Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49766 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49766 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49767 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49767 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.130.249.123 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.130.249.123 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.130.249.123 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.130.249.123 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.130.249.123 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.130.249.123 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.130.249.123 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.130.249.123 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.130.249.123 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.130.249.123 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.130.249.123 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.130.249.123 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.130.249.123 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.130.249.123 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.130.249.123 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.130.249.123 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.130.249.123 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.130.249.123 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.130.249.123 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.130.249.123 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.130.249.123 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.130.249.123 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.130.249.123 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.130.249.123 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.130.249.123 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.130.249.123 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.130.249.123 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.130.249.123 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.130.249.123 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.130.249.123 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.130.249.123 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: powershell.exe, 00000004.00000002.129543927261.0000000007DAB000.00000004.00000800.00020000.00000000.sdmp, ielowutil.exe, 00000019.00000002.134000457585.00000000035B1000.00000004.00000020.00020000.00000000.sdmp, ielowutil.exe, 00000019.00000003.129473936429.00000000035B3000.00000004.00000020.00020000.00000000.sdmp, ielowutil.exe, 00000019.00000003.130571937294.00000000035B1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: powershell.exe, 00000004.00000002.129543927261.0000000007DAB000.00000004.00000800.00020000.00000000.sdmp, ielowutil.exe, 00000019.00000002.134000457585.00000000035B1000.00000004.00000020.00020000.00000000.sdmp, ielowutil.exe, 00000019.00000003.129473936429.00000000035B3000.00000004.00000020.00020000.00000000.sdmp, ielowutil.exe, 00000019.00000003.130571937294.00000000035B1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: powershell.exe, 00000004.00000003.129318972278.0000000007E58000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000003.129319783919.0000000007E5B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.129544998772.0000000007E5C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl.microsoft.coX |
Source: ielowutil.exe, ielowutil.exe, 00000019.00000003.130571810901.00000000035A3000.00000004.00000020.00020000.00000000.sdmp, ielowutil.exe, 00000019.00000003.130572347630.0000000003608000.00000004.00000020.00020000.00000000.sdmp, ielowutil.exe, 00000019.00000002.134001216891.0000000003608000.00000004.00000020.00020000.00000000.sdmp, ielowutil.exe, 00000019.00000002.134000091371.0000000003587000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://geoplugin.net/ |
Source: ielowutil.exe, 00000019.00000003.130571937294.00000000035B1000.00000004.00000020.00020000.00000000.sdmp, ielowutil.exe, 00000019.00000003.130571876426.00000000035AD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://geoplugin.net/json.gp |
Source: ielowutil.exe, 00000019.00000002.134000380791.00000000035AD000.00000004.00000020.00020000.00000000.sdmp, ielowutil.exe, 00000019.00000003.130571876426.00000000035AD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://geoplugin.net/json.gp0( |
Source: ielowutil.exe, 00000019.00000003.129502573724.000000001F1BB000.00000004.00000800.00020000.00000000.sdmp, ielowutil.exe, 00000019.00000003.130571312294.000000001F1BD000.00000004.00000800.00020000.00000000.sdmp, ielowutil.exe, 00000019.00000002.134022681912.000000001F1BE000.00000004.00000800.00020000.00000000.sdmp, ielowutil.exe, 00000019.00000003.129502441786.000000001F1BA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://geoplugin.net/json.gph |
Source: ielowutil.exe, 00000019.00000003.130572347630.0000000003608000.00000004.00000020.00020000.00000000.sdmp, ielowutil.exe, 00000019.00000002.134001216891.0000000003608000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://geoplugin.net/json.gpn.net/json.gp |
Source: ielowutil.exe, 00000019.00000003.130572347630.0000000003608000.00000004.00000020.00020000.00000000.sdmp, ielowutil.exe, 00000019.00000002.134001216891.0000000003608000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://geoplugin.net/json.gposp) |
Source: powershell.exe, 00000004.00000002.129538179335.0000000005F7C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://nuget.org/NuGet.exe |
Source: powershell.exe, 00000004.00000002.129525516359.000000000506C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.129558832105.0000000009086000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000003.129236780635.0000000009086000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: powershell.exe, 00000004.00000002.129523730992.0000000004F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: powershell.exe, 00000004.00000002.129525516359.000000000506C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.129558832105.0000000009086000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000003.129236780635.0000000009086000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: powershell.exe, 00000004.00000002.129523730992.0000000004F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore6lB |
Source: ielowutil.exe, 00000019.00000002.133999047327.0000000003528000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.discordapp.com/ |
Source: ielowutil.exe, 00000019.00000002.134001216891.0000000003608000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/973448455970238517/973448761017765938/tur4256ase7_ewATiEi255. |
Source: ielowutil.exe, 00000019.00000003.130571477811.000000000356F000.00000004.00000020.00020000.00000000.sdmp, ielowutil.exe, 00000019.00000002.133999790590.0000000003570000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/973448911232585778/973449155060047882/Enrico-7173724.jpg |
Source: ielowutil.exe, 00000019.00000003.130571477811.000000000356F000.00000004.00000020.00020000.00000000.sdmp, ielowutil.exe, 00000019.00000002.133999790590.0000000003570000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/973448911232585778/973449155060047882/Enrico-7173724.jpgA |
Source: ielowutil.exe, 00000019.00000002.133999047327.0000000003528000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.discordapp.com/h |
Source: powershell.exe, 00000004.00000002.129538179335.0000000005F7C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 00000004.00000002.129538179335.0000000005F7C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 00000004.00000002.129538179335.0000000005F7C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/License |
Source: powershell.exe, 00000004.00000002.129525516359.000000000506C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.129558832105.0000000009086000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000003.129236780635.0000000009086000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/Pester/Pester |
Source: powershell.exe, 00000004.00000003.129204299058.0000000005928000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://go.micro |
Source: powershell.exe, 00000004.00000002.129538179335.0000000005F7C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://nuget.org/nuget.exe |
Source: global traffic |
HTTP traffic detected: GET /attachments/973448911232585778/973449155060047882/Enrico-7173724.jpg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: cdn.discordapp.comCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: GET /attachments/973448455970238517/973448761017765938/tur4256ase7_ewATiEi255.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: cdn.discordapp.comCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: GET /json.gp HTTP/1.1Host: geoplugin.netCache-Control: no-cache |