Source: unknown |
TCP traffic detected without corresponding DNS query: 104.98.116.138 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.98.116.138 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.98.116.138 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 204.79.197.203 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 204.79.197.203 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 204.79.197.203 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 204.79.197.203 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 204.79.197.203 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.50.201.200 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.50.201.200 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.98.116.138 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.98.116.138 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.98.116.138 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 204.79.197.203 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.50.201.200 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.98.116.138 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.50.201.200 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.50.201.200 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 204.79.197.203 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.50.201.200 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.98.116.138 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.98.116.138 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.98.116.138 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.98.116.138 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.98.116.138 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.98.116.138 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.50.201.200 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.98.116.138 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.92.242.85 |
Source: wscript.exe, 00000000.00000003.1421104712.0000022662DEA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1419126722.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1422613838.0000022662E16000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421357637.0000022662DF8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1197941339.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1198115471.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1198078112.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1197756704.00000226647D0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1419126722.00000226647DE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1420035528.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421048524.0000022662DCD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1197984079.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1197804781.0000022662DEA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1418175988.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1198036947.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421011003.00000226647C2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1422666211.0000022662E81000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1420751978.0000022662E81000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1422054641.00000226647C5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423056331.00000226647C6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1197842875.00000226647EE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://app01.system.com.br/RDWeb/Pages/login.aspx |
Source: wscript.exe, 00000000.00000003.1197893332.00000226647C4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1198150141.00000226647CF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1198174575.00000226647CF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1197929809.00000226647CE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://app01.system.com.br/RDWeb/Pages/login.aspx0 |
Source: wscript.exe, 00000000.00000002.1422666211.0000022662E81000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1420751978.0000022662E81000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://app01.system.com.br/RDWeb/Pages/login.aspxT |
Source: wscript.exe, 00000000.00000003.1419126722.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1197941339.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1198115471.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1198078112.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1420035528.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1197984079.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1418175988.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1198036947.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1197842875.00000226647EE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421320095.00000226647F0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://app01.system.com.br/RDWeb/Pages/login.aspxd |
Source: MSBuild.exe, 00000012.00000002.2549242088.00000000071F0000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: http://james.newtonking.com/projects/json |
Source: powershell.exe, 0000000E.00000002.1963089159.000001322BD0F000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000012.00000002.2501923304.0000000003091000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: tmpBC62.tmp.dat.18.dr, tmpBCA4.tmp.dat.18.dr |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: powershell.exe, 0000000E.00000002.1963089159.000001322BCBE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore6 |
Source: powershell.exe, 0000000E.00000002.1963089159.000001322BCDE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore68 |
Source: wscript.exe, 00000000.00000003.1420543932.0000022664EBC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423394983.0000022664EC1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421492546.0000022664E05000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://analytics.paste.ee |
Source: wscript.exe, 00000000.00000003.1420543932.0000022664EBC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423394983.0000022664EC1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421492546.0000022664E05000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://analytics.paste.ee; |
Source: tmpBC62.tmp.dat.18.dr, tmpBCA4.tmp.dat.18.dr |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: wscript.exe, 00000000.00000003.1420543932.0000022664EBC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423394983.0000022664EC1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421492546.0000022664E05000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdnjs.cloudflare.com |
Source: wscript.exe, 00000000.00000003.1420543932.0000022664EBC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423394983.0000022664EC1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421492546.0000022664E05000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdnjs.cloudflare.com; |
Source: tmpBC62.tmp.dat.18.dr, tmpBCA4.tmp.dat.18.dr |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: tmpBC62.tmp.dat.18.dr, tmpBCA4.tmp.dat.18.dr |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: tmpBC62.tmp.dat.18.dr, tmpBCA4.tmp.dat.18.dr |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: tmpBC62.tmp.dat.18.dr, tmpBCA4.tmp.dat.18.dr |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: tmpBC62.tmp.dat.18.dr, tmpBCA4.tmp.dat.18.dr |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: wscript.exe, 00000000.00000003.1420543932.0000022664EBC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423394983.0000022664EC1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421492546.0000022664E05000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://fonts.googleapis.com |
Source: wscript.exe, 00000000.00000003.1420543932.0000022664EBC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423394983.0000022664EC1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421492546.0000022664E05000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://fonts.gstatic.com; |
Source: MSBuild.exe, 00000012.00000002.2501923304.0000000003091000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000012.00000002.2549242088.00000000071F0000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://github.com/LimerBoy/StormKitty |
Source: powershell.exe, 0000000E.00000002.1999796603.0000013243D28000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://go.microsoft.co |
Source: wscript.exe, 00000000.00000003.1418969755.0000022664EE1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423394983.0000022664EDB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1420543932.0000022664EDB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com |
Source: wscript.exe, 00000000.00000003.1420751978.0000022662E46000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://paste.ee/ |
Source: wscript.exe, 00000000.00000003.1420883430.0000022664EAA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421166233.0000022664EAD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1419126722.00000226647DE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1418969755.0000022664EE1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423394983.0000022664EDB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421492546.0000022664E05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421011003.00000226647C2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1422054641.00000226647C5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1419188810.00000226647EB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423363714.0000022664EB2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1420543932.0000022664EDB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423056331.00000226647C6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423028881.00000226647C0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://paste.ee/d/thAhY |
Source: wscript.exe, 00000000.00000003.1420883430.0000022664EAA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421166233.0000022664EAD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423363714.0000022664EB2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://paste.ee/d/thAhYf/ |
Source: wscript.exe, 00000000.00000003.1420751978.0000022662E30000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1422666211.0000022662E33000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://paste.ee/d/thAhYolume4Z |
Source: wscript.exe, 00000000.00000003.1421492546.0000022664E05000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://paste.ee/d/thAhYs |
Source: wscript.exe, 00000000.00000003.1420543932.0000022664EBC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423394983.0000022664EC1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421492546.0000022664E05000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://secure.gravatar.com |
Source: places.raw.18.dr |
String found in binary or memory: https://support.mozilla.org |
Source: places.raw.18.dr |
String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
Source: places.raw.18.dr |
String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK |
Source: wscript.exe, 00000000.00000003.1420543932.0000022664EBC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423394983.0000022664EC1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421492546.0000022664E05000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://themes.googleusercontent.com |
Source: powershell.exe, 00000010.00000002.1954641408.000002253E5B0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029 |
Source: MSBuild.exe, 00000012.00000002.2549242088.00000000071F0000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://urn.to/r/sds_see |
Source: MSBuild.exe, 00000012.00000002.2549242088.00000000071F0000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://urn.to/r/sds_seeaCould |
Source: tmpBC62.tmp.dat.18.dr, tmpBCA4.tmp.dat.18.dr |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: wscript.exe, 00000000.00000003.1420543932.0000022664EBC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423394983.0000022664EC1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421492546.0000022664E05000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com |
Source: tmpBC62.tmp.dat.18.dr, tmpBCA4.tmp.dat.18.dr |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: wscript.exe, 00000000.00000003.1420543932.0000022664EBC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423394983.0000022664EC1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421492546.0000022664E05000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com; |
Source: wscript.exe, 00000000.00000003.1420543932.0000022664EBC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1423394983.0000022664EC1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1421492546.0000022664E05000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.gstatic.com |
Source: places.raw.18.dr |
String found in binary or memory: https://www.mozilla.org |
Source: places.raw.18.dr |
String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.jXqaKJMO4ZEP |
Source: places.raw.18.dr |
String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.NYz0wxyUaYSW |
Source: MSBuild.exe, 00000012.00000002.2530205557.00000000042AB000.00000004.00000800.00020000.00000000.sdmp, tmp31E6.tmp.dat.18.dr, places.raw.18.dr |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d |
Source: places.raw.18.dr |
String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
Source: MSBuild.exe, 00000012.00000002.2530205557.00000000042AB000.00000004.00000800.00020000.00000000.sdmp, tmp31E6.tmp.dat.18.dr, places.raw.18.dr |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www. |
Source: MSBuild.exe, 00000012.00000002.2549242088.00000000071F0000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://www.newtonsoft.com/jsonschema |
Source: MSBuild.exe, 00000012.00000002.2549242088.00000000071F0000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson |
Source: 18.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: 18.2.MSBuild.exe.6c30000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen |
Source: 18.2.MSBuild.exe.6c30000.1.unpack, type: UNPACKEDPE |
Matched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen |
Source: 18.2.MSBuild.exe.71f0000.2.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 18.2.MSBuild.exe.71f0000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 00000012.00000002.2491457126.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: 00000012.00000002.2549068549.0000000006C30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen |
Source: 00000012.00000002.2549242088.00000000071F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: Process Memory Space: powershell.exe PID: 7536, type: MEMORYSTR |
Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen |