.363272090.00007FF7BD901000.00000040.00000001.01000000.00000015.sdmp, type: MEMORY Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
Source: 00000006.00000002.273494599.00007FF7D85E1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
Source: 00000024.00000002.385221889.00007FF64DC51000.00000040.00000001.01000000.0000001C.sdmp, type: MEMORY Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
Source: Process Memory Space: uyinQiQ.exe PID: 4216, type: MEMORYSTR Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
Source: Process Memory Space: EqjbEoF.exe PID: 4900, type: MEMORYSTR Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
Source: Process Memory Space: xfTIPLt.exe PID: 4940, type: MEMORYSTR Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
Source: Process Memory Space: SphOrRR.exe PID: 3580, type: MEMORYSTR Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
Source: Process Memory Space: pFPFzsF.exe PID: 3032, type: MEMORYSTR Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
Source: Process Memory Space: qNlhNvn.exe PID: 6148, type: MEMORYSTR Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
Source: Process Memory Space: wzZdyFs.exe PID: 6164, type: MEMORYSTR Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
Source: Process Memory Space: jNieyqN.exe PID: 6188, type: MEMORYSTR Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
Source: Process Memory Space: ESsAvrN.exe PID: 6992, type: MEMORYSTR Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
Source: Process Memory Space: eICKJjV.exe PID: 1908, type: MEMORYSTR Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
Source: Process Memory Space: muxfLeg.exe PID: 3548, type: MEMORYSTR Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
Source: Process Memory Space: JXaKkbf.exe PID: 3388, type: MEMORYSTR Matched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26, nodeepdive =
Creates files inside the system directory
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\uyinQiQ.exe Jump to behavior
Detected potential crypto function
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620099160 3_2_00007FF620099160
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200B3165 3_2_00007FF6200B3165
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6201141F8 3_2_00007FF6201141F8
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620080230 3_2_00007FF620080230
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62014C200 3_2_00007FF62014C200
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620145210 3_2_00007FF620145210
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62015C210 3_2_00007FF62015C210
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620089250 3_2_00007FF620089250
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62015E270 3_2_00007FF62015E270
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200AB260 3_2_00007FF6200AB260
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620069260 3_2_00007FF620069260
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62014B2B0 3_2_00007FF62014B2B0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200AF2B0 3_2_00007FF6200AF2B0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620150280 3_2_00007FF620150280
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620157290 3_2_00007FF620157290
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200932C0 3_2_00007FF6200932C0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200592E0 3_2_00007FF6200592E0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620072310 3_2_00007FF620072310
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620057350 3_2_00007FF620057350
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200AA370 3_2_00007FF6200AA370
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620156340 3_2_00007FF620156340
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200AD360 3_2_00007FF6200AD360
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620076360 3_2_00007FF620076360
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200973A0 3_2_00007FF6200973A0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620119388 3_2_00007FF620119388
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62009F3F0 3_2_00007FF62009F3F0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62006B3F0 3_2_00007FF62006B3F0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62015F3C0 3_2_00007FF62015F3C0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200CA410 3_2_00007FF6200CA410
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620074410 3_2_00007FF620074410
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620071420 3_2_00007FF620071420
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62006A450 3_2_00007FF62006A450
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620070460 3_2_00007FF620070460
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62014A4A0 3_2_00007FF62014A4A0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200874B0 3_2_00007FF6200874B0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620143490 3_2_00007FF620143490
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62008F4D0 3_2_00007FF62008F4D0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200B34B4 3_2_00007FF6200B34B4
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62013D4D0 3_2_00007FF62013D4D0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620155520 3_2_00007FF620155520
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62014E520 3_2_00007FF62014E520
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620081500 3_2_00007FF620081500
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620093550 3_2_00007FF620093550
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200A3550 3_2_00007FF6200A3550
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620079540 3_2_00007FF620079540
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200AC570 3_2_00007FF6200AC570
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620149550 3_2_00007FF620149550
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200A4580 3_2_00007FF6200A4580
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6201545D0 3_2_00007FF6201545D0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620083610 3_2_00007FF620083610
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200BC600 3_2_00007FF6200BC600
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620080630 3_2_00007FF620080630
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620073620 3_2_00007FF620073620
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200A0660 3_2_00007FF6200A0660
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62009C680 3_2_00007FF62009C680
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200AA6D0 3_2_00007FF6200AA6D0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62006E700 3_2_00007FF62006E700
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620148730 3_2_00007FF620148730
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62007B730 3_2_00007FF62007B730
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62008C720 3_2_00007FF62008C720
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620094740 3_2_00007FF620094740
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62006D740 3_2_00007FF62006D740
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620084740 3_2_00007FF620084740
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620090770 3_2_00007FF620090770
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620143740 3_2_00007FF620143740
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62006C770 3_2_00007FF62006C770
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62009E760 3_2_00007FF62009E760
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62009B790 3_2_00007FF62009B790
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620071780 3_2_00007FF620071780
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62014C7B0 3_2_00007FF62014C7B0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62009A7B0 3_2_00007FF62009A7B0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620153780 3_2_00007FF620153780
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200D07D0 3_2_00007FF6200D07D0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6201477E0 3_2_00007FF6201477E0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200697E0 3_2_00007FF6200697E0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62007A810 3_2_00007FF62007A810
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620152830 3_2_00007FF620152830
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62008B830 3_2_00007FF62008B830
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62008E820 3_2_00007FF62008E820
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62008A870 3_2_00007FF62008A870
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620157840 3_2_00007FF620157840
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62007D860 3_2_00007FF62007D860
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62015F910 3_2_00007FF62015F910
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62006A960 3_2_00007FF62006A960
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62009D980 3_2_00007FF62009D980
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62006C980 3_2_00007FF62006C980
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200959C0 3_2_00007FF6200959C0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200A69C0 3_2_00007FF6200A69C0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6201439F0 3_2_00007FF6201439F0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6201469C0 3_2_00007FF6201469C0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620151A30 3_2_00007FF620151A30
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62008DA30 3_2_00007FF62008DA30
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620098A20 3_2_00007FF620098A20
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620097A40 3_2_00007FF620097A40
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620145A70 3_2_00007FF620145A70
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62006BA40 3_2_00007FF62006BA40
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62015CA70 3_2_00007FF62015CA70
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620078A70 3_2_00007FF620078A70
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620096A60 3_2_00007FF620096A60
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62014AA50 3_2_00007FF62014AA50
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200D0A90 3_2_00007FF6200D0A90
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620093AD0 3_2_00007FF620093AD0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620155AE0 3_2_00007FF620155AE0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620150AE0 3_2_00007FF620150AE0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620082AC0 3_2_00007FF620082AC0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62009BAF0 3_2_00007FF62009BAF0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620088B10 3_2_00007FF620088B10
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62011CB2C 3_2_00007FF62011CB2C
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620087B50 3_2_00007FF620087B50
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62008BB90 3_2_00007FF62008BB90
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62006FB80 3_2_00007FF62006FB80
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620086B80 3_2_00007FF620086B80
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200AABA0 3_2_00007FF6200AABA0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200ABBD0 3_2_00007FF6200ABBD0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200CABD0 3_2_00007FF6200CABD0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200BFBF0 3_2_00007FF6200BFBF0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620134BC0 3_2_00007FF620134BC0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620069BE0 3_2_00007FF620069BE0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200A3C10 3_2_00007FF6200A3C10
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620119C20 3_2_00007FF620119C20
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620094C50 3_2_00007FF620094C50
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620071C50 3_2_00007FF620071C50
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620080C40 3_2_00007FF620080C40
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620096C70 3_2_00007FF620096C70
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200C9C70 3_2_00007FF6200C9C70
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200A7C60 3_2_00007FF6200A7C60
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620144C50 3_2_00007FF620144C50
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620143CA0 3_2_00007FF620143CA0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620072C80 3_2_00007FF620072C80
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620148CF0 3_2_00007FF620148CF0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620068CF0 3_2_00007FF620068CF0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62014FCD0 3_2_00007FF62014FCD0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200A5D10 3_2_00007FF6200A5D10
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62006CD10 3_2_00007FF62006CD10
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62006DD10 3_2_00007FF62006DD10
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620129D30 3_2_00007FF620129D30
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62010AD30 3_2_00007FF62010AD30
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620095D30 3_2_00007FF620095D30
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200A2D20 3_2_00007FF6200A2D20
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62012BD10 3_2_00007FF62012BD10
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620153D60 3_2_00007FF620153D60
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200C6D60 3_2_00007FF6200C6D60
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620086D90 3_2_00007FF620086D90
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62014ED80 3_2_00007FF62014ED80
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620081DA0 3_2_00007FF620081DA0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200FFDEC 3_2_00007FF6200FFDEC
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620121E04 3_2_00007FF620121E04
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62006EE40 3_2_00007FF62006EE40
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620079E70 3_2_00007FF620079E70
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200C2E83 3_2_00007FF6200C2E83
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620099EB0 3_2_00007FF620099EB0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620078EB0 3_2_00007FF620078EB0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620093ED0 3_2_00007FF620093ED0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200A4F20 3_2_00007FF6200A4F20
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62014DF60 3_2_00007FF62014DF60
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620089F90 3_2_00007FF620089F90
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620052F80 3_2_00007FF620052F80
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620146F80 3_2_00007FF620146F80
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620106FA4 3_2_00007FF620106FA4
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620068FD0 3_2_00007FF620068FD0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62009BFC0 3_2_00007FF62009BFC0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620151FF0 3_2_00007FF620151FF0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620158FF0 3_2_00007FF620158FF0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62009CFF0 3_2_00007FF62009CFF0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620092FE0 3_2_00007FF620092FE0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200AE010 3_2_00007FF6200AE010
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620097010 3_2_00007FF620097010
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620098020 3_2_00007FF620098020
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62014D010 3_2_00007FF62014D010
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62008C060 3_2_00007FF62008C060
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62008D090 3_2_00007FF62008D090
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6201580A0 3_2_00007FF6201580A0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200A3080 3_2_00007FF6200A3080
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62006D0A0 3_2_00007FF62006D0A0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62013D0F0 3_2_00007FF62013D0F0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200750C0 3_2_00007FF6200750C0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200570F0 3_2_00007FF6200570F0
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620087120 3_2_00007FF620087120
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620088120 3_2_00007FF620088120
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BEBBD10 4_2_00007FF77BEBBD10
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE35D10 4_2_00007FF77BE35D10
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BDFCD10 4_2_00007FF77BDFCD10
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BDFDD10 4_2_00007FF77BDFDD10
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BED8CF0 4_2_00007FF77BED8CF0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BDF8CF0 4_2_00007FF77BDF8CF0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BEDFCD0 4_2_00007FF77BEDFCD0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BED3CA0 4_2_00007FF77BED3CA0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE02C80 4_2_00007FF77BE02C80
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE26C70 4_2_00007FF77BE26C70
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE59C70 4_2_00007FF77BE59C70
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE37C60 4_2_00007FF77BE37C60
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BED4C50 4_2_00007FF77BED4C50
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE24C50 4_2_00007FF77BE24C50
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE01C50 4_2_00007FF77BE01C50
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE10C40 4_2_00007FF77BE10C40
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE33C10 4_2_00007FF77BE33C10
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BDF9BE0 4_2_00007FF77BDF9BE0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE4FBF0 4_2_00007FF77BE4FBF0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE3BBD0 4_2_00007FF77BE3BBD0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE5ABD0 4_2_00007FF77BE5ABD0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BEC4BC0 4_2_00007FF77BEC4BC0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE3ABA0 4_2_00007FF77BE3ABA0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BDFFB80 4_2_00007FF77BDFFB80
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE1BB90 4_2_00007FF77BE1BB90
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE16B80 4_2_00007FF77BE16B80
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE17B50 4_2_00007FF77BE17B50
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE18B10 4_2_00007FF77BE18B10
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE2BAF0 4_2_00007FF77BE2BAF0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BEE5AE0 4_2_00007FF77BEE5AE0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BEE0AE0 4_2_00007FF77BEE0AE0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE23AD0 4_2_00007FF77BE23AD0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE12AC0 4_2_00007FF77BE12AC0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE60A90 4_2_00007FF77BE60A90
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BED5A70 4_2_00007FF77BED5A70
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BEECA70 4_2_00007FF77BEECA70
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE08A70 4_2_00007FF77BE08A70
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE26A60 4_2_00007FF77BE26A60
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BEDAA50 4_2_00007FF77BEDAA50
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BDFBA40 4_2_00007FF77BDFBA40
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE27A40 4_2_00007FF77BE27A40
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BEE1A30 4_2_00007FF77BEE1A30
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE1DA30 4_2_00007FF77BE1DA30
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE28A20 4_2_00007FF77BE28A20
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BED39F0 4_2_00007FF77BED39F0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BED69C0 4_2_00007FF77BED69C0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE259C0 4_2_00007FF77BE259C0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE369C0 4_2_00007FF77BE369C0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BDFC980 4_2_00007FF77BDFC980
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE2D980 4_2_00007FF77BE2D980
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BDFA960 4_2_00007FF77BDFA960
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BECD0F0 4_2_00007FF77BECD0F0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BDE70F0 4_2_00007FF77BDE70F0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE050C0 4_2_00007FF77BE050C0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BDFD0A0 4_2_00007FF77BDFD0A0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BEE80A0 4_2_00007FF77BEE80A0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE1D090 4_2_00007FF77BE1D090
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE33080 4_2_00007FF77BE33080
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE1C060 4_2_00007FF77BE1C060
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE28020 4_2_00007FF77BE28020
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BEDD010 4_2_00007FF77BEDD010
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE27010 4_2_00007FF77BE27010
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE3E010 4_2_00007FF77BE3E010
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BEE1FF0 4_2_00007FF77BEE1FF0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BEE8FF0 4_2_00007FF77BEE8FF0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE2CFF0 4_2_00007FF77BE2CFF0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE22FE0 4_2_00007FF77BE22FE0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BDF8FD0 4_2_00007FF77BDF8FD0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE2BFC0 4_2_00007FF77BE2BFC0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BDE2F80 4_2_00007FF77BDE2F80
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE19F90 4_2_00007FF77BE19F90
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BED6F80 4_2_00007FF77BED6F80
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BEDDF60 4_2_00007FF77BEDDF60
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE34F20 4_2_00007FF77BE34F20
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE23ED0 4_2_00007FF77BE23ED0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE08EB0 4_2_00007FF77BE08EB0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE29EB0 4_2_00007FF77BE29EB0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE52E83 4_2_00007FF77BE52E83
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE09E70 4_2_00007FF77BE09E70
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BDFEE40 4_2_00007FF77BDFEE40
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE11DA0 4_2_00007FF77BE11DA0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE16D90 4_2_00007FF77BE16D90
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BEDED80 4_2_00007FF77BEDED80
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BEE3D60 4_2_00007FF77BEE3D60
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE56D60 4_2_00007FF77BE56D60
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BEB9D30 4_2_00007FF77BEB9D30
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE25D30 4_2_00007FF77BE25D30
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE32D20 4_2_00007FF77BE32D20
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE11500 4_2_00007FF77BE11500
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE434B4 4_2_00007FF77BE434B4
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BECD4D0 4_2_00007FF77BECD4D0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE1F4D0 4_2_00007FF77BE1F4D0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE174B0 4_2_00007FF77BE174B0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BEDA4A0 4_2_00007FF77BEDA4A0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BED3490 4_2_00007FF77BED3490
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE00460 4_2_00007FF77BE00460
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BDFA450 4_2_00007FF77BDFA450
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE01420 4_2_00007FF77BE01420
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE5A410 4_2_00007FF77BE5A410
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE04410 4_2_00007FF77BE04410
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE2F3F0 4_2_00007FF77BE2F3F0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BDFB3F0 4_2_00007FF77BDFB3F0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BEEF3C0 4_2_00007FF77BEEF3C0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE273A0 4_2_00007FF77BE273A0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE06360 4_2_00007FF77BE06360
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE3A370 4_2_00007FF77BE3A370
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE3D360 4_2_00007FF77BE3D360
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BDE7350 4_2_00007FF77BDE7350
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BEE6340 4_2_00007FF77BEE6340
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE02310 4_2_00007FF77BE02310
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BDE92E0 4_2_00007FF77BDE92E0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE232C0 4_2_00007FF77BE232C0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BEDB2B0 4_2_00007FF77BEDB2B0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE3F2B0 4_2_00007FF77BE3F2B0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BEE7290 4_2_00007FF77BEE7290
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BEE0280 4_2_00007FF77BEE0280
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BDF9260 4_2_00007FF77BDF9260
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BEEE270 4_2_00007FF77BEEE270
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE3B260 4_2_00007FF77BE3B260
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE19250 4_2_00007FF77BE19250
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE10230 4_2_00007FF77BE10230
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BED5210 4_2_00007FF77BED5210
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BEEC210 4_2_00007FF77BEEC210
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BEDC200 4_2_00007FF77BEDC200
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BEA41F8 4_2_00007FF77BEA41F8
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE29160 4_2_00007FF77BE29160
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE43165 4_2_00007FF77BE43165
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE18120 4_2_00007FF77BE18120
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE17120 4_2_00007FF77BE17120
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BEEF910 4_2_00007FF77BEEF910
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE1A870 4_2_00007FF77BE1A870
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE0D860 4_2_00007FF77BE0D860
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BEE7840 4_2_00007FF77BEE7840
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BEE2830 4_2_00007FF77BEE2830
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE1B830 4_2_00007FF77BE1B830
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE1E820 4_2_00007FF77BE1E820
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE0A810 4_2_00007FF77BE0A810
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BDF97E0 4_2_00007FF77BDF97E0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BED77E0 4_2_00007FF77BED77E0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE607D0 4_2_00007FF77BE607D0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BEDC7B0 4_2_00007FF77BEDC7B0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE2A7B0 4_2_00007FF77BE2A7B0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE01780 4_2_00007FF77BE01780
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE2B790 4_2_00007FF77BE2B790
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BEE3780 4_2_00007FF77BEE3780
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE20770 4_2_00007FF77BE20770
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BDFC770 4_2_00007FF77BDFC770
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE2E760 4_2_00007FF77BE2E760
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BDFD740 4_2_00007FF77BDFD740
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BED3740 4_2_00007FF77BED3740
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE24740 4_2_00007FF77BE24740
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE14740 4_2_00007FF77BE14740
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BED8730 4_2_00007FF77BED8730
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE0B730 4_2_00007FF77BE0B730
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE1C720 4_2_00007FF77BE1C720
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BDFE700 4_2_00007FF77BDFE700
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE3A6D0 4_2_00007FF77BE3A6D0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE2C680 4_2_00007FF77BE2C680
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE30660 4_2_00007FF77BE30660
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE03620 4_2_00007FF77BE03620
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE10630 4_2_00007FF77BE10630
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE13610 4_2_00007FF77BE13610
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE4C600 4_2_00007FF77BE4C600
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BEE45D0 4_2_00007FF77BEE45D0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE34580 4_2_00007FF77BE34580
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE3C570 4_2_00007FF77BE3C570
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BED9550 4_2_00007FF77BED9550
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE23550 4_2_00007FF77BE23550
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE33550 4_2_00007FF77BE33550
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE09540 4_2_00007FF77BE09540
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BEE5520 4_2_00007FF77BEE5520
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BEDE520 4_2_00007FF77BEDE520
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769458A70 5_2_00007FF769458A70
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769476A60 5_2_00007FF769476A60
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF7694B0A90 5_2_00007FF7694B0A90
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769525A70 5_2_00007FF769525A70
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76953CA70 5_2_00007FF76953CA70
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76946DA30 5_2_00007FF76946DA30
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76952AA50 5_2_00007FF76952AA50
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769478A20 5_2_00007FF769478A20
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769531A30 5_2_00007FF769531A30
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76944BA40 5_2_00007FF76944BA40
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769477A40 5_2_00007FF769477A40
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76947BAF0 5_2_00007FF76947BAF0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769535AE0 5_2_00007FF769535AE0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769530AE0 5_2_00007FF769530AE0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769468B10 5_2_00007FF769468B10
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769473AD0 5_2_00007FF769473AD0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769462AC0 5_2_00007FF769462AC0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76944A960 5_2_00007FF76944A960
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76944C980 5_2_00007FF76944C980
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76947D980 5_2_00007FF76947D980
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF7695239F0 5_2_00007FF7695239F0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF7695269C0 5_2_00007FF7695269C0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF7694869C0 5_2_00007FF7694869C0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF7694759C0 5_2_00007FF7694759C0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF7694A9C70 5_2_00007FF7694A9C70
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769476C70 5_2_00007FF769476C70
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769487C60 5_2_00007FF769487C60
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769452C80 5_2_00007FF769452C80
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF7694F9C20 5_2_00007FF7694F9C20
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769524C50 5_2_00007FF769524C50
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769451C50 5_2_00007FF769451C50
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769474C50 5_2_00007FF769474C50
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769460C40 5_2_00007FF769460C40
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769448CF0 5_2_00007FF769448CF0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76950BD10 5_2_00007FF76950BD10
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76944CD10 5_2_00007FF76944CD10
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76944DD10 5_2_00007FF76944DD10
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769485D10 5_2_00007FF769485D10
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769528CF0 5_2_00007FF769528CF0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76952FCD0 5_2_00007FF76952FCD0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769523CA0 5_2_00007FF769523CA0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76946BB90 5_2_00007FF76946BB90
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769466B80 5_2_00007FF769466B80
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76944FB80 5_2_00007FF76944FB80
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF7694FCB2C 5_2_00007FF7694FCB2C
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769467B50 5_2_00007FF769467B50
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76949FBF0 5_2_00007FF76949FBF0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769449BE0 5_2_00007FF769449BE0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769483C10 5_2_00007FF769483C10
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769514BC0 5_2_00007FF769514BC0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76948ABA0 5_2_00007FF76948ABA0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76948BBD0 5_2_00007FF76948BBD0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF7694AABD0 5_2_00007FF7694AABD0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769459E70 5_2_00007FF769459E70
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF7694A2E83 5_2_00007FF7694A2E83
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76944EE40 5_2_00007FF76944EE40
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769458EB0 5_2_00007FF769458EB0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769479EB0 5_2_00007FF769479EB0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769473ED0 5_2_00007FF769473ED0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76952ED80 5_2_00007FF76952ED80
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF7694A6D60 5_2_00007FF7694A6D60
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769533D60 5_2_00007FF769533D60
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769466D90 5_2_00007FF769466D90
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF7694EAD30 5_2_00007FF7694EAD30
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769475D30 5_2_00007FF769475D30
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769482D20 5_2_00007FF769482D20
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769509D30 5_2_00007FF769509D30
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF7694DFDEC 5_2_00007FF7694DFDEC
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769501E04 5_2_00007FF769501E04
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769461DA0 5_2_00007FF769461DA0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76946C060 5_2_00007FF76946C060
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76946D090 5_2_00007FF76946D090
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769483080 5_2_00007FF769483080
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769478020 5_2_00007FF769478020
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF7694370F0 5_2_00007FF7694370F0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76951D0F0 5_2_00007FF76951D0F0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76944D0A0 5_2_00007FF76944D0A0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF7695380A0 5_2_00007FF7695380A0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF7694550C0 5_2_00007FF7694550C0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769526F80 5_2_00007FF769526F80
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76952DF60 5_2_00007FF76952DF60
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769469F90 5_2_00007FF769469F90
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769432F80 5_2_00007FF769432F80
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769484F20 5_2_00007FF769484F20
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76947CFF0 5_2_00007FF76947CFF0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76952D010 5_2_00007FF76952D010
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769472FE0 5_2_00007FF769472FE0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76948E010 5_2_00007FF76948E010
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769477010 5_2_00007FF769477010
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769538FF0 5_2_00007FF769538FF0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769531FF0 5_2_00007FF769531FF0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF7694E6FA4 5_2_00007FF7694E6FA4
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769448FD0 5_2_00007FF769448FD0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76947BFC0 5_2_00007FF76947BFC0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769530280 5_2_00007FF769530280
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76948B260 5_2_00007FF76948B260
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769537290 5_2_00007FF769537290
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769449260 5_2_00007FF769449260
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76953E270 5_2_00007FF76953E270
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769460230 5_2_00007FF769460230
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769469250 5_2_00007FF769469250
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF7694392E0 5_2_00007FF7694392E0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769452310 5_2_00007FF769452310
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76948F2B0 5_2_00007FF76948F2B0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76952B2B0 5_2_00007FF76952B2B0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF7694732C0 5_2_00007FF7694732C0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769493165 5_2_00007FF769493165
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769479160 5_2_00007FF769479160
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769467120 5_2_00007FF769467120
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769468120 5_2_00007FF769468120
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76952C200 5_2_00007FF76952C200
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769525210 5_2_00007FF769525210
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76953C210 5_2_00007FF76953C210
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF7694F41F8 5_2_00007FF7694F41F8
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769523490 5_2_00007FF769523490
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769450460 5_2_00007FF769450460
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769451420 5_2_00007FF769451420
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76944A450 5_2_00007FF76944A450
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF7694934B4 5_2_00007FF7694934B4
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769461500 5_2_00007FF769461500
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF7694674B0 5_2_00007FF7694674B0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76951D4D0 5_2_00007FF76951D4D0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76952A4A0 5_2_00007FF76952A4A0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76946F4D0 5_2_00007FF76946F4D0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76948A370 5_2_00007FF76948A370
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76948D360 5_2_00007FF76948D360
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769456360 5_2_00007FF769456360
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF7694F9388 5_2_00007FF7694F9388
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769536340 5_2_00007FF769536340
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769437350 5_2_00007FF769437350
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76944B3F0 5_2_00007FF76944B3F0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76947F3F0 5_2_00007FF76947F3F0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF7694AA410 5_2_00007FF7694AA410
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769454410 5_2_00007FF769454410
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76953F3C0 5_2_00007FF76953F3C0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF7694773A0 5_2_00007FF7694773A0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769480660 5_2_00007FF769480660
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76947C680 5_2_00007FF76947C680
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769460630 5_2_00007FF769460630
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769453620 5_2_00007FF769453620
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76944E700 5_2_00007FF76944E700
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76948A6D0 5_2_00007FF76948A6D0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76948C570 5_2_00007FF76948C570
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769484580 5_2_00007FF769484580
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769529550 5_2_00007FF769529550
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769535520 5_2_00007FF769535520
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF76952E520 5_2_00007FF76952E520
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769483550 5_2_00007FF769483550
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769473550 5_2_00007FF769473550
Found potential string decryption / allocating functions
Source: C:\Windows\System\EqjbEoF.exe Code function: String function: 00007FF77BDE5070 appears 91 times
Source: C:\Windows\System\EqjbEoF.exe Code function: String function: 00007FF77BE4EE80 appears 44 times
Source: C:\Windows\System\EqjbEoF.exe Code function: String function: 00007FF77BE92AD0 appears 31 times
Source: C:\Windows\System\xfTIPLt.exe Code function: String function: 00007FF769435070 appears 91 times
Source: C:\Windows\System\xfTIPLt.exe Code function: String function: 00007FF76949EE80 appears 44 times
Source: C:\Windows\System\xfTIPLt.exe Code function: String function: 00007FF7694E2AD0 appears 31 times
Source: C:\Windows\System\uyinQiQ.exe Code function: String function: 00007FF620055070 appears 91 times
Source: C:\Windows\System\uyinQiQ.exe Code function: String function: 00007FF620102AD0 appears 31 times
Source: C:\Windows\System\uyinQiQ.exe Code function: String function: 00007FF6200BEE80 appears 44 times
Source: C:\Windows\System\SphOrRR.exe Code function: String function: 00007FF7D85E5070 appears 91 times
Source: C:\Windows\System\SphOrRR.exe Code function: String function: 00007FF7D8692AD0 appears 31 times
Source: C:\Windows\System\SphOrRR.exe Code function: String function: 00007FF7D864EE80 appears 44 times
Source: t9TtulOQal.exe Virustotal: Detection: 80%
Source: t9TtulOQal.exe ReversingLabs: Detection: 85%
Source: C:\Users\user\Desktop\t9TtulOQal.exe File read: C:\Users\user\Desktop\t9TtulOQal.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\t9TtulOQal.exe "C:\Users\user\Desktop\t9TtulOQal.exe"
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\uyinQiQ.exe C:\Windows\System\uyinQiQ.exe
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\EqjbEoF.exe C:\Windows\System\EqjbEoF.exe
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\xfTIPLt.exe C:\Windows\System\xfTIPLt.exe
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\SphOrRR.exe C:\Windows\System\SphOrRR.exe
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\pFPFzsF.exe C:\Windows\System\pFPFzsF.exe
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\qNlhNvn.exe C:\Windows\System\qNlhNvn.exe
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\wzZdyFs.exe C:\Windows\System\wzZdyFs.exe
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\jNieyqN.exe C:\Windows\System\jNieyqN.exe
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\ESsAvrN.exe C:\Windows\System\ESsAvrN.exe
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\eICKJjV.exe C:\Windows\System\eICKJjV.exe
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\muxfLeg.exe C:\Windows\System\muxfLeg.exe
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\JXaKkbf.exe C:\Windows\System\JXaKkbf.exe
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\ZQlhpPj.exe C:\Windows\System\ZQlhpPj.exe
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\NvBlBmE.exe C:\Windows\System\NvBlBmE.exe
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\emWQJVL.exe C:\Windows\System\emWQJVL.exe
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\stDgizI.exe C:\Windows\System\stDgizI.exe
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\KMucPon.exe C:\Windows\System\KMucPon.exe
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\WmJzbhD.exe C:\Windows\System\WmJzbhD.exe
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\iDVoGZo.exe C:\Windows\System\iDVoGZo.exe
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\zUtbfaW.exe C:\Windows\System\zUtbfaW.exe
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\LlHIifL.exe C:\Windows\System\LlHIifL.exe
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\GVCGjmH.exe C:\Windows\System\GVCGjmH.exe
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\oywIyRw.exe C:\Windows\System\oywIyRw.exe
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\gMOVsdQ.exe C:\Windows\System\gMOVsdQ.exe
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\bcWhMHX.exe C:\Windows\System\bcWhMHX.exe
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\VDhYVpi.exe C:\Windows\System\VDhYVpi.exe
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\SMIxvgz.exe C:\Windows\System\SMIxvgz.exe
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" " Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\uyinQiQ.exe C:\Windows\System\uyinQiQ.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\EqjbEoF.exe C:\Windows\System\EqjbEoF.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\xfTIPLt.exe C:\Windows\System\xfTIPLt.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\SphOrRR.exe C:\Windows\System\SphOrRR.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\pFPFzsF.exe C:\Windows\System\pFPFzsF.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\qNlhNvn.exe C:\Windows\System\qNlhNvn.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\wzZdyFs.exe C:\Windows\System\wzZdyFs.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\jNieyqN.exe C:\Windows\System\jNieyqN.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\ESsAvrN.exe C:\Windows\System\ESsAvrN.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\eICKJjV.exe C:\Windows\System\eICKJjV.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\muxfLeg.exe C:\Windows\System\muxfLeg.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\JXaKkbf.exe C:\Windows\System\JXaKkbf.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\ZQlhpPj.exe C:\Windows\System\ZQlhpPj.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\NvBlBmE.exe C:\Windows\System\NvBlBmE.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\emWQJVL.exe C:\Windows\System\emWQJVL.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\stDgizI.exe C:\Windows\System\stDgizI.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\KMucPon.exe C:\Windows\System\KMucPon.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\WmJzbhD.exe C:\Windows\System\WmJzbhD.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\iDVoGZo.exe C:\Windows\System\iDVoGZo.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\zUtbfaW.exe C:\Windows\System\zUtbfaW.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\LlHIifL.exe C:\Windows\System\LlHIifL.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\GVCGjmH.exe C:\Windows\System\GVCGjmH.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\oywIyRw.exe C:\Windows\System\oywIyRw.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\gMOVsdQ.exe C:\Windows\System\gMOVsdQ.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\bcWhMHX.exe C:\Windows\System\bcWhMHX.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\VDhYVpi.exe C:\Windows\System\VDhYVpi.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: C:\Windows\System\SMIxvgz.exe C:\Windows\System\SMIxvgz.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File created: C:\Users\user\Documents\20220420 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iscpwkgf.2is.ps1 Jump to behavior
Source: classification engine Classification label: mal100.evad.mine.winEXE@161/244@4/6
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3656:120:WilError_01
Source: C:\Users\user\Desktop\t9TtulOQal.exe Mutant created: \Sessions\1\BaseNamedObjects\sfdkjjhgkdsfhgjkjjsd
Source: uyinQiQ.exe String found in binary or memory: --help
Source: uyinQiQ.exe String found in binary or memory: --help
Source: EqjbEoF.exe String found in binary or memory: --help
Source: EqjbEoF.exe String found in binary or memory: --help
Source: xfTIPLt.exe String found in binary or memory: --help
Source: xfTIPLt.exe String found in binary or memory: --help
Source: SphOrRR.exe String found in binary or memory: --help
Source: SphOrRR.exe String found in binary or memory: --help
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll Jump to behavior
Source: t9TtulOQal.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: t9TtulOQal.exe Static file information: File size 2744671 > 1048576
Source: t9TtulOQal.exe Static PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
Uses code obfuscation techniques (call, push, ret)
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200C8490 push rsp; retf 0009h 3_2_00007FF6200C8491
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620067FA3 push qword ptr [00007FF5AB4EAA28h]; retf 3_2_00007FF620067FA9
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620068072 push qword ptr [00007FF5AB4EAAF7h]; retf 3_2_00007FF620068078
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BDF8072 push qword ptr [00007FF70727AAF7h]; retf 4_2_00007FF77BDF8078
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BDF7FA3 push qword ptr [00007FF70727AA28h]; retf 4_2_00007FF77BDF7FA9
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE58490 push rsp; retf 0009h 4_2_00007FF77BE58491
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769448072 push qword ptr [00007FF6F48CAAF7h]; retf 5_2_00007FF769448078
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769447FA3 push qword ptr [00007FF6F48CAA28h]; retf 5_2_00007FF769447FA9
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF7694A8490 push rsp; retf 0009h 5_2_00007FF7694A8491
Source: C:\Windows\System\SphOrRR.exe Code function: 6_2_00007FF7D85F7FA3 push qword ptr [00007FF763A7AA28h]; retf 6_2_00007FF7D85F7FA9
Source: C:\Windows\System\SphOrRR.exe Code function: 6_2_00007FF7D85F8072 push qword ptr [00007FF763A7AAF7h]; retf 6_2_00007FF7D85F8078
Source: C:\Windows\System\SphOrRR.exe Code function: 6_2_00007FF7D8658490 push rsp; retf 0009h 6_2_00007FF7D8658491
Contains functionality to dynamically determine API calls
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620440050 LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect, 3_2_00007FF620440050
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1

Persistence and Installation Behavior
barindex
Drops executables to the windows directory (C:\Windows) and starts them
Source: C:\Users\user\Desktop\t9TtulOQal.exe Executable created and started: C:\Windows\System\jNieyqN.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Executable created and started: C:\Windows\System\SphOrRR.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Executable created and started: C:\Windows\System\qNlhNvn.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Executable created and started: C:\Windows\System\GVCGjmH.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Executable created and started: C:\Windows\System\zUtbfaW.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Executable created and started: C:\Windows\System\gMOVsdQ.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Executable created and started: C:\Windows\System\pFPFzsF.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Executable created and started: C:\Windows\System\stDgizI.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Executable created and started: C:\Windows\System\muxfLeg.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Executable created and started: C:\Windows\System\VDhYVpi.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Executable created and started: C:\Windows\System\oywIyRw.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Executable created and started: C:\Windows\System\bcWhMHX.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Executable created and started: C:\Windows\System\uyinQiQ.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Executable created and started: C:\Windows\System\ZQlhpPj.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Executable created and started: C:\Windows\System\wzZdyFs.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Executable created and started: C:\Windows\System\ESsAvrN.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Executable created and started: C:\Windows\System\SMIxvgz.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Executable created and started: C:\Windows\System\iDVoGZo.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Executable created and started: C:\Windows\System\eICKJjV.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Executable created and started: C:\Windows\System\NvBlBmE.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Executable created and started: C:\Windows\System\JXaKkbf.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Executable created and started: C:\Windows\System\LlHIifL.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Executable created and started: C:\Windows\System\xfTIPLt.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Executable created and started: C:\Windows\System\KMucPon.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Executable created and started: C:\Windows\System\WmJzbhD.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Executable created and started: C:\Windows\System\EqjbEoF.exe Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Executable created and started: C:\Windows\System\emWQJVL.exe Jump to behavior
Drops PE files
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\DNPJrAp.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\jNieyqN.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\SphOrRR.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\pOKHtag.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\YMzIzWJ.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\FWCdtoi.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\LCJGpBT.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\WfHsQZP.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\WdlDRyY.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\qNlhNvn.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\lSizvcg.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\SxcwbMZ.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\wzZdyFs.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\lixNaxD.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\hUsjREf.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\KsiwdeS.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\MRIFuAF.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\PgAOShe.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\ESsAvrN.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\MCOVfKO.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\SMIxvgz.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\pWjGKSk.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\smuYHXa.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\kwkrjVa.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\ovDdHGH.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\iDVoGZo.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\eICKJjV.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\XiTpMXp.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\daHfGgI.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\mtQRaqN.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\BgzddBq.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\rAKqgoA.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\NvBlBmE.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\IvImsiG.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\SLFulCG.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\rhHsFle.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\HpbubZL.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\JXaKkbf.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\NxFlqYt.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\GVCGjmH.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\ZtTzcBh.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\WhXZiHd.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\zUtbfaW.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\ZiMOpPX.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\gMOVsdQ.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\huzPDUS.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\zVbOvXm.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\xdUCYQb.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\dEYJnfK.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\yPKDcsN.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\DGHKyFn.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\HkItpNv.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\pFPFzsF.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\FeFYpim.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\FOnZRKr.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\LlHIifL.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\svOQXJz.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\TnMUQyL.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\xfTIPLt.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\NAUjBRC.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\FxmRhvo.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\wDdnUtc.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\XCvwelc.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\stDgizI.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\HTqkXki.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\lwgsJqd.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\mIyThvK.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\ZzwbFgD.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\FCKOZeV.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\XlZGLnX.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\wZzWCWV.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\muxfLeg.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\vcEmNkW.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\LWncCoi.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\lgsRKGr.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\jlNpXjM.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\IwKYdHI.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\BUaaHVm.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\NDqadHk.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\VXVIrum.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\iSqsUCr.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\ilcWOZl.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\UqmycyY.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\VDhYVpi.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\SNvUzbt.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\KMucPon.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\UdAHMCt.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\TvasPml.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\HwyrgzG.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\KrndXYC.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\nrQYUmJ.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\DnqcwtK.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\FMexUiT.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\gCFlHHJ.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\SkEyCtt.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\WmJzbhD.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\FyLyeFw.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\OJNBHHu.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\EqjbEoF.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\jPKzTtz.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\oywIyRw.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\mEbRccf.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\yONznpZ.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\bcWhMHX.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\YjKetXR.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\emWQJVL.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\RRDiUuc.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\JOQDzgU.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\gdcLiYI.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\qQSrpPb.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\UQijOzj.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\RlNyVjS.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\ezzkzMm.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\RsLgSLi.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\joINsxO.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\ntmWQZK.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\heenggl.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\pQoKRMn.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\uyinQiQ.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\dTLKbpW.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\ZvssSZj.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\QDYWXHy.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\osvCeul.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\oBrtOof.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\rvuSdjQ.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\GFTDyHI.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\YQCyEcy.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\NHwQSty.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\ZQlhpPj.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\dlNvLir.exe Jump to dropped file
Drops PE files to the windows directory (C:\Windows)
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\DNPJrAp.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\jNieyqN.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\SphOrRR.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\pOKHtag.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\YMzIzWJ.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\FWCdtoi.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\LCJGpBT.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\WfHsQZP.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\WdlDRyY.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\qNlhNvn.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\lSizvcg.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\SxcwbMZ.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\wzZdyFs.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\lixNaxD.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\hUsjREf.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\KsiwdeS.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\MRIFuAF.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\PgAOShe.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\ESsAvrN.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\MCOVfKO.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\SMIxvgz.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\pWjGKSk.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\smuYHXa.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\kwkrjVa.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\ovDdHGH.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\iDVoGZo.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\eICKJjV.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\XiTpMXp.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\daHfGgI.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\mtQRaqN.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\BgzddBq.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\rAKqgoA.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\NvBlBmE.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\IvImsiG.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\SLFulCG.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\rhHsFle.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\HpbubZL.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\JXaKkbf.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\NxFlqYt.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\GVCGjmH.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\ZtTzcBh.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\WhXZiHd.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\zUtbfaW.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\ZiMOpPX.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\gMOVsdQ.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\huzPDUS.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\zVbOvXm.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\xdUCYQb.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\dEYJnfK.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\yPKDcsN.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\DGHKyFn.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\HkItpNv.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\pFPFzsF.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\FeFYpim.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\FOnZRKr.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\LlHIifL.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\svOQXJz.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\TnMUQyL.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\xfTIPLt.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\NAUjBRC.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\FxmRhvo.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\wDdnUtc.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\XCvwelc.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\stDgizI.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\HTqkXki.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\lwgsJqd.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\mIyThvK.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\ZzwbFgD.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\FCKOZeV.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\XlZGLnX.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\wZzWCWV.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\muxfLeg.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\vcEmNkW.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\LWncCoi.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\lgsRKGr.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\jlNpXjM.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\IwKYdHI.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\BUaaHVm.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\NDqadHk.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\VXVIrum.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\iSqsUCr.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\ilcWOZl.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\UqmycyY.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\VDhYVpi.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\SNvUzbt.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\KMucPon.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\UdAHMCt.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\TvasPml.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\HwyrgzG.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\KrndXYC.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\nrQYUmJ.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\DnqcwtK.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\FMexUiT.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\gCFlHHJ.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\SkEyCtt.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\WmJzbhD.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\FyLyeFw.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\OJNBHHu.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\EqjbEoF.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\jPKzTtz.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\oywIyRw.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\mEbRccf.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\yONznpZ.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\bcWhMHX.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\YjKetXR.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\emWQJVL.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\RRDiUuc.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\JOQDzgU.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\gdcLiYI.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\qQSrpPb.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\UQijOzj.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\RlNyVjS.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\ezzkzMm.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\RsLgSLi.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\joINsxO.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\ntmWQZK.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\heenggl.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\pQoKRMn.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\uyinQiQ.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\dTLKbpW.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\ZvssSZj.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\QDYWXHy.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\osvCeul.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\oBrtOof.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\rvuSdjQ.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\GFTDyHI.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\YQCyEcy.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\NHwQSty.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\ZQlhpPj.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe File created: C:\Windows\System\dlNvLir.exe Jump to dropped file
Extensive use of GetProcAddress (often used to hide API calls)
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200BEBF0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError, 3_2_00007FF6200BEBF0
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Registry key monitored for changes: HKEY_CURRENT_USER_Classes Jump to behavior
Source: C:\Users\user\Desktop\t9TtulOQal.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1508 Thread sleep count: 8431 > 30 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3504 Thread sleep count: 1107 > 30 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5968 Thread sleep time: -21213755684765971s >= -30000s Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4944 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Windows\System\uyinQiQ.exe TID: 1984 Thread sleep time: -41000s >= -30000s Jump to behavior
Source: C:\Windows\System\EqjbEoF.exe TID: 5436 Thread sleep time: -41000s >= -30000s Jump to behavior
Source: C:\Windows\System\xfTIPLt.exe TID: 5920 Thread sleep time: -41000s >= -30000s Jump to behavior
Source: C:\Windows\System\SphOrRR.exe TID: 5140 Thread sleep time: -41000s >= -30000s Jump to behavior
Source: C:\Windows\System\pFPFzsF.exe TID: 1784 Thread sleep time: -41000s >= -30000s Jump to behavior
Source: C:\Windows\System\qNlhNvn.exe TID: 6152 Thread sleep time: -41000s >= -30000s Jump to behavior
Source: C:\Windows\System\wzZdyFs.exe TID: 6168 Thread sleep time: -41000s >= -30000s Jump to behavior
Source: C:\Windows\System\jNieyqN.exe TID: 6192 Thread sleep time: -41000s >= -30000s Jump to behavior
Source: C:\Windows\System\ESsAvrN.exe TID: 6996 Thread sleep time: -41000s >= -30000s Jump to behavior
Source: C:\Windows\System\eICKJjV.exe TID: 5732 Thread sleep time: -41000s >= -30000s Jump to behavior
Source: C:\Windows\System\muxfLeg.exe TID: 3544 Thread sleep time: -41000s >= -30000s Jump to behavior
Source: C:\Windows\System\JXaKkbf.exe TID: 3352 Thread sleep time: -41000s >= -30000s Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\DNPJrAp.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\pOKHtag.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\YMzIzWJ.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\FWCdtoi.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\LCJGpBT.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\WfHsQZP.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\WdlDRyY.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\SxcwbMZ.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\lSizvcg.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\lixNaxD.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\hUsjREf.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\KsiwdeS.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\MRIFuAF.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\PgAOShe.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\MCOVfKO.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\pWjGKSk.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\smuYHXa.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\kwkrjVa.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\ovDdHGH.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\daHfGgI.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\XiTpMXp.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\mtQRaqN.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\BgzddBq.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\rAKqgoA.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\IvImsiG.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\SLFulCG.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\rhHsFle.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\HpbubZL.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\NxFlqYt.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\ZtTzcBh.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\WhXZiHd.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\ZiMOpPX.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\huzPDUS.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\zVbOvXm.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\xdUCYQb.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\dEYJnfK.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\yPKDcsN.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\HkItpNv.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\DGHKyFn.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\FeFYpim.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\FOnZRKr.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\svOQXJz.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\TnMUQyL.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\NAUjBRC.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\FxmRhvo.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\wDdnUtc.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\XCvwelc.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\HTqkXki.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\mIyThvK.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\lwgsJqd.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\FCKOZeV.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\ZzwbFgD.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\wZzWCWV.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\XlZGLnX.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\vcEmNkW.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\LWncCoi.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\lgsRKGr.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\jlNpXjM.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\IwKYdHI.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\BUaaHVm.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\NDqadHk.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\VXVIrum.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\ilcWOZl.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\iSqsUCr.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\UqmycyY.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\SNvUzbt.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\TvasPml.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\UdAHMCt.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\HwyrgzG.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\KrndXYC.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\nrQYUmJ.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\DnqcwtK.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\FMexUiT.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\gCFlHHJ.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\SkEyCtt.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\FyLyeFw.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\OJNBHHu.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\jPKzTtz.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\mEbRccf.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\yONznpZ.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\YjKetXR.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\JOQDzgU.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\RRDiUuc.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\gdcLiYI.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\qQSrpPb.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\UQijOzj.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\RlNyVjS.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\ezzkzMm.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\RsLgSLi.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\joINsxO.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\ntmWQZK.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\heenggl.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\pQoKRMn.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\dTLKbpW.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\ZvssSZj.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\osvCeul.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\QDYWXHy.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\oBrtOof.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\GFTDyHI.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\rvuSdjQ.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\YQCyEcy.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\NHwQSty.exe Jump to dropped file
Source: C:\Users\user\Desktop\t9TtulOQal.exe Dropped PE file which has not been started: C:\Windows\System\dlNvLir.exe Jump to dropped file
Contains long sleeps (>= 3 min)
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Window / User API: threadDelayed 8431 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Window / User API: threadDelayed 1107 Jump to behavior
Found large amount of non-executed APIs
Source: C:\Windows\System\uyinQiQ.exe API coverage: 1.4 %
Source: C:\Windows\System\EqjbEoF.exe API coverage: 1.4 %
Source: C:\Windows\System\xfTIPLt.exe API coverage: 1.5 %
Source: C:\Windows\System\SphOrRR.exe API coverage: 1.3 %
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information queried: ProcessInformation Jump to behavior
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200BB760 CreateEventA,SetErrorMode,RtlInitializeCriticalSection,GetSystemInfo,RtlInitializeCriticalSection,RtlInitializeCriticalSection,SetConsoleCtrlHandler,CreateSemaphoreA,GetLastError,CreateFileW,QueueUserWorkItem,RtlInitializeCriticalSection,QueryPerformanceFrequency,SetEvent,CloseHandle,WaitForSingleObject,GetLastError, 3_2_00007FF6200BB760
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620164470 HeapFree,SetEndOfFile,FindFirstFileExW,GetOEMCP, 3_2_00007FF620164470
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620164478 RtlAllocateHeap,FindFirstFileExW,GetOEMCP, 3_2_00007FF620164478
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF62011B6F8 _invalid_parameter_noinfo,RtlSizeHeap,RtlSizeHeap,FindFirstFileExW,GetOEMCP, 3_2_00007FF62011B6F8
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200DCA78 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,TerminateProcess,RtlInterlockedPushEntrySList,FindFirstFileExW,GetOEMCP, 3_2_00007FF6200DCA78
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE6CA78 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,TerminateProcess,RtlInterlockedPushEntrySList,FindFirstFileExW,GetOEMCP, 4_2_00007FF77BE6CA78
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BEF4478 RtlAllocateHeap,FindFirstFileExW,GetOEMCP, 4_2_00007FF77BEF4478
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BEF4470 HeapFree,SetEndOfFile,FindFirstFileExW,GetOEMCP, 4_2_00007FF77BEF4470
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BEAB6F8 _invalid_parameter_noinfo,RtlSizeHeap,RtlSizeHeap,FindFirstFileExW,GetOEMCP, 4_2_00007FF77BEAB6F8
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF7694BCA78 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,TerminateProcess,RtlInterlockedPushEntrySList,FindFirstFileExW,GetOEMCP, 5_2_00007FF7694BCA78
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769544478 RtlAllocateHeap,FindFirstFileExW,GetOEMCP, 5_2_00007FF769544478
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769544470 HeapFree,SetEndOfFile,FindFirstFileExW,GetOEMCP, 5_2_00007FF769544470
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF7694FB6F8 _invalid_parameter_noinfo,RtlSizeHeap,RtlSizeHeap,FindFirstFileExW,GetOEMCP, 5_2_00007FF7694FB6F8
Source: C:\Windows\System\SphOrRR.exe Code function: 6_2_00007FF7D866CA78 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,TerminateProcess,RtlInterlockedPushEntrySList,FindFirstFileExW,GetOEMCP, 6_2_00007FF7D866CA78
Source: C:\Windows\System\SphOrRR.exe Code function: 6_2_00007FF7D86F4478 RtlAllocateHeap,FindFirstFileExW,GetOEMCP, 6_2_00007FF7D86F4478
Source: C:\Windows\System\SphOrRR.exe Code function: 6_2_00007FF7D86F4470 HeapFree,SetEndOfFile,FindFirstFileExW,GetOEMCP, 6_2_00007FF7D86F4470
Source: C:\Windows\System\SphOrRR.exe Code function: 6_2_00007FF7D86AB6F8 _invalid_parameter_noinfo,RtlSizeHeap,RtlSizeHeap,FindFirstFileExW,GetOEMCP, 6_2_00007FF7D86AB6F8
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\System\uyinQiQ.exe Thread delayed: delay time: 41000 Jump to behavior
Source: C:\Windows\System\EqjbEoF.exe Thread delayed: delay time: 41000 Jump to behavior
Source: C:\Windows\System\xfTIPLt.exe Thread delayed: delay time: 41000 Jump to behavior
Source: C:\Windows\System\SphOrRR.exe Thread delayed: delay time: 41000 Jump to behavior
Source: C:\Windows\System\pFPFzsF.exe Thread delayed: delay time: 41000 Jump to behavior
Source: C:\Windows\System\qNlhNvn.exe Thread delayed: delay time: 41000 Jump to behavior
Source: C:\Windows\System\wzZdyFs.exe Thread delayed: delay time: 41000 Jump to behavior
Source: C:\Windows\System\jNieyqN.exe Thread delayed: delay time: 41000 Jump to behavior
Source: C:\Windows\System\ESsAvrN.exe Thread delayed: delay time: 41000 Jump to behavior
Source: C:\Windows\System\eICKJjV.exe Thread delayed: delay time: 41000 Jump to behavior
Source: C:\Windows\System\muxfLeg.exe Thread delayed: delay time: 41000 Jump to behavior
Source: C:\Windows\System\JXaKkbf.exe Thread delayed: delay time: 41000 Jump to behavior
Source: C:\Windows\System\uyinQiQ.exe API call chain: ExitProcess graph end node
Source: C:\Windows\System\EqjbEoF.exe API call chain: ExitProcess graph end node
Source: C:\Windows\System\xfTIPLt.exe API call chain: ExitProcess graph end node
Source: C:\Windows\System\SphOrRR.exe API call chain: ExitProcess graph end node
Source: t9TtulOQal.exe, 00000000.00000002.525140697.0000020806A6B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620164588 IsDebuggerPresent, 3_2_00007FF620164588
Contains functionality to dynamically determine API calls
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620440050 LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect, 3_2_00007FF620440050
Enables debug privileges
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF620164578 SetUnhandledExceptionFilter, 3_2_00007FF620164578
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200FD6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 3_2_00007FF6200FD6D4
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200DCA78 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,TerminateProcess,RtlInterlockedPushEntrySList,FindFirstFileExW,GetOEMCP, 3_2_00007FF6200DCA78
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE6CA78 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,TerminateProcess,RtlInterlockedPushEntrySList,FindFirstFileExW,GetOEMCP, 4_2_00007FF77BE6CA78
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE8D6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 4_2_00007FF77BE8D6D4
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BEF4578 SetUnhandledExceptionFilter, 4_2_00007FF77BEF4578
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF7694BCA78 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,TerminateProcess,RtlInterlockedPushEntrySList,FindFirstFileExW,GetOEMCP, 5_2_00007FF7694BCA78
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF7694DD6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 5_2_00007FF7694DD6D4
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF769544578 SetUnhandledExceptionFilter, 5_2_00007FF769544578
Source: C:\Windows\System\SphOrRR.exe Code function: 6_2_00007FF7D866CA78 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,TerminateProcess,RtlInterlockedPushEntrySList,FindFirstFileExW,GetOEMCP, 6_2_00007FF7D866CA78
Source: C:\Windows\System\SphOrRR.exe Code function: 6_2_00007FF7D86F4578 SetUnhandledExceptionFilter, 6_2_00007FF7D86F4578
Source: C:\Windows\System\SphOrRR.exe Code function: 6_2_00007FF7D868D6D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 6_2_00007FF7D868D6D4
Source: conhost.exe, 00000001.00000002.530152137.000001FA51F80000.00000002.00000001.00040000.00000000.sdmp, conhost.exe, 00000001.00000000.259230145.000001FA51F80000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Shell_TrayWnd
Source: conhost.exe, 00000001.00000002.530152137.000001FA51F80000.00000002.00000001.00040000.00000000.sdmp, conhost.exe, 00000001.00000000.259230145.000001FA51F80000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Progman
Source: conhost.exe, 00000001.00000002.530152137.000001FA51F80000.00000002.00000001.00040000.00000000.sdmp, conhost.exe, 00000001.00000000.259230145.000001FA51F80000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Program Manager,
Source: conhost.exe, 00000001.00000002.530152137.000001FA51F80000.00000002.00000001.00040000.00000000.sdmp, conhost.exe, 00000001.00000000.259230145.000001FA51F80000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Progmanlock
Queries the volume information (name, serial number etc) of a device
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformation Jump to behavior
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200BD460 CreateNamedPipeW,GetLastError,GetLastError,GetLastError,CloseHandle,GetLastError,GetLastError,ConnectNamedPipe,GetLastError,GetLastError,CloseHandle,GetLastError,GetLastError,GetLastError, 3_2_00007FF6200BD460
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Source: C:\Windows\System\uyinQiQ.exe Code function: 3_2_00007FF6200B94B0 socket,WSAGetLastError,closesocket,setsockopt,bind,WSAGetLastError, 3_2_00007FF6200B94B0
Source: C:\Windows\System\EqjbEoF.exe Code function: 4_2_00007FF77BE494B0 socket,WSAGetLastError,closesocket,setsockopt,bind,WSAGetLastError, 4_2_00007FF77BE494B0
Source: C:\Windows\System\xfTIPLt.exe Code function: 5_2_00007FF7694994B0 socket,WSAGetLastError,closesocket,setsockopt,bind,WSAGetLastError, 5_2_00007FF7694994B0
Source: C:\Windows\System\SphOrRR.exe Code function: 6_2_00007FF7D86494B0 socket,WSAGetLastError,closesocket,setsockopt,bind,WSAGetLastError, 6_2_00007FF7D86494B0
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 612095 Sample: t9TtulOQal Startdate: 20/04/2022 Architecture: WINDOWS Score: 100 37 Malicious sample detected (through community Yara rule) 2->37 39 Antivirus detection for dropped file 2->39 41 Antivirus / Scanner detection for submitted sample 2->41 43 5 other signatures 2->43 6 t9TtulOQal.exe 132 2->6         started        process3 dnsIp4 35 3.120.98.217, 8080 AMAZON-02US United States 6->35 21 C:\Windows\System\zUtbfaW.exe, PE32+ 6->21 dropped 23 C:\Windows\System\xfTIPLt.exe, PE32+ 6->23 dropped 25 C:\Windows\System\wzZdyFs.exe, PE32+ 6->25 dropped 27 127 other files (29 malicious) 6->27 dropped 45 Drops executables to the windows directory (C:\Windows) and starts them 6->45 11 ESsAvrN.exe 1 6->11         started        14 uyinQiQ.exe 1 6->14         started        16 EqjbEoF.exe 1 6->16         started        18 11 other processes 6->18 file5 signatures6 process7 dnsIp8 47 Antivirus detection for dropped file 11->47 49 Machine Learning detection for dropped file 11->49 51 Contains functionality to registers a callback to get notified when the system is suspended or resumed (often done by Miners) 14->51 29 github.com 140.82.121.3, 443, 49750 GITHUBUS United States 18->29 31 avatars.githubusercontent.com 185.199.108.133, 443, 49761, 49762 FASTLYUS Netherlands 18->31 33 3 other IPs or domains 18->33 signatures9
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
185.199.108.133
 avatars.githubusercontent.com Netherlands
54113 FASTLYUS false
185.199.108.154
 github.githubassets.com Netherlands
54113 FASTLYUS false
140.82.121.3
 github.com United States
36459 GITHUBUS false
3.120.98.217
 unknown United States
16509 AMAZON-02US false
185.199.111.133
 raw.githubusercontent.com Netherlands
54113 FASTLYUS false

Private

IP
192.168.2.1

Contacted Domains

Name IP Active
avatars.githubusercontent.com 185.199.108.133 true
github.com 140.82.121.3 true
raw.githubusercontent.com 185.199.111.133 true
github.githubassets.com 185.199.108.154 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://github.githubassets.com/assets/3198-f068837ff3a6.js false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/assets/2486-d89868d3cb25.js false
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/assets/github-elements-29d8293f1694.js false
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/icons/footer/github-logo.svg false
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/assets/8646-b11421a6cbd6.js false
  • Avira URL Cloud: safe
 unknown
https://avatars.githubusercontent.com/nplasterer?s=64&v=4 false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/home/matrix-workflow-test-tab.png false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/assets/3706-a9e5e1421754.js false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/assets/5724-640299416084.js false
  • Avira URL Cloud: safe
 unknown
https://avatars.githubusercontent.com/jasonetco?s=64&v=4 false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/home/logos/platform-google.svg false
  • Avira URL Cloud: safe
 unknown
https://avatars.githubusercontent.com/rust-lang?s=64&v=4 false
  • Avira URL Cloud: safe
 unknown
https://avatars.githubusercontent.com/joshaber?s=64&v=4 false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/home/codeql-step-2.png false
  • Avira URL Cloud: safe
 unknown
https://avatars.githubusercontent.com/sophshep?s=64&v=4 false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/home/logos/platform-windows.svg false
  • Avira URL Cloud: safe
 unknown
https://avatars.githubusercontent.com/apple?s=64&v=4 false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/home/actions-autocomplete.png false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/home/actions-editor.png false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/home/community-sponsor-1.png false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/assets/93-8fdb428884fb.js false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/home/pr-comment.png false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/home/footer-illustration.svg false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/home/icons/folder.svg false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/home/pr-description.png false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/assets/behaviors-76de0719b85a.css false
  • Avira URL Cloud: safe
 unknown
https://avatars.githubusercontent.com/pmarsceill?s=64&v=4 false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/home/icons/heart.svg false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/assets/5222-6b85a0658795.js false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/assets/5388-1dbf1debd575.js false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/home/hero-glow.svg false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/home/pr-merge.png false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/assets/element-registry-d86468692d21.js false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/assets/dark-d4a90c367f0c.css false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/home/icons/file.svg false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/home/globe.jpg false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/home/secret-list.png false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/assets/1717-85e1b724ca10.js false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/home/enterprise-city-w-logos.jpg false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/home/matrix-workflow-publish-tab.png false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/home/discussions-answered-check.svg false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/icons/footer/twitter.svg false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/home/repo-terminal-glow.svg false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/home/codespaces-glow.svg false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/assets/marketing-9af736bab4dd.js false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/home/logos/platform-apple.svg false
  • Avira URL Cloud: safe
 unknown
https://raw.githubusercontent.com/ false
  • Avira URL Cloud: safe
 unknown
https://avatars.githubusercontent.com/ohmyzsh?s=64&v=4 false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/home/codespaces-vscode-3.png false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/icons/footer/facebook.svg false
  • Avira URL Cloud: safe
 unknown
https://avatars.githubusercontent.com/ansible?s=64&v=4 false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/assets/home-b03d01c8df61.js false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/icons/footer/linkedin.svg false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/home/codeql-step-3.png false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/home/pr-screen.png false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/assets/3682-e91f7f4f1ce8.js false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/assets/3826-6af63b920599.js false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/icons/footer/youtube.svg false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/assets/home-e461cf7ec7b7.css false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/home/community-readme-2.png false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/assets/behaviors-b1bd0e37a9b4.js false
  • Avira URL Cloud: safe
 unknown
https://avatars.githubusercontent.com/flutter?s=64&v=4 false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/home/community-readme-1.png false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/assets/notifications-global-28a2c6fa1139.js false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/home/security-alert-fan.svg false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/assets/5329-98db7da29ab9.js false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/home/secret-alert.png false
  • Avira URL Cloud: safe
 unknown
https://avatars.githubusercontent.com/kubernetes?s=64&v=4 false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/home/logos/platform-arm.svg false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/home/codeql-step-1.png false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/home/repo-browser.png false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/assets/light-92c7d381038e.css false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/home/logos/platform-linux.svg false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/home/codespaces-vscode-1.png false
  • Avira URL Cloud: safe
 unknown
https://avatars.githubusercontent.com/ampinsk?s=64&v=4 false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/home/matrix-workflow-publish.png false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/assets/3932-24b9e74cf858.js false
  • Avira URL Cloud: safe
 unknown
https://github.githubassets.com/images/modules/site/home/gh-desktop.png false
  • Avira URL Cloud: safe
 unknown
https://github.com/ false
    		high
    https://github.githubassets.com/images/modules/site/home/discussions-check.svg false
    • Avira URL Cloud: safe
    		 unknown
    https://github.githubassets.com/images/modules/site/icons/footer/github-mark.svg false
    • Avira URL Cloud: safe
    		 unknown
    https://github.githubassets.com/images/modules/site/home/community-discussions-1.png false
    • Avira URL Cloud: safe
    		 unknown
    https://avatars.githubusercontent.com/hashicorp?s=64&v=4 false
    • Avira URL Cloud: safe
    		 unknown
    https://github.githubassets.com/images/modules/site/home/matrix-workflow-test.png false
    • Avira URL Cloud: safe
    		 unknown
    https://github.githubassets.com/assets/github-5661da47685a.css false
    • Avira URL Cloud: safe
    		 unknown
    https://github.githubassets.com/images/modules/site/home/community-sponsor-2.png false
    • Avira URL Cloud: safe
    		 unknown
    https://github.githubassets.com/assets/environment-bec046a69997.js false
    • Avira URL Cloud: safe
    		 unknown
    https://github.githubassets.com/images/modules/site/home/matrix-workflow-success.svg false
    • Avira URL Cloud: safe
    		 unknown
    https://github.githubassets.com/assets/frameworks-6903f4471853.css false
    • Avira URL Cloud: safe
    		 unknown
    https://github.githubassets.com/assets/runtime-51fc180fd3a8.js false
    • Avira URL Cloud: safe
    		 unknown
    https://github.githubassets.com/images/modules/site/home/astro-mona.svg false
    • Avira URL Cloud: safe
    		 unknown
    https://github.githubassets.com/images/modules/site/home/matrix-workflow-build.png false
    • Avira URL Cloud: safe
    		 unknown
    https://avatars.githubusercontent.com/gatsbyjs?s=64&v=4 false
    • Avira URL Cloud: safe
    		 unknown
    https://github.githubassets.com/images/modules/site/home/codeql-description.png false
    • Avira URL Cloud: safe
    		 unknown
    https://avatars.githubusercontent.com/npm?s=64&v=4 false
    • Avira URL Cloud: safe
    		 unknown
    https://github.githubassets.com/images/modules/site/home/iphone-notch.svg false
    • Avira URL Cloud: safe
    		 unknown
    https://github.githubassets.com/assets/8932-24f1e0ea55c2.js false
    • Avira URL Cloud: safe
    		 unknown
    https://github.githubassets.com/images/modules/site/home/actions-spinner.svg false
    • Avira URL Cloud: safe
    		 unknown
    https://github.githubassets.com/images/modules/site/home/community-discussions-2.png false
    • Avira URL Cloud: safe
    		 unknown
    https://github.githubassets.com/assets/site-c0607420942f.css false
    • Avira URL Cloud: safe
    		 unknown