Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.32 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.46.162.224 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.32 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.118.8.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.118.8.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.118.8.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.118.8.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.118.8.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.118.8.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.118.8.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.118.8.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.118.8.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.118.8.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.118.8.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.118.8.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.118.8.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.118.8.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.118.8.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.118.8.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.118.8.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.118.8.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.118.8.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.68.123.157 |
Source: global traffic |
HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS_YJbhGPufzLEGIjDTt_akc_527nJ4zoGCbAZn0AkDcVIV2VLuAM78mz4Tuc4onQdlIzVDE6yNOrZBZH0yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-05-02-04; NID=513=TDdb6B1qf0imS6sQ9UI386TSBmUeGbONEAs1g_SjFnFVZT8tlWjduo1BWv8tK_X2kdpw5DyqH6DyKssZClnoNAKybygsq-HKlTpEzxscqZJ_pjS1BKmEZAqlwshMLYfbeJHYWJdOjDcEir8XmubnkA88KvIUU07OLdpJjmvAUwk |
Source: global traffic |
HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgS_YJbhGPufzLEGIjDqkokB_Yx903z9S8-TdyWhW8iPlrZBrgRiiMPzrxlLxgoQH634QKXADTY9t1vdNmMyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-05-02-04; NID=513=TDdb6B1qf0imS6sQ9UI386TSBmUeGbONEAs1g_SjFnFVZT8tlWjduo1BWv8tK_X2kdpw5DyqH6DyKssZClnoNAKybygsq-HKlTpEzxscqZJ_pjS1BKmEZAqlwshMLYfbeJHYWJdOjDcEir8XmubnkA88KvIUU07OLdpJjmvAUwk |
Source: global traffic |
HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=hBoxWr7ezrOa1ze&MD=M6HZe6PE HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=hBoxWr7ezrOa1ze&MD=M6HZe6PE HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: global traffic |
HTTP traffic detected: GET /raw/s4TipmJt HTTP/1.1Host: pastebin.com |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49744 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49743 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49817 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49742 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49789 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49743 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49746 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49803 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49795 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49739 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49849 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49736 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49735 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49734 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49733 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49841 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49675 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49853 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49851 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49837 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49763 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49823 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49849 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49847 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49735 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49845 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49843 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49841 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49819 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49787 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49745 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49793 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49805 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49831 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49839 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49837 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49847 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49835 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49774 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49833 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49757 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49782 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49799 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49734 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49831 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49797 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49839 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49795 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49793 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49791 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49765 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49853 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49768 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49825 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49829 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49811 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49827 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49825 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49823 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49789 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49733 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49821 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49787 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49785 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49813 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49782 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49780 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49785 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49807 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49833 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49819 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49776 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49799 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49817 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49845 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49815 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49736 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49791 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49759 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49813 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49753 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49778 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49811 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49776 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49774 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49773 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49770 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49742 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49767 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49780 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49827 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49851 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49809 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49807 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49805 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49773 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49803 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49768 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49801 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49739 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49767 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49765 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49763 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49761 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49678 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49821 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49815 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49770 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49797 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49801 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49809 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49759 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49778 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49757 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49755 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49755 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49753 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49843 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49835 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49761 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49744 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49829 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49746 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49745 |
Source: 0.2.G1lnGpOLK4.exe.1390000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 0.2.G1lnGpOLK4.exe.1390000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects RevengeRAT malware Author: Florian Roth |
Source: 0.2.G1lnGpOLK4.exe.1390000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects a malicious Worm Andromeda / RETADUP Author: Florian Roth |
Source: 0.2.G1lnGpOLK4.exe.1390000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 0.2.G1lnGpOLK4.exe.1390000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects unknown malware sample with pastebin RAW URL Author: Florian Roth |
Source: 0.2.G1lnGpOLK4.exe.1390000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 0.2.G1lnGpOLK4.exe.1390000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 0.2.G1lnGpOLK4.exe.1390000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 0.2.G1lnGpOLK4.exe.1390000.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 0.2.G1lnGpOLK4.exe.1390000.1.unpack, type: UNPACKEDPE |
Matched rule: Detects RevengeRAT malware Author: Florian Roth |
Source: 0.2.G1lnGpOLK4.exe.1390000.1.unpack, type: UNPACKEDPE |
Matched rule: Detects a malicious Worm Andromeda / RETADUP Author: Florian Roth |
Source: 0.2.G1lnGpOLK4.exe.1390000.1.unpack, type: UNPACKEDPE |
Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 0.2.G1lnGpOLK4.exe.1390000.1.unpack, type: UNPACKEDPE |
Matched rule: Detects unknown malware sample with pastebin RAW URL Author: Florian Roth |
Source: 0.2.G1lnGpOLK4.exe.1390000.1.unpack, type: UNPACKEDPE |
Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 0.2.G1lnGpOLK4.exe.1390000.1.unpack, type: UNPACKEDPE |
Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 0.2.G1lnGpOLK4.exe.1390000.1.unpack, type: UNPACKEDPE |
Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 00000000.00000002.4074957187.00000000130AD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 00000000.00000002.4074957187.00000000130AD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000000.00000002.4074957187.00000000130AD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 00000000.00000002.4072762585.0000000001390000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 00000000.00000002.4072762585.0000000001390000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detects RevengeRAT malware Author: Florian Roth |
Source: 00000000.00000002.4072762585.0000000001390000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detects a malicious Worm Andromeda / RETADUP Author: Florian Roth |
Source: 00000000.00000002.4072762585.0000000001390000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 00000000.00000002.4072762585.0000000001390000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detects unknown malware sample with pastebin RAW URL Author: Florian Roth |
Source: 00000000.00000002.4072762585.0000000001390000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000000.00000002.4072762585.0000000001390000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 00000000.00000002.4072762585.0000000001390000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 0.2.G1lnGpOLK4.exe.1390000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 0.2.G1lnGpOLK4.exe.1390000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.G1lnGpOLK4.exe.1390000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Andromeda_MalBot_Jun_1A date = 2017-06-30, hash4 = 42a02e6cf7c424c12f078fca21805de072842ec52a25ea87bd7d53e7feb536ed, hash3 = 66035cc81e811735beab573013950153749b02703eae58b90430646f6e3e3eb4, hash2 = 73cecc67bb12cf5a837af9fba15b7792a6f1a746b246b34f8ed251c4372f1a98, hash1 = 3c223bbf83ac2f91c79383a53ed15b0c8ffe2caa1bf52b26c17fd72278dc7ef9, author = Florian Roth, description = Detects a malicious Worm Andromeda / RETADUP, reference = http://blog.trendmicro.com/trendlabs-security-intelligence/information-stealer-found-hitting-israeli-hospitals/, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.G1lnGpOLK4.exe.1390000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.G1lnGpOLK4.exe.1390000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Unknown_Malware_Sample_Jul17_2 date = 2017-08-01, hash1 = 3530d480db082af1823a7eb236203aca24dc3685f08c301466909f0794508a52, author = Florian Roth, description = Detects unknown malware sample with pastebin RAW URL, reference = https://goo.gl/iqH8CK, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.G1lnGpOLK4.exe.1390000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 0.2.G1lnGpOLK4.exe.1390000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 0.2.G1lnGpOLK4.exe.1390000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 0.2.G1lnGpOLK4.exe.1390000.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 0.2.G1lnGpOLK4.exe.1390000.1.unpack, type: UNPACKEDPE |
Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.G1lnGpOLK4.exe.1390000.1.unpack, type: UNPACKEDPE |
Matched rule: Andromeda_MalBot_Jun_1A date = 2017-06-30, hash4 = 42a02e6cf7c424c12f078fca21805de072842ec52a25ea87bd7d53e7feb536ed, hash3 = 66035cc81e811735beab573013950153749b02703eae58b90430646f6e3e3eb4, hash2 = 73cecc67bb12cf5a837af9fba15b7792a6f1a746b246b34f8ed251c4372f1a98, hash1 = 3c223bbf83ac2f91c79383a53ed15b0c8ffe2caa1bf52b26c17fd72278dc7ef9, author = Florian Roth, description = Detects a malicious Worm Andromeda / RETADUP, reference = http://blog.trendmicro.com/trendlabs-security-intelligence/information-stealer-found-hitting-israeli-hospitals/, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.G1lnGpOLK4.exe.1390000.1.unpack, type: UNPACKEDPE |
Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.G1lnGpOLK4.exe.1390000.1.unpack, type: UNPACKEDPE |
Matched rule: Unknown_Malware_Sample_Jul17_2 date = 2017-08-01, hash1 = 3530d480db082af1823a7eb236203aca24dc3685f08c301466909f0794508a52, author = Florian Roth, description = Detects unknown malware sample with pastebin RAW URL, reference = https://goo.gl/iqH8CK, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.G1lnGpOLK4.exe.1390000.1.unpack, type: UNPACKEDPE |
Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 0.2.G1lnGpOLK4.exe.1390000.1.unpack, type: UNPACKEDPE |
Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 0.2.G1lnGpOLK4.exe.1390000.1.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 00000000.00000002.4074957187.00000000130AD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 00000000.00000002.4074957187.00000000130AD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000000.00000002.4074957187.00000000130AD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 00000000.00000002.4072762585.0000000001390000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 00000000.00000002.4072762585.0000000001390000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: RevengeRAT_Sep17 date = 2017-09-04, hash3 = fe00c4f9c8439eea50b44f817f760d8107f81e2dba7f383009fde508ff4b8967, hash2 = 7c271484c11795876972aabeb277c7b3035f896c9e860a852d69737df6e14213, hash1 = 2a86a4b2dcf1657bcb2922e70fc787aa9b66ec1c26dc2119f669bd2ce3f2e94a, author = Florian Roth, description = Detects RevengeRAT malware, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000000.00000002.4072762585.0000000001390000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Andromeda_MalBot_Jun_1A date = 2017-06-30, hash4 = 42a02e6cf7c424c12f078fca21805de072842ec52a25ea87bd7d53e7feb536ed, hash3 = 66035cc81e811735beab573013950153749b02703eae58b90430646f6e3e3eb4, hash2 = 73cecc67bb12cf5a837af9fba15b7792a6f1a746b246b34f8ed251c4372f1a98, hash1 = 3c223bbf83ac2f91c79383a53ed15b0c8ffe2caa1bf52b26c17fd72278dc7ef9, author = Florian Roth, description = Detects a malicious Worm Andromeda / RETADUP, reference = http://blog.trendmicro.com/trendlabs-security-intelligence/information-stealer-found-hitting-israeli-hospitals/, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000000.00000002.4072762585.0000000001390000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000000.00000002.4072762585.0000000001390000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Unknown_Malware_Sample_Jul17_2 date = 2017-08-01, hash1 = 3530d480db082af1823a7eb236203aca24dc3685f08c301466909f0794508a52, author = Florian Roth, description = Detects unknown malware sample with pastebin RAW URL, reference = https://goo.gl/iqH8CK, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000000.00000002.4072762585.0000000001390000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000000.00000002.4072762585.0000000001390000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 00000000.00000002.4072762585.0000000001390000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: unknown |
Process created: C:\Users\user\Desktop\G1lnGpOLK4.exe "C:\Users\user\Desktop\G1lnGpOLK4.exe" |
|
Source: unknown |
Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:/// |
|
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=2036,i,13697505174205213952,6185066048164698462,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 |
|
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process created: C:\Windows\System32\cmd.exe cmd /c powershell Set-MpPreference -DisableRealtimeMonitoring $true |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Set-MpPreference -DisableRealtimeMonitoring $true |
|
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process created: C:\Windows\System32\cmd.exe cmd /c sc query windefend |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\sc.exe sc query windefend |
|
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process created: C:\Windows\System32\cmd.exe cmd /c sc stop windefend |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\sc.exe sc stop windefend |
|
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process created: C:\Windows\System32\cmd.exe cmd /c sc delete windefend |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\sc.exe sc delete windefend |
|
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process created: C:\Windows\System32\cmd.exe cmd /c powershell Set-MpPreference -DisableRealtimeMonitoring $true |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process created: C:\Windows\System32\cmd.exe cmd /c sc query windefend |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process created: C:\Windows\System32\cmd.exe cmd /c sc stop windefend |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process created: C:\Windows\System32\cmd.exe cmd /c sc delete windefend |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=2036,i,13697505174205213952,6185066048164698462,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Set-MpPreference -DisableRealtimeMonitoring $true |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\sc.exe sc query windefend |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\sc.exe sc stop windefend |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\sc.exe sc delete windefend |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Section loaded: rasapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Section loaded: rasman.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Section loaded: rtutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Section loaded: security.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: atl.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msisip.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wshext.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: appxsip.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: opcservices.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: microsoft.management.infrastructure.native.unmanaged.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mi.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: miutils.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wmidcom.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: fastprox.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: ncobjapi.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: mpclient.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: wmitomi.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: mi.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: miutils.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: miutils.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\G1lnGpOLK4.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: G1lnGpOLK4.exe, 00000000.00000002.4071932100.0000000000F75000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Program Manager.3.16 |
Source: G1lnGpOLK4.exe, 00000000.00000002.4071932100.0000000000F75000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Program Managerrok.ioH |
Source: G1lnGpOLK4.exe, 00000000.00000002.4071932100.0000000000F75000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Program Managerrok.ioM |
Source: G1lnGpOLK4.exe, 00000000.00000002.4071932100.0000000000F75000.00000004.00000020.00020000.00000000.sdmp, G1lnGpOLK4.exe, 00000000.00000002.4074957187.00000000130AD000.00000004.00000800.00020000.00000000.sdmp, G1lnGpOLK4.exe, 00000000.00000002.4072762585.0000000001390000.00000004.08000000.00040000.00000000.sdmp |
Binary or memory string: Program Manager |
Source: G1lnGpOLK4.exe, 00000000.00000002.4071932100.0000000000F75000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Program Manager b |
Source: G1lnGpOLK4.exe, 00000000.00000002.4074957187.00000000130AD000.00000004.00000800.00020000.00000000.sdmp, G1lnGpOLK4.exe, 00000000.00000002.4072762585.0000000001390000.00000004.08000000.00040000.00000000.sdmp |
Binary or memory string: Progman |
Source: G1lnGpOLK4.exe, 00000000.00000002.4071932100.0000000000F75000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Program Managero |
Source: G1lnGpOLK4.exe, 00000000.00000002.4071932100.0000000000F75000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Program Manager0 |
Source: G1lnGpOLK4.exe, 00000000.00000002.4071932100.0000000000F75000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Program Managerm |
Source: G1lnGpOLK4.exe, 00000000.00000002.4074957187.00000000130AD000.00000004.00000800.00020000.00000000.sdmp, G1lnGpOLK4.exe, 00000000.00000002.4072762585.0000000001390000.00000004.08000000.00040000.00000000.sdmp |
Binary or memory string: Shell_TrayWnd+set CDAudio door open/set CDAudio door closed |
Source: G1lnGpOLK4.exe, 00000000.00000002.4071932100.0000000000F75000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Program Managermk.ioe |
Source: G1lnGpOLK4.exe, 00000000.00000002.4072983013.000000000318B000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Program Managerx |
Source: G1lnGpOLK4.exe, 00000000.00000002.4071932100.0000000000F75000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Program Managerrok.io| |
Source: G1lnGpOLK4.exe, 00000000.00000002.4071932100.0000000000F75000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Program Managero? |
Source: G1lnGpOLK4.exe, 00000000.00000002.4071932100.0000000000F75000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Program Manager@ |
Source: G1lnGpOLK4.exe, 00000000.00000002.4071932100.0000000000F75000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Program Manager`[ |
Source: G1lnGpOLK4.exe, 00000000.00000002.4071932100.0000000000F75000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Program Managerrok.io |
Source: G1lnGpOLK4.exe, 00000000.00000002.4071932100.0000000000F75000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Program Manager| |
Source: G1lnGpOLK4.exe, 00000000.00000002.4071932100.0000000000F75000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Program ManagerYQ |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation |
Jump to behavior |