Windows Analysis Report
SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe

Overview

General Information

Sample name: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe
Analysis ID: 1467826
MD5: 56d222d5febef9fb176df8c79d28c8ae
SHA1: e1e949d891ddb4039a7034eade86beaefc531d9e
SHA256: d1f800693df281cd68144d531f598c40b71b36138f4cc2655abdbf8d2990e92b
Tags: exe
Infos:

Detection

Score: 52
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly
Creates a process in suspended mode (likely to inject code)
PE file contains sections with non-standard names
Program does not show much activity (idle)
Queries the volume information (name, serial number etc) of a device

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe ReversingLabs: Detection: 28%
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Static PE information: certificate valid
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: http://creativecommons.org/publicdomain/zero/1.0
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: http://crl.ngrok-agent.com/ngrok.crlURL
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: http://crl.ngrok.com/ngrok.crl227373675443232059478759765625reflect:
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: http://fsf.org/
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: http://jedwatson.github.io/classnames
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: http://mattn.mit-license.org/2013
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: http://ocsp.digicert.com0
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: http://ocsp.digicert.com0A
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: http://ocsp.digicert.com0C
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: http://ocsp.digicert.com0X
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: http://www.apache.org/licenses/
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: http://www.digicert.com/CPS0
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: http://www.eslinstructor.net/vkbeautify/
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: http://www.gnu.org/licenses/gpl.html
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: https://api.ngrok.comunsupported
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: https://dashboard.ngrok.com/api.
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: https://dashboard.ngrok.com/api/keys)
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: https://dashboard.ngrok.com/billing/subscription
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: https://dns.google.com/resolve?/tunnel_sessions/
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: https://getbootstrap.com/)
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: https://github.com/golang/protobuf/issues/1609):
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys)
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: https://github.com/spf13/cobra/issues/1279
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: https://github.com/spf13/cobra/issues/1508
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: https://instrumentation-telemetry-intake.datadoghq.com/api/v2/apmtelemetryAddAttrs
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: https://ngrok....Certificate
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: https://ngrok.com/docs/api#authentication).
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: https://ngrok.com/docs/cloud-edge/endpoints#certificate-chains).Integer
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: https://ngrok.com/docs/cloud-edge/endpoints#private-keys).A
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: https://ngrok.com/docs/cloud-edge/modules/webhook-verification
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: https://ngrok.com/docs/cloud-edge/modules/webhook-verification)the
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe, 00000003.00000002.2149736880.000000C0002A2000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe, 00000003.00000002.2151794288.000000C000572000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://ngrok.com/docs/errors/err_ngrok_8012
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: https://ngrok.com/docs/errorsfailed
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: https://ngrok.com/tos
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: https://ngrok.com/tosAuto
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-K3RD62G
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe, 00000000.00000002.3374827412.000000C0000C0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe, 00000003.00000002.2151794288.000000C000572000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.ngrok.com
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Binary string: bindm in unexpected GOOSrunqsteal: runq overflowdouble traceGCSweepStartbad use of trace.seqlockfloating point exceptionconnection reset by peerlevel 2 not synchronizedlink number out of rangeout of streams resourcesfunction not implementedstructure needs cleaningnot supported by windowsCertFreeCertificateChainCreateToolhelp32SnapshotGetUserProfileDirectoryWSA Pacific Standard TimeSA Eastern Standard TimeUS Eastern Standard TimeSA Western Standard TimeMontevideo Standard TimeMagallanes Standard TimePacific SA Standard TimeAzerbaijan Standard TimeBangladesh Standard TimeNorth Asia Standard TimeCape Verde Standard Timeexpected float; found %sGot update major commandunknown region '%s' - %sCheck for update failed:timed out while updating/inspect/http/.+/requestapplication/octet-stream2006-01-02T15:04:05-0700log15: unknown level: %vMon Jan _2 15:04:05 2006text/html; charset=utf-8unexpected buffer len=%vinvalid pseudo-header %qframe_headers_prio_shortinvalid request :path %qread_frame_conn_error_%sstream %d already openedConnContext returned nilRequest Entity Too Largehttp: nil Request.Headerhttps-edge-route-backendmodule.authorized-groupsresponse-headers.enabledoauth.inactivity-timeoutsaml.options-passthroughsaml.allow-idp-initiatedoidc.options-passthroughDelete an IP restrictionDelete a TLS certificatetls-edge-tls-terminationexec: Stdout already setexec: Stderr already setBuffer called after Scanerror decrypting messagecertificate unobtainableTLS_RSA_WITH_RC4_128_SHAjson: unsupported type: buffer closed previouslyTunnelV2IPRestrictedCodeAuthInvalidUserAgentCodeAPIInvalidCredentialCodeAPIInvalidTLSVersionCodeAPIInvalidIPPolicyIDCodeAPIInvalidEventFieldCodeBindUnsupportedProtoCodeBindIPPolicyNotExistCodeBindDomainUnderscoreCodeCredsDescrCharsLimitCodeSSHTunnelBadProtocolCodeSSHTunnelPortInvalidCodeIPPolicyRuleNotFoundCodeIPPolicyMissingParamCodeMwRuntimeExplicitBanCodeAccountNotAuthorizedCodeMapNonexistentServerCodeHTMLDisallowedRegionCodeBannedAddrIDNotFoundCodeBackendWeightedLimitCodeBackendFailoverLimitCodeEdgeDeleteStillInUseCodeEdgeHeaderKeyInvalidCodeEdgeHeaderValInvalidCodeEdgeValidationErrorsCodeEdgeHostportNotFoundCodeEdgeInvalidPortRangeCodeEdgeRouteNoMatchExprCodeEdgeInvalidMatchTypeCodeEdgeOIDCScopeTooLongCodeDashClientInvalidARNCodeCorpClientInvalidARNCodeMFADeviceTypeInvalidCode [%d/%d from method '%s'failed to write response/abuse_reports/{{ .ID }}/certificate_authoritiesWaitToKillServiceTimeoutAllocateAndInitializeSidBuildSecurityDescriptorWAssignProcessToJobObjectGenerateConsoleCtrlEventGetMaximumProcessorCountGetNamedPipeHandleStateWSetConsoleCursorPositionSetDefaultDllDirectoriesNtQuerySystemInformationSetupDiCreateDeviceInfoWSetupDiGetSelectedDeviceSetupDiSetSelectedDeviceGetWindowThreadProcessIdduplicate %TAG directiveread handler must be setexceeded max depth of %dwhile scanning an anchorSet application protocolx509: malformed validityaddress string too shortsuccessful verify of CRLskipping out of date CRL\Device\NamedPipe\cygwin
Source: classification engine Classification label: mal52.winEXE@6/2@0/0
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6708:120:WilError_03
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe File opened: C:\Windows\system32\488530dd4d2e1092c100b934007345f38fd3879c54eb049acdd9f4532318855fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe File opened: C:\Windows\system32\0dcd520cd4936fccd8ac73ad323559c05e752a50fecf4e3bcbcd1af12187ff64AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA Jump to behavior
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe ReversingLabs: Detection: 28%
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException ptrSize= targetpc= until pc=unknown pcruntime: ggoroutine terminatedowner diedDnsQuery_WGetIfEntryCancelIoExCreatePipeGetVersionWSACleanupWSAStartupgetsockoptsetsockoptdnsapi.dll%!Weekday(short read --%sint32Sliceint64Slice<no value>value for arg %d: %wChorasmianDevanagariGlagoliticKharoshthiManichaeanOld_ItalicOld_PermicOld_TurkicOld_UyghurPhoenicianSaurashtraForwardingconnectingerror.htmldisconnecttunnelNameUser-Agent/static/.+vendor.css.localhostwsarecvmsgwsasendmsgIP addressunixpacket netGo = ConnectionKeep-Alivelocal-addrimage/webpimage/jpegaudio/aiffaudio/mpegaudio/midiaudio/wavevideo/webmfont/woff2RST_STREAMEND_STREAMSet-Cookiebytes */%d stream=%dset-cookieuser-agentkeep-alive:authorityconnectionequivalentHost: %s
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: assets/tls/Interactivesechost.dllversion.dllGetFileTimeSetCommMaskVirtualFreeCoGetObjectEnumWindowsMessageBoxWmapping endyYnNtTfFoO~!!timestamphost-headercompressionoauth-scopepolicy-fileremote-addrnext_updategocachehashgocachetestarchive/tarcrypto/x509archive/zipInstCaptureInstRuneAny[:^xdigit:]parse errorexpected :=empty fieldSystemDriveProgramDatamin_versiongot requestcannot copyCERTIFICATEcontextmenucrossoriginformenctypeplaceholder_eval_args_\x3C/scriptdevelopmentMARTINI_ENVgrpc-statuspassthroughgrpc.Server"CANCELLED""NOT_FOUND""DATA_LOSS"UnavailableUNAVAILABLEpb.db_codec> in space ReportFaultuser_facingerror.stackhttp.methodhttp.flavorClassHESIODauthoritiesadditionalsIn-Reply-ToReturn-Pathhttps_proxyBernoullis;CirclePlus;EqualTilde;Fouriertrf;ImaginaryI;Laplacetrf;LeftVector;Lleftarrow;NotElement;NotGreater;Proportion;RightArrow;RightFloor;Rightarrow;TildeEqual;TildeTilde;UnderBrace;UpArrowBar;UpTeeArrow;circledast;complement;curlywedge;eqslantgtr;gtreqqless;lessapprox;lesseqqgtr;lmoustache;longmapsto;mapstodown;mapstoleft;nLeftarrow;nleftarrow;precapprox;rightarrow;rmoustache;sqsubseteq;sqsupseteq;subsetneqq;succapprox;supsetneqq;upuparrows;varepsilon;varnothing;ThickSpace;nsubseteqq;nsupseteqq;allocationsinuse_spacealloc_spacecontentions0x[0-9a-f]+do_memaligntc_memaligntc_newarrayruntime\..*_M_allocatenanoseconds# Sys = %d
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: ; EXPIRE: ;; opcode: AUTHORITY: Fixed32KindFixed64KindMessageKindnested_typeoneof_indexallow_aliasoutput_typejson_formatdeclarationStatusCode(NOT_SERVINGChannel #%d{Addr: %q, Closing: %vGrpc-Statusround_robinnot allowedlast minuteDECLARATION"-Infinity"timestamptzsslrootcert READ WRITEpostgres://15:04:05-07.postgresqltransactionmutex.pprofblock.pprofMachineGuidProductNamehttp.schemehttp.targetnet.host.ipnet.peer.ipavx512vnniwavx512vbmi2_INT2VECTORTIMESTAMPTZPG_DATABASEREGOPERATORANYNONARRAYFDW_HANDLERTSM_HANDLERCGO_ENABLED (SQLSTATE pprof::baseapp-startedapp-closingBackupWriteFieldRangesFileImportsCardinalityHasJSONNameHasPresenceIsExtensionfallthrough^([^:]+)://api.pricingautoscalingcloudsearchcognito-idpdevops-guruelasticacheiotsitewiseiotwirelessivsrealtimeopsworks-cmpersonalizerekognitionruntime.lexs3-outpostssecurityhubvoice-chimevpc-latticeUS ISO EastUS ISO WEST<sensitive>Content-Md5,omitempty,<panic: %s>exit status can't happen_ACTIVE_HELPthis commandversion for Subcommand 'write-reportgoogle_httpsResolver: %sHostname: %sConnectivity%s [command]usageExamplecommand_lineSet '%s: %s'socks5_proxysocks5-proxyterminate-athttp://%s:80api_base_url152587890625762939453125short buffer has no name has no typereflect.CopyOpenServiceWRevertToSelfCreateEventWGetConsoleCPUnlockFileExVirtualQueryadvapi32.dlliphlpapi.dllkernel32.dllnetapi32.dllsweepWaiterstraceStringsspanSetSpinemspanSpecialgcBitsArenasmheapSpecialgcpacertracemadvdontneedharddecommitdumping heapchan receivelfstack.push span.limit= span.state=bad flushGen MB stacks, worker mode nDataRoots= nSpanRoots= wbuf1=<nil> wbuf2=<nil> gcscandone runtime: gp= found at *( s.elemsize= B (
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: [0m=%s.in-addr.arpa.unknown mode: Content-LengthMAX_FRAME_SIZEPROTOCOL_ERRORINTERNAL_ERRORREFUSED_STREAMbytes %d-%d/%dERR_UNKNOWN_%daccept-charsetcontent-lengthfirst_settingsping_on_streamtrailers_bogusread_frame_eof{$} not at endempty wildcardinvalid methodparsing %q: %wunknown error unknown code: Not Acceptablemodule.enabledoidc.client-idreserved-addrscertificate-idelliptic-curvestatic-address
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: Operation ID: %sNgrok-Operation-Id/backends/failover/backends/weighted/tunnels/{{ .ID }}assets/BUILD.bazelassets/credits.txtassets/static/css/CM_MapCrToWin32ErrCloseServiceHandleCreateWellKnownSidGetSidSubAuthorityMakeSelfRelativeSDCertGetNameStringWCryptUnprotectDataPFXImportCertStoreGetBestInterfaceExClosePseudoConsoleEscapeCommFunctionGetCommModemStatusGetCurrentThreadIdGetModuleHandleExWGetVolumePathNameWRemoveDllDirectoryTerminateJobObjectWriteProcessMemoryEnumProcessModulesGetModuleBaseNameWtag:yaml.org,2002:oauth-allow-domainoidc app client idoidc-client-secretrequest-header-addunable to parse IPnetip.ParsePrefix(error fetching CRLcannot be negativeflag %q contains =flag redefined: %sless than a minuteGetConsoleOutputCPapp://%s/%s?pid=%dtext/javascript1.0text/javascript1.1text/javascript1.2text/javascript1.3text/javascript1.4text/javascript1.5half join completeSubchannel createdSubchannel deletedunknown service %vServer.Stop called"INVALID_ARGUMENT"FailedPreconditionRESOURCE_EXHAUSTEDpb.gen_with_suffixexpected element <invalid XML name: Proxy-AuthenticateRCodeServerFailuredecoding error: %vDoubleUpDownArrow;DoubleVerticalBar;DownLeftTeeVector;DownLeftVectorBar;FilledSmallSquare;GreaterSlantEqual;LeftDoubleBracket;LeftDownTeeVector;LeftDownVectorBar;LeftTriangleEqual;NegativeThinSpace;NotReverseElement;NotTildeFullEqual;RightAngleBracket;RightUpDownVector;SquareSubsetEqual;VerticalSeparator;blacktriangledown;blacktriangleleft;leftrightharpoons;rightleftharpoons;twoheadrightarrow;NotGreaterGreater;NotLessSlantEqual;NotNestedLessLess;NotSquareSuperset;malloc_zone_mallocmalloc_zone_callocmalloc_zone_valloc(Mutex::)?Unlock.*# TotalAlloc = %d
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: /api_keys/{{ .ID }}/event_destinationsFailed to %s %v: %vQueryServiceConfigWCreatePseudoConsoleDisconnectNamedPipeGetDiskFreeSpaceExWGetLargePageMinimumGetOverlappedResultGetSystemDirectoryWResizePseudoConsoleRtlAddFunctionTableGetForegroundWindowGetFileVersionInfoWWSALookupServiceEndwhile parsing a taginvalid URL escape missing ']' in hostoauth-client-secretresponse-header-addx509: malformed OIDx509: trailing datax509: unknown error too large for IPv4 too large for IPv6file already existsfile does not existfile already closedmultipartmaxheadersunclosed left parenunknown branch typetemplate: %s:%d: %sunexpected %s in %sRUNEWIDTH_EASTASIANWriteConsoleOutputWXDG_PUBLICSHARE_DIRcannot reset bufferNo update availableBad hex digit in %qno such template %qapplication/ld+jsonBasic realm="ngrok"Prerelease is emptyrequest body closed[pick-first-lb %p] RegisterService(%q)"DEADLINE_EXCEEDED""PERMISSION_DENIED"FAILED_PRECONDITIONpb/extensions.protopb.cli_pretty_printzero length segmentRCodeNotImplementedmime: no media typebinary.LittleEndianevictCount overflowDownRightTeeVector;DownRightVectorBar;LongLeftRightArrow;Longleftrightarrow;NegativeThickSpace;PrecedesSlantEqual;ReverseEquilibrium;RightDoubleBracket;RightDownTeeVector;RightDownVectorBar;RightTriangleEqual;SquareIntersection;SucceedsSlantEqual;blacktriangleright;longleftrightarrow;NotLeftTriangleBar;--- Memory map: ------ threadz \d+ ---(__)?posix_memaligntc_newarray_nothrowmalloc_zone_reallocDoSampledAllocationoperator new(\[\])?runtime\.call[0-9]*#%#x%s+%#x%s:%d
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: unknown address type command not supportedPrecondition RequiredInternal Server ErrorCreate a new bot userdelete <edge-id> <id>module.rolling-windowhttps-edge-route-oidchttps-edge-route-samlsaml.maximum-durationoidc.maximum-durationsaml.idp-metadata-urlupdate <edge-id> <id>target.datadog.ddtagstarget.datadog.ddsitestatus code to returnhttps-edge-mutual-tlsssh-host-certificatesssh-user-certificatesexec: already startedbufio: negative countdecompression failureunsupported extensionafter top-level valuein string escape codeflow control violatedAuthImproperTokenCodeAPIInvalidVersionCodeAPIMissingVersionCodeBindAnonSubdomainCodeBindWildcardMatchCodeBindHostportInUseCodeBindDomainTooLongCodeReservedAddrLimitCodeMuxBadHTTPRequestCodeMuxRequestTimeoutCodeBillingEmailLimitCodeDashNoGoogleLoginCodeDashSignupBlockedCodeCertsDNS01NSCountCodeAccountsNameEmptyCodeUsersEmailInvalidCodeAbuseTCPIPUnknownCodeEvsubInvalidFieldCodeBackendNotAllowedCodeEdgeLimitExceededCodeEdgeAuthExclusionCodeAgentIPV6DisabledCodeMFADeviceNotFoundCodefailed to deserializeInvalid log level: %wCM_Get_DevNode_StatusChangeServiceConfig2WDeregisterEventSourceEnumServicesStatusExWGetNamedSecurityInfoWSetNamedSecurityInfoWDwmGetWindowAttributeDwmSetWindowAttributeGetVolumeInformationWNtCreateNamedPipeFileSetupDiEnumDeviceInfoSetupUninstallOEMInfWWSALookupServiceNextWWTSEnumerateSessionsWinvalid emitter stateexpected STREAM-STARTexpected DOCUMENT-ENDcannot marshal type: write handler not setverify-webhook-secretrequest-header-removeinvalid NumericStringx509: invalid versionIPv4 address too longunexpected slice sizeerror parsing CRL URLfailed to verify CRL:CRL out of date at %sinvalid named captureflag %q begins with -record on line %d: %vbad number syntax: %qundefined variable %qGetCurrentConsoleFontno more state changesinvalid tunnel configat range loop break: listening on %s (%s)
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: Run '%v --help' for usage.
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: Run '%v --help' for usage.
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: unsafe.String: len out of rangecannot assign requested address.lib section in a.out corruptedmalformed time zone informationW. Central Africa Standard TimeCentral Brazilian Standard TimeMountain Standard Time (Mexico)time: missing unit in duration mergeRuneSets odd length []runemissing argument for comparisonrange over send-only channel %vvalue has type %s; should be %ssotypeToNet unknown socket typemultipart/byteranges; boundary=http2: connection error: %v: %vframe_headers_prio_weight_shortPRIORITY frame with stream ID 0too many authentication methodsRequested Range Not SatisfiableRequest Header Fields Too LargeNetwork Authentication Requiredtoo many transfer encodings: %qnet/http: TLS handshake timeoutattachment; filename="%s-delta"https-edge-route-ip-restrictionmodule.provider.facebook.scopesmodule.provider.linkedin.scopesoauth.provider.github.client-idoauth.provider.microsoft.scopesoauth.provider.google.client-idoauth.provider.gitlab.client-idoauth.provider.twitch.client-idoauth.provider.amazon.client-idwebsocket-tcp-converter.enabledbody to return as fixed contenthostname of the reserved domaintls: no certificates configuredbad certificate status responsetls: unsupported public key: %TTLS_RSA_WITH_AES_128_CBC_SHA256TLS_RSA_WITH_AES_128_GCM_SHA256TLS_RSA_WITH_AES_256_GCM_SHA384failed to parse certificate: %wTLS: sequence number wraparoundCLIENT_HANDSHAKE_TRAFFIC_SECRETSERVER_HANDSHAKE_TRAFFIC_SECRETtls: failed to sign handshake: json: invalid number literal %qin literal true (expecting 'r')in literal true (expecting 'u')in literal true (expecting 'e')in literal null (expecting 'u')in literal null (expecting 'l')expected colon after object key looking for beginning of valuefailed to pack WNDINC frame: %vAPIRequestRateLimitExceededCodeBindDomainBadPunycodePrefixCodeBindConfigDisallowsIPPolicyCodeBindTunnelRateLimitExceededCodeBindACLForbidsRandomAddressCodeBindLabeledTunnelNotAllowedCodeBindAgentDuplicateAddHeaderCodeReservedDomainInvalidRegionCodeReservedDomainInvalidPrefixCodeReservedDomainInvalidSuffixCodeReservedDomainWildcardLimitCodeReservedDomainCNAMENotFoundCodeReservedAddrDescrCharsLimitCodeReservedCustomExistingCNAMECodeTunnelV2RestartNotSupportedCodeBillingAddressInvalidLengthCodeBillingEmailDeleteProtectedCodeBillingLicenseLimitExceededCodeSSHTunnelPublicKeysNotFoundCodeSSHTunnelNoMultipleForwardsCodeSSHTunnelPortForwardTimeoutCodeSSHTunnelUpdateNotSupportedCodeDashUserBelongsToNoAccountsCodeCertsSSHCAPublicKeyRequiredCodeCertsSSHCARateLimitExceededCodeMwCompileHandlerTypeInvalidCodeMwCompileBackendAddrInvalidCodeMwCompileIPFilterNoIPPolicyCodeMwCompileHTTPMuxPathTooLongCodeMwCompileAppProtocolInvalidCodeMwPolicyIPTreeFailedToBuildCodeMwRuntimeHTTPBackendTimeoutCodeMwRuntimeNoBackendAvailableCodeUsersDeleteBannedDisallowedCodeUserSelfServeSignupDisabledCodeUserAccountCreationDisabledCodeFeatureRequestLengthInvalidCodeEventDestinationMissingAuthCodeEventDestinationTooMuchAuthCodeEventSubscriptionNotAllowedCodeEventSourceFilterNotAllo
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: unsafe.String: len out of rangecannot assign requested address.lib section in a.out corruptedmalformed time zone informationW. Central Africa Standard TimeCentral Brazilian Standard TimeMountain Standard Time (Mexico)time: missing unit in duration mergeRuneSets odd length []runemissing argument for comparisonrange over send-only channel %vvalue has type %s; should be %ssotypeToNet unknown socket typemultipart/byteranges; boundary=http2: connection error: %v: %vframe_headers_prio_weight_shortPRIORITY frame with stream ID 0too many authentication methodsRequested Range Not SatisfiableRequest Header Fields Too LargeNetwork Authentication Requiredtoo many transfer encodings: %qnet/http: TLS handshake timeoutattachment; filename="%s-delta"https-edge-route-ip-restrictionmodule.provider.facebook.scopesmodule.provider.linkedin.scopesoauth.provider.github.client-idoauth.provider.microsoft.scopesoauth.provider.google.client-idoauth.provider.gitlab.client-idoauth.provider.twitch.client-idoauth.provider.amazon.client-idwebsocket-tcp-converter.enabledbody to return as fixed contenthostname of the reserved domaintls: no certificates configuredbad certificate status responsetls: unsupported public key: %TTLS_RSA_WITH_AES_128_CBC_SHA256TLS_RSA_WITH_AES_128_GCM_SHA256TLS_RSA_WITH_AES_256_GCM_SHA384failed to parse certificate: %wTLS: sequence number wraparoundCLIENT_HANDSHAKE_TRAFFIC_SECRETSERVER_HANDSHAKE_TRAFFIC_SECRETtls: failed to sign handshake: json: invalid number literal %qin literal true (expecting 'r')in literal true (expecting 'u')in literal true (expecting 'e')in literal null (expecting 'u')in literal null (expecting 'l')expected colon after object key looking for beginning of valuefailed to pack WNDINC frame: %vAPIRequestRateLimitExceededCodeBindDomainBadPunycodePrefixCodeBindConfigDisallowsIPPolicyCodeBindTunnelRateLimitExceededCodeBindACLForbidsRandomAddressCodeBindLabeledTunnelNotAllowedCodeBindAgentDuplicateAddHeaderCodeReservedDomainInvalidRegionCodeReservedDomainInvalidPrefixCodeReservedDomainInvalidSuffixCodeReservedDomainWildcardLimitCodeReservedDomainCNAMENotFoundCodeReservedAddrDescrCharsLimitCodeReservedCustomExistingCNAMECodeTunnelV2RestartNotSupportedCodeBillingAddressInvalidLengthCodeBillingEmailDeleteProtectedCodeBillingLicenseLimitExceededCodeSSHTunnelPublicKeysNotFoundCodeSSHTunnelNoMultipleForwardsCodeSSHTunnelPortForwardTimeoutCodeSSHTunnelUpdateNotSupportedCodeDashUserBelongsToNoAccountsCodeCertsSSHCAPublicKeyRequiredCodeCertsSSHCARateLimitExceededCodeMwCompileHandlerTypeInvalidCodeMwCompileBackendAddrInvalidCodeMwCompileIPFilterNoIPPolicyCodeMwCompileHTTPMuxPathTooLongCodeMwCompileAppProtocolInvalidCodeMwPolicyIPTreeFailedToBuildCodeMwRuntimeHTTPBackendTimeoutCodeMwRuntimeNoBackendAvailableCodeUsersDeleteBannedDisallowedCodeUserSelfServeSignupDisabledCodeUserAccountCreationDisabledCodeFeatureRequestLengthInvalidCodeEventDestinationMissingAuthCodeEventDestinationTooMuchAuthCodeEventSubscriptionNotAllowedCodeEventSourceFilterNotAllo
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: Invalid URL for json_resolver_url142108547152020037174224853515625710542735760100185871124267578125reflect: slice index out of rangereflect: NumOut of non-func type of method on nil interface valuereflect: Field index out of rangereflect: array index out of rangereflect.Value.Equal: invalid Kind to pointer to array with length sync: RUnlock of unlocked RWMutexskip everything and stop the walkGetVolumeNameForVolumeMountPointWslice bounds out of range [%x:%y]base outside usable address spaceruntime: memory allocated by OS [misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspinningfreeing stack not in a stack spanstackalloc not on scheduler stackruntime: goroutine stack exceeds runtime: text offset out of rangetimer period must be non-negativeruntime: name offset out of rangeruntime: type offset out of rangetoo many levels of symbolic linksInitializeProcThreadAttributeListwaiting for unsupported file typebytes.Buffer.Grow: negative countbytes.Reader.Seek: invalid whenceflag accessed but not defined: %sunknown shorthand flag: %q in -%sflag needs an argument: %q in -%s%s must be formatted as key=valueincompatible types for comparisoncannot index slice/array with nilFailed to initialize terminal: %wForwarding was restarted due to: disabled updater should never runchecking for updates periodicallyUpdate to version %s successful!
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: Invalid URL for json_resolver_url142108547152020037174224853515625710542735760100185871124267578125reflect: slice index out of rangereflect: NumOut of non-func type of method on nil interface valuereflect: Field index out of rangereflect: array index out of rangereflect.Value.Equal: invalid Kind to pointer to array with length sync: RUnlock of unlocked RWMutexskip everything and stop the walkGetVolumeNameForVolumeMountPointWslice bounds out of range [%x:%y]base outside usable address spaceruntime: memory allocated by OS [misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspinningfreeing stack not in a stack spanstackalloc not on scheduler stackruntime: goroutine stack exceeds runtime: text offset out of rangetimer period must be non-negativeruntime: name offset out of rangeruntime: type offset out of rangetoo many levels of symbolic linksInitializeProcThreadAttributeListwaiting for unsupported file typebytes.Buffer.Grow: negative countbytes.Reader.Seek: invalid whenceflag accessed but not defined: %sunknown shorthand flag: %q in -%sflag needs an argument: %q in -%s%s must be formatted as key=valueincompatible types for comparisoncannot index slice/array with nilFailed to initialize terminal: %wForwarding was restarted due to: disabled updater should never runchecking for updates periodicallyUpdate to version %s successful!
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: save authtoken to configuration fileWrapper limit cannot be less than 1.Error creating directory for report:TCP tunnel %s cannot inspect trafficTLS tunnel %s cannot inspect traffichttp://crl.ngrok-agent.com/ngrok.crlURL scheme must be 'http' or 'https'Invalid IP in dns_resolver_ips: '%s'444089209850062616169452667236328125ryuFtoaFixed64 called with prec > 180123456789abcdefghijklmnopqrstuvwxyzmethod ABI and value ABI don't alignreflect.Value.Equal: values of type lfstack node allocated from the heap) is larger than maximum page size (key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime: inconsistent write deadlineUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime: sudog with non-nil waitlinkruntime: mcall called on m->g0 stackstartm: P required for spinning=true) is not Grunnable or Gscanrunnable
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: save authtoken to configuration fileWrapper limit cannot be less than 1.Error creating directory for report:TCP tunnel %s cannot inspect trafficTLS tunnel %s cannot inspect traffichttp://crl.ngrok-agent.com/ngrok.crlURL scheme must be 'http' or 'https'Invalid IP in dns_resolver_ips: '%s'444089209850062616169452667236328125ryuFtoaFixed64 called with prec > 180123456789abcdefghijklmnopqrstuvwxyzmethod ABI and value ABI don't alignreflect.Value.Equal: values of type lfstack node allocated from the heap) is larger than maximum page size (key size not a multiple of key alignruntime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime: inconsistent write deadlineUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime: sudog with non-nil waitlinkruntime: mcall called on m->g0 stackstartm: P required for spinning=true) is not Grunnable or Gscanrunnable
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: runtime: bad notifyList size - sync=accessed data from freed user arena runtime: wrong goroutine in newstackruntime: invalid pc-encoded table f=accessing a corrupted shared libraryTime.UnmarshalBinary: invalid lengthstrings.Builder.Grow: negative countstrings: Join output length overflowbytes: Repeat output length overflowbytes.Reader.ReadAt: negative offsetbytes.Reader.Seek: negative positionexceeded maximum template depth (%v)%s is not a method but has argumentswrong number of args: got %d want %dinternal error: associate not commonconnect.us-cal-1.ngrok-agent.com:443connect.eu-lon-1.ngrok-agent.com:443can't apply '%T' to %s configurationauto update is enabled, apply updatehttp: no Location header in responsehttp: unexpected EOF reading trailerhttp: invalid byte %q in Cookie.Path LastStreamID=%v ErrCode=%v Debug=%qhttp2: server rejecting conn: %v, %sHeader called after Handler finishedRoundTrip retrying after failure: %vJanFebMarAprMayJunJulAugSepOctNovDecno acceptable authentication methodsGet the details of an API key by ID.Delete an application session by ID.Get the details of a Bot User by ID.raw PEM of the Certificate Authoritymodule.provider.github.client-secretmodule.provider.github.email-domainsmodule.provider.github.organizationsmodule.provider.google.client-secretmodule.provider.google.email-domainsmodule.provider.gitlab.client-secretmodule.provider.gitlab.email-domainsmodule.provider.twitch.client-secretmodule.provider.twitch.email-domainsmodule.provider.amazon.client-secretmodule.provider.amazon.email-domainsmutual-tls.certificate-authority-idsThe ID portion of an AWS access key.target.cloudwatch-logs.log-group-arnService name to send with the event.List all IP policies on this accountexpected an ECDSA public key, got %TTLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHATLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHAtls: keys must have at least one keyunsupported SSLv2 handshake receivedtls: server did not send a key sharejson: encoding error for type %q: %qAPIInvalidCertificateAuthorityIDCodeAPIInvalidEventDestinationFormatCodeAPIInvalidEventDestinationTargetCodeBindAgentRequestHeaderAddInvalidCodeBindAgentHeaderKeyLengthExceededCodeBindAgentHeaderValLengthExceededCodeBindLabeledTunnelACLNotSupportedCodeReservedDomainNonLeadingWildcardCodeReservedDomainGaugeLimitExceededCodeReservedDomainNameDomainConflictCodeReservedAddressRateLimitExceededCodeMuxHTTPRequestsRateLimitExceededCodeBillingEmailAddressInvalidLengthCodeBillingAddressGaugeLimitExceededCodeEndpointConfigurationTypeInvalidCodeCertsInvalidDomainAlreadyManagedCodeCertsSSHUnsupportedPublicKeyTypeCodeCertsSSHUserCertNegativeDurationCodeCertsSSHHostCertNegativeDurationCodeMwCompileOAuthInvalidEmailDomainCodeMwPolicyInvalidActionConfigValueCodeMwPolicyHeaderValueLengthInvalidCodeMwPolicyCompressInvalidAlgorithmCodeMwPolicyInvalidIPPolicyReferenceCodeMwPolicyFieldNotUserConfigurableCodeMwRuntimeOAuthUserActionRequiredCodeEventDestinationDatadogAuthErrorCodeFederatedIdPOIDCPointcfgNotFoundCodeBackendMisma
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: http: putIdleConn: keep alives disabledinvalid HTTP header value for header %qusername/password authentication failedcertificate-management-policy.authorityList all API keys owned by this accountmodule.provider.microsoft.client-secretmodule.provider.microsoft.email-domainsoauth.provider.facebook.email-addressesoauth.provider.linkedin.email-addressesUpdate attributes of an IP policy by IDexec: environment variable contains NULtls: unsupported certificate curve (%s)TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256tls: internal error: wrong nonce lengthno mutually supported protocol versionschain is not signed by an acceptable CACredsCredentialMembershipIsInactiveCodeCredsCannotDeleteDefaultTunnelTokenCodeMuxIncomingTrafficRateLimitExceededCodeMuxOutgoingTrafficRateLimitExceededCodeMuxConnectionsPerMonthLimitExceededCodeSSHTunnelHostnameSubdomainExclusiveCodeEndpointConfigurationInvalidRequestCodeEndpointConfigurationOAuthEmptyTeamCodeEndpointConfigurationCADoesNotExistCodeEndpointConfigurationDescCharsLimitCodeEndpointConfigurationMetaCharsLimitCodeEndpointConfigurationMutualTLSNotCACodeCertsCertificateInsteadOfPrivateKeyCodeCertsPrivateKeyInsteadOfCertificateCodeCertsSSHCAEllipticCurveNotSupportedCodeMwCompileTLSInvalidHandshakeTimeoutCodeMwCompileUserSessionInvalidSameSiteCodeMwRuntimeOAuthUserResourceForbiddenCodeMwRuntimeJWTValidationPrefixMissingCodeEmailConfirmationsResendRateLimitedCodeEventDestinationInvalidARNPartitionCodeFederatedIdPOIDCTokenExchangeFailedCodeFederatedIdPOIDCConfigurationAbsentCodeFederatedIdPOAuthInvalidEmailDomainCodeBackendHTTPResponseHeaderKeyInvalidCodeMembershipsSetPermissionsDisallowedCodeMembershipsSetActiveDisallowedAdminCodeEdgeInvalidCircuitBreakerNumBucketsCodeEdgeOAuthInvalidPunycodeEmailDomainCodeEdgeSessionInactivityTimeoutTooHighCodeEdgeAccountNotAuthorizedCompressionCodeEdgeJWTValidationHttpTokenDuplicateCodesession closed, starting reconnect loop/reserved_domains/{{ .ID }}/certificateassets/local/tls/trusted.root.local.crtassets/local/tls/trusted.root.stage.crtRtlDosPathNameToNtPathName_U_WithStatuscannot decode node with unknown kind %dunknown problem generating YAML contentcannot marshal invalid UTF-8 data as %scannot encode node with unknown kind %dfound an incorrect trailing UTF-8 octetdid not find expected hexdecimal numberx509: invalid subject alternative namesx509: invalid NameConstraints extensionx509: failed to parse URI constraint %qx509: unknown EC private key version %d because it doesn't contain any IP SANsx509: signing with MD5 is not supportedIPv4 field must have at least one digitmissing argument to repetition operatortrailing backslash at end of expressionextraneous or missing " in quoted-fieldcsv: invalid field or comment delimiterproxyproto: can't read version 1 headermartini handler must be a callable funcfailed to deserialize request parameterUnable to upgrade websocket request: %vCreating new client transport to %q:
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: Specified region is not in the known seterrors: target must be a non-nil pointer13877787807814456755295395851135253906256938893903907228377647697925567626953125ryuFtoaFixed32 called with negative precreflect: FieldByName of non-struct type reflect.Value.Call: call of nil functionreflect.Value.Call: wrong argument countattempted to copy pointer to FP registerMapIter.Key called on exhausted iteratorreflect.Value.SetBytes of non-byte slicereflect.Value.setRunes of non-rune sliceinvalid span in heapArena for user arenaruntime: typeBitsBulkBarrier with type bulkBarrierPreWrite: unaligned argumentsrefill of span with free space remaining/cpu/classes/scavenge/assist:cpu-secondsruntime.SetFinalizer: first argument is failed to acquire lock to reset capacitymarkWorkerStop: unknown mark worker modecannot free workbufs when work.full != 0runtime: out of memory: cannot allocate runtime.preemptM: duplicatehandle failedglobal runq empty with non-zero runqsizemust be able to track idle limiter eventruntime: SyscallN has too many argumentsaddress family not supported by protocoltime: Stop called on uninitialized Timertimeout while trying to apply the updateTunnel declaration must contain a 'name'Policy is one of: 'always', 'only_minor'http2: timeout awaiting response headersFrame accessor called on non-owned Frameinternal error: expecting non-nil streamrequest header %q is not valid in HTTP/2http2: Transport encoding header %q = %qprotocol error: headers after END_STREAMwriteData(stream=%d, p=%d, endStream=%v)host contains '{' (missing initial '/'?)bad wildcard segment (must end with '}')backend to be used to back this endpointmodule.provider.facebook.email-addressesmodule.provider.linkedin.email-addresseshttps-edge-route-websocket-tcp-converteroauth.provider.microsoft.email-addressesList all active endpoints on the accountThe secret portion of an AWS access key.List this Account's Event Subscriptions.List all IP policy rules on this accountList all IP restrictions on this accountList all ssh credentials on this accountList all static backends on this accountclient doesn't support certificate curveoversized record received with length %dtls: received empty certificates messagetls: client didn't provide a certificateBindTunnelAnonymousRateLimitExceededCodeReservedDomainChallengeCNAMENotFoundCodeReservedDomainRegionChangeNotAllowedCodeReservedAddrInvalidConfigurationTypeCodeMuxHTTPRequestsPerMonthLimitExceededCodeTunnelV2OperationCommunicationFailedCodeMaintenanceSomeOperationsUnavailableCodeEndpointConfigurationOAuthEmptyGroupCodeIPRestrictionAccountNotAuthorizedAPICodeMwCompileBasicAuthRealmLengthInvalidCodeMwCompileHTTPHeaderNameLengthInvalidCodeMwCompileUserAgentFilterInvalidRegexCodeMwRuntimeOAuthUserMissingPermissionsCodeMwRuntimeOAuthProviderAPIUnavailableCodeMwRuntimeFederatedAuthCookieNotFoundCodeMwRuntimeJWTValidationTokenMalformedCodeMwRuntimeJWTValidationJWKSFetchErrorCodeAccountsTrafficFullCaptureDisallowedCodeInvitationsAdminPermissionDisallowedCode
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: Use: stop <id>tls: internal error: sending non-handshake message to QUIC transportEndpointConfigurationCircuitBreakerThresholdPercentageOutOfRangeCodeexpected SCALAR, SEQUENCE-START, MAPPING-START, or ALIAS, but got %vembedded IPv4 address must replace the final 2 fields of the addressinvalid retry throttling config: tokenRatio (%v) may not be negativeheap profile: *(\d+): *(\d+) *\[ *(\d+): *(\d+) *\] @ fragmentationz2695994666715063979466701508701963067355791626002630814351006629888126959946667150639794667015087019625940457807714424391721682722368061crypto/hmac: hash generation function does not produce unique valuesinvalid proto.Message(%T) type, expected a protoreflect.Message typebig: invalid 2nd argument to Int.Jacobi: need odd integer but got %sexpected a JSON struct with one entry; received entry %v at index %dChannelz: socket options are not supported on non-linux environmentscannot assign %v, needed to assign %d elements, but only assigned %dpq: Could not detect default username. Please provide one explicitlyinvalid descriptor: using edition features in a proto with syntax %sextension %v does not implement protoreflect.ExtensionTypeDescriptorYou must specify -config with the path to an ngrok configuration fileYou may not specify both 'region' and 'server_addr' at the same time.Connect timeout must be a positive time duration, e.g. '10s', '500ms'reflect: embedded interface with unexported method(s) not implementedhttp2: Transport closing idle conn %p (forSingleUse=%v, maxStream=%v)%s matches more methods than %s, but has a more specific path pattern%s matches fewer methods than %s, but has a more general path patternarbitrary user-defined data of this API key. optional, max 4096 bytesAdd an additional type for which this event subscription will triggertls: peer doesn't support the certificate custom signature algorithmstls: handshake message of length %d bytes exceeds maximum of %d bytestls: client certificate contains an unsupported public key of type %Ttoo many hex fields to fit an embedded IPv4 at the end of the addressNetPrefix IP had a length of %d where a length of 4 or 16 is requiredparam: error parsing key %q: unknown field %q on struct %q of type %vedwards25519: internal error: setShortBytes called with a long stringheap profile: *(\d+): *(\d+) *\[ *(\d+): *(\d+) *\] @ fragmentationz?path to TLS certificate authority to verify client certs in mutual tlsFile tunnel %s encountered an error validating directory path '%s': %vsync/atomic: compare and swap of inconsistently typed value into Valuebytes.Buffer: UnreadByte: previous operation was not a successful readinexhaustive case match in server command handler: unknown command %+vgot %s for stream %d; expected CONTINUATION following %s for stream %dAbuse Reports allow you to submit take-down requests for URLs hoste...invalid number of arguments: got %d, need at least %d
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: ngrok tcp --remote-addr=1.tcp.ngrok.io:27210 3389The time when this host certificate becomes invalid, in RFC 3339 format. If unspecified, a default value of 24 hours will be used. The OpenSSH certificates RFC calls this valid_before.
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: The add-server-addr command modifies your configuration file to include
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: the next backend in the list until one is successful.Updates a TCP Edge by ID. If a module is not specified in the update, it will not be modified. However, each module configuration that is specified will completely replace the existing value. There is no way to delete an existing module via this API, instead use the delete module API.Updates a TLS Edge by ID. If a module is not specified in the update, it will not be modified. However, each module configuration that is specified will completely replace the existing value. There is no way to delete an existing module via this API, instead use the delete module API.Updates an HTTPS Edge by ID. If a module is not specified in the update, it will not be modified. However, each module configuration that is specified will completely replace the existing value. There is no way to delete an existing module via this API, instead use the delete module API.Defines the name identifier format the SP expects the IdP to use in its assertions to identify subjects. If unspecified, a default value of urn:oasis:names:tc:SAML:2.0:nameid-format:persistent will be used. A subset of the allowed values enumerated by the SAML specification are supported.the list of principals included in the ssh user certificate. This is the list of usernames that the certificate holder may sign in as on a machine authorizing the signing certificate authority. Dangerously, if no principals are specified, this certificate may be used to log in as any user.A map of critical options included in the certificate. Only two critical options are currently defined by OpenSSH: force-command and source-address. See the OpenSSH certificate protocol spec (https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys) for additional details.Updates an HTTPS Edge Route by ID. If a module is not specified in the update, it will not be modified. However, each module configuration that is specified will completely replace the existing value. There is no way to delete an existing module via this API, instead use the delete module API.If true, the IdP may initiate a login directly (e.g. the user does not need to visit the endpoint first and then be redirected). The IdP should set the RelayState parameter to the target URL of the resource they want the user to be redirected to after the SAML login assertion has been processed.API Keys are used to authenticate to the ngrok
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: -h, --help help for ngrok
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: -h, --help help for ngrok
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: Use "ngrok [command] --help" for more information about a command.
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: Use "ngrok [command] --help" for more information about a command.
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: --remote-addr option. ngrok requires that you reserve a TCP tunnel
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: Use "{{.CommandPath}} [command] --help" for more information about a command.{{end}}
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: Use "{{.CommandPath}} [command] --help" for more information about a command.{{end}}
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: set -l directive (string sub --start 2 $__%[1]s_perform_completion_once_result[-1])
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: align-items: flex-start;
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: .glyphicon-stop:before {
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: .has-success .input-group-addon {
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: .has-warning .input-group-addon {
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: .has-error .input-group-addon {
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: .form-inline .input-group .input-group-addon,
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: .input-group-lg > .input-group-addon,
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: select.input-group-lg > .input-group-addon,
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: textarea.input-group-lg > .input-group-addon,
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: select[multiple].input-group-lg > .input-group-addon,
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: .input-group-sm > .input-group-addon,
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: select.input-group-sm > .input-group-addon,
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: textarea.input-group-sm > .input-group-addon,
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: select[multiple].input-group-sm > .input-group-addon,
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: .input-group-addon,
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: .input-group-addon:not(:first-child):not(:last-child),
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: .input-group-addon {
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: .input-group-addon.input-sm {
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: .input-group-addon.input-lg {
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: .input-group-addon input[type="radio"],
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: .input-group-addon input[type="checkbox"] {
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: .input-group-addon:first-child,
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: .input-group-addon:first-child {
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: .input-group-addon:last-child,
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: .input-group-addon:last-child {
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: .navbar-form .input-group .input-group-addon,
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: .hljs-addition,
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: net/addrselect.go
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: github.com/pires/go-proxyproto@v0.7.0/addr_proto.go
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: google.golang.org/grpc@v1.63.0/internal/balancerload/load.go
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: go.ngrok.com/cmd/ngrok/config/load.go
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: go.ngrok.com/cmd/ngrok/config/load_common.go
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: go.ngrok.com/cmd/ngrok/config/load_no.go
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: go.ngrok.com/cmd/ngrok/config/load_v1.go
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: go.ngrok.com/cmd/ngrok/config/load_v2.go
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: go.ngrok.com/lib/web/manifest/loader.go
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: github.com/kentik/patricia@v1.2.0/address_v4.go
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: github.com/kentik/patricia@v1.2.0/address_v6.go
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe String found in binary or memory: golang.org/x/sys@v0.19.0/windows/svc/eventlog/install.go
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe File read: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe "C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /K
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /K Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Section loaded: samlib.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Section loaded: samlib.dll Jump to behavior
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Static PE information: certificate valid
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Static file information: File size 29598952 > 1048576
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0xa55200
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x1078600
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
PE file contains sections with non-standard names
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Static PE information: section name: .xdata
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Static PE information: section name: .symtab
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Binary or memory string: X4xSOkS7vrOepX4JFNhqVdxut7pqEmuj1Xf7KhHtFquFM5fhLJHnWEJGWOTRbRVp
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe, 00000000.00000002.3380584783.0000024970EBC000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe, 00000003.00000002.2152832899.0000021965FE8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllXX
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Process information queried: ProcessInformation Jump to behavior
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /K Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe VolumeInformation Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1467826 Sample: SecuriteInfo.com.PUA.Tool.N... Startdate: 04/07/2024 Architecture: WINDOWS Score: 52 14 Multi AV Scanner detection for submitted file 2->14 16 Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly 2->16 6 SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe 1 2->6         started        process3 process4 8 SecuriteInfo.com.PUA.Tool.Ngrok.1.31677.21594.exe 1 6->8         started        10 conhost.exe 6->10         started        12 cmd.exe 1 6->12         started       
No contacted IP infos