Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49842 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49842 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49843 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49843 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49844 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49844 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49845 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49845 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49847 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49847 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49848 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49848 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49849 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49849 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49850 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49850 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49851 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49851 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49852 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49852 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49853 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49853 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49854 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49854 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49855 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49855 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49857 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49857 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49858 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49858 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49859 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49859 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49860 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49860 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49861 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49861 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49862 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49862 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49863 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49863 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49864 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49864 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49865 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49865 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49866 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49866 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49867 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49867 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49868 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49868 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49869 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49869 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49870 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49870 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49871 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49871 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49872 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49872 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49874 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2841753 ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound) 137.63.71.51:3959 -> 192.168.11.20:49874 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49874 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49875 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49875 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49876 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49876 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49877 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49877 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49878 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49878 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49879 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2841753 ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound) 137.63.71.51:3959 -> 192.168.11.20:49879 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49879 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49880 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49880 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49881 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49881 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49882 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49882 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49883 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49883 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49884 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49884 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49885 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49885 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49886 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49886 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49887 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49887 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49888 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49888 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49889 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49889 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49890 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49890 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49891 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49891 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49892 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49892 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49893 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49893 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49894 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49894 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49895 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49895 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49896 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49896 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49897 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49897 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49898 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49898 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49899 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49899 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49900 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49900 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49901 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49901 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49902 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2841753 ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound) 137.63.71.51:3959 -> 192.168.11.20:49902 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49902 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49903 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49903 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49904 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49904 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49905 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49905 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49906 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49906 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49908 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49908 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49909 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49909 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49910 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49910 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49911 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49911 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49912 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49912 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49913 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49913 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49914 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49914 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49915 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49915 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49916 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49916 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49917 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49917 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49918 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49918 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49919 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49919 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49920 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49920 -> 137.63.71.51:3959 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49921 -> 137.63.71.51:3959 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 137.63.71.51 |
Source: dlawt.exe, Supplicatingly.exe.3.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: dlawt.exe, Supplicatingly.exe.3.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: dlawt.exe, Supplicatingly.exe.3.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: folder-download.png.1.dr |
String found in binary or memory: http://creativecommons.org/licenses/by-sa/4.0/ |
Source: CasPol.exe, 00000003.00000003.29761275591.00000000013AF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: CasPol.exe, 00000003.00000003.29767350810.00000000013C4000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.29767309570.00000000013BF000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.29761275591.00000000013AF000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.30020055841.00000000013C0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: dlawt.exe, Supplicatingly.exe.3.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: dlawt.exe, Supplicatingly.exe.3.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: dlawt.exe, Supplicatingly.exe.3.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: text-x-generic.png.1.dr |
String found in binary or memory: http://jimmac.musichall.czif |
Source: dlawt.exe, 00000001.00000003.29438167474.000000000294B000.00000004.00000800.00020000.00000000.sdmp, idxcaption.xsl.1.dr |
String found in binary or memory: http://mozilla.org/MPL/2.0/. |
Source: dlawt.exe, Supplicatingly.exe.3.dr |
String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: dlawt.exe, Supplicatingly.exe.3.dr |
String found in binary or memory: http://ocsp.digicert.com0A |
Source: dlawt.exe, Supplicatingly.exe.3.dr |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: dlawt.exe, Supplicatingly.exe.3.dr |
String found in binary or memory: http://ocsp.digicert.com0X |
Source: dlawt.exe, 00000001.00000003.29438167474.000000000294B000.00000004.00000800.00020000.00000000.sdmp, idxcaption.xsl.1.dr |
String found in binary or memory: http://openoffice.org/2000/chart |
Source: dlawt.exe, 00000001.00000003.29438167474.000000000294B000.00000004.00000800.00020000.00000000.sdmp, idxcaption.xsl.1.dr |
String found in binary or memory: http://openoffice.org/2000/datastyle |
Source: dlawt.exe, 00000001.00000003.29438167474.000000000294B000.00000004.00000800.00020000.00000000.sdmp, idxcaption.xsl.1.dr |
String found in binary or memory: http://openoffice.org/2000/drawing |
Source: dlawt.exe, 00000001.00000003.29438167474.000000000294B000.00000004.00000800.00020000.00000000.sdmp, idxcaption.xsl.1.dr |
String found in binary or memory: http://openoffice.org/2000/help |
Source: dlawt.exe, 00000001.00000003.29438167474.000000000294B000.00000004.00000800.00020000.00000000.sdmp, idxcaption.xsl.1.dr |
String found in binary or memory: http://openoffice.org/2000/meta |
Source: dlawt.exe, 00000001.00000003.29438167474.000000000294B000.00000004.00000800.00020000.00000000.sdmp, idxcaption.xsl.1.dr |
String found in binary or memory: http://openoffice.org/2000/office |
Source: dlawt.exe, 00000001.00000003.29438167474.000000000294B000.00000004.00000800.00020000.00000000.sdmp, idxcaption.xsl.1.dr |
String found in binary or memory: http://openoffice.org/2000/style |
Source: dlawt.exe, 00000001.00000003.29438167474.000000000294B000.00000004.00000800.00020000.00000000.sdmp, idxcaption.xsl.1.dr |
String found in binary or memory: http://openoffice.org/2000/table |
Source: dlawt.exe, 00000001.00000003.29438167474.000000000294B000.00000004.00000800.00020000.00000000.sdmp, idxcaption.xsl.1.dr |
String found in binary or memory: http://openoffice.org/2000/text |
Source: dlawt.exe, 00000001.00000003.29438167474.000000000294B000.00000004.00000800.00020000.00000000.sdmp, idxcaption.xsl.1.dr |
String found in binary or memory: http://sun.com/2000/XMLSearch |
Source: dlawt.exe, 00000001.00000003.29438167474.000000000294B000.00000004.00000800.00020000.00000000.sdmp, idxcaption.xsl.1.dr |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0 |
Source: CasPol.exe, 00000003.00000003.29767497242.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.30020617540.000000000135F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://doc-0g-38-docs.googleusercontent.com/ |
Source: CasPol.exe, 00000003.00000003.30020617540.000000000135F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://doc-0g-38-docs.googleusercontent.com/c |
Source: CasPol.exe, 00000003.00000003.29767588712.00000000013E4000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.29761525520.00000000013D7000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.29761726305.00000000013F0000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.30020297095.00000000013E2000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.30019510096.000000000137C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://doc-0g-38-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/7ccvegr5 |
Source: CasPol.exe, 00000003.00000003.29767685396.00000000013F3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=12kdF3UKFZK3CB9va21Q6 |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_00404C68 |
1_2_00404C68 |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_0040698E |
1_2_0040698E |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_6EC41B63 |
1_2_6EC41B63 |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_03293C79 |
1_2_03293C79 |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_03283723 |
1_2_03283723 |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_0328BF23 |
1_2_0328BF23 |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_03287B06 |
1_2_03287B06 |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_0328936D |
1_2_0328936D |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_0329736F |
1_2_0329736F |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_03283762 |
1_2_03283762 |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_03284347 |
1_2_03284347 |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_0328438F |
1_2_0328438F |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_0328BF9D |
1_2_0328BF9D |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_0328379E |
1_2_0328379E |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_03294BEE |
1_2_03294BEE |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_0328BFF5 |
1_2_0328BFF5 |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_03287BCA |
1_2_03287BCA |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_03283628 |
1_2_03283628 |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_03293638 |
1_2_03293638 |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_03289230 |
1_2_03289230 |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_03283602 |
1_2_03283602 |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_03287A61 |
1_2_03287A61 |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_0328BE77 |
1_2_0328BE77 |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_03283653 |
1_2_03283653 |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_0328C2BB |
1_2_0328C2BB |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_032836BF |
1_2_032836BF |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_0328368D |
1_2_0328368D |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_032886EE |
1_2_032886EE |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_032836F9 |
1_2_032836F9 |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_0328C2CA |
1_2_0328C2CA |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_032892C5 |
1_2_032892C5 |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_03287D25 |
1_2_03287D25 |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_03294926 |
1_2_03294926 |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_0328BD0D |
1_2_0328BD0D |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_0328C51F |
1_2_0328C51F |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_0328C94D |
1_2_0328C94D |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_03289547 |
1_2_03289547 |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_03283956 |
1_2_03283956 |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_032879AF |
1_2_032879AF |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_032879A6 |
1_2_032879A6 |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_0328C999 |
1_2_0328C999 |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_0328BD9F |
1_2_0328BD9F |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_03283594 |
1_2_03283594 |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_032891E9 |
1_2_032891E9 |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_032839FD |
1_2_032839FD |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_03287DCB |
1_2_03287DCB |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_032839CC |
1_2_032839CC |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_0328BDCD |
1_2_0328BDCD |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_032835C5 |
1_2_032835C5 |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_032879C7 |
1_2_032879C7 |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_03288C37 |
1_2_03288C37 |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_0328C008 |
1_2_0328C008 |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_0328380D |
1_2_0328380D |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_0328941F |
1_2_0328941F |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_03283865 |
1_2_03283865 |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_0328387A |
1_2_0328387A |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_03287C7D |
1_2_03287C7D |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_0328C84D |
1_2_0328C84D |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_03293453 |
1_2_03293453 |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_0328C8A6 |
1_2_0328C8A6 |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_032838B7 |
1_2_032838B7 |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_03289490 |
1_2_03289490 |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_032838F7 |
1_2_032838F7 |
Source: C:\Users\user\Desktop\dlawt.exe |
Code function: 1_2_0328BCC2 |
1_2_0328BCC2 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Code function: 9_2_010E04B0 |
9_2_010E04B0 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Code function: 9_2_010E0938 |
9_2_010E0938 |
Source: C:\Program Files (x86)\DSL Monitor\dslmon.exe |
Code function: 11_2_051F04B0 |
11_2_051F04B0 |
Source: C:\Program Files (x86)\DSL Monitor\dslmon.exe |
Code function: 11_2_051F0938 |
11_2_051F0938 |
Source: C:\Program Files (x86)\DSL Monitor\dslmon.exe |
Code function: 13_2_056604B0 |
13_2_056604B0 |
Source: unknown |
Process created: C:\Users\user\Desktop\dlawt.exe "C:\Users\user\Desktop\dlawt.exe" |
|
Source: C:\Users\user\Desktop\dlawt.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe "C:\Users\user\Desktop\dlawt.exe" |
|
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe" /create /f /tn "DSL Monitor" /xml "C:\Users\user\AppData\Local\Temp\tmp7A08.tmp |
|
Source: C:\Windows\SysWOW64\schtasks.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe" /create /f /tn "DSL Monitor Task" /xml "C:\Users\user\AppData\Local\Temp\tmp7C99.tmp |
|
Source: C:\Windows\SysWOW64\schtasks.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: unknown |
Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\caspol.exe 0 |
|
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: unknown |
Process created: C:\Program Files (x86)\DSL Monitor\dslmon.exe "C:\Program Files (x86)\DSL Monitor\dslmon.exe" 0 |
|
Source: C:\Program Files (x86)\DSL Monitor\dslmon.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: unknown |
Process created: C:\Program Files (x86)\DSL Monitor\dslmon.exe "C:\Program Files (x86)\DSL Monitor\dslmon.exe" |
|
Source: C:\Program Files (x86)\DSL Monitor\dslmon.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\dlawt.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe "C:\Users\user\Desktop\dlawt.exe" |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe" /create /f /tn "DSL Monitor" /xml "C:\Users\user\AppData\Local\Temp\tmp7A08.tmp |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe" /create /f /tn "DSL Monitor Task" /xml "C:\Users\user\AppData\Local\Temp\tmp7C99.tmp |
Jump to behavior |
Source: C:\Users\user\Desktop\dlawt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DSL Monitor\dslmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DSL Monitor\dslmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DSL Monitor\dslmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DSL Monitor\dslmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DSL Monitor\dslmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DSL Monitor\dslmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DSL Monitor\dslmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DSL Monitor\dslmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DSL Monitor\dslmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DSL Monitor\dslmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DSL Monitor\dslmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DSL Monitor\dslmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DSL Monitor\dslmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DSL Monitor\dslmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DSL Monitor\dslmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DSL Monitor\dslmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DSL Monitor\dslmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DSL Monitor\dslmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DSL Monitor\dslmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DSL Monitor\dslmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DSL Monitor\dslmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DSL Monitor\dslmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DSL Monitor\dslmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DSL Monitor\dslmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DSL Monitor\dslmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DSL Monitor\dslmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DSL Monitor\dslmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DSL Monitor\dslmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DSL Monitor\dslmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DSL Monitor\dslmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DSL Monitor\dslmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DSL Monitor\dslmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DSL Monitor\dslmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DSL Monitor\dslmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\DSL Monitor\dslmon.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: dlawt.exe, 00000001.00000002.29792964846.0000000004F19000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Hyper-V Guest Shutdown Service |
Source: dlawt.exe, 00000001.00000002.29791062971.00000000008B8000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \??\C:\Program Files\Qemu-ga\qemu-ga.exe0 |
Source: dlawt.exe, 00000001.00000002.29792964846.0000000004F19000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Hyper-V Remote Desktop Virtualization Service |
Source: dlawt.exe, 00000001.00000002.29792339698.0000000003451000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoKERNELBASE.DLLshell32advapi32TEMP=windir=\Microsoft.NET\Framework\v2.0.50727\caspol.exewindir=\syswow64\iertutil.dll |
Source: dlawt.exe, 00000001.00000002.29792964846.0000000004F19000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: vmicshutdown |
Source: dlawt.exe, 00000001.00000002.29792964846.0000000004F19000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Hyper-V Volume Shadow Copy Requestor |
Source: dlawt.exe, 00000001.00000002.29792964846.0000000004F19000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Hyper-V PowerShell Direct Service |
Source: dlawt.exe, 00000001.00000002.29792964846.0000000004F19000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Hyper-V Time Synchronization Service |
Source: dlawt.exe, 00000001.00000002.29792964846.0000000004F19000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: vmicvss |
Source: CasPol.exe, 00000003.00000003.30019695752.000000000138B000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: CasPol.exe, 00000003.00000003.30019695752.000000000138B000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAWyD |
Source: dlawt.exe, 00000001.00000002.29792339698.0000000003451000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe |
Source: dlawt.exe, 00000001.00000002.29792964846.0000000004F19000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Hyper-V Data Exchange Service |
Source: dlawt.exe, 00000001.00000002.29792964846.0000000004F19000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Hyper-V Heartbeat Service |
Source: dlawt.exe, 00000001.00000002.29792964846.0000000004F19000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Hyper-V Guest Service Interface |
Source: dlawt.exe, 00000001.00000002.29792964846.0000000004F19000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: vmicheartbeat |
Source: dlawt.exe, 00000001.00000002.29790604096.0000000000878000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exepl |