Source: |
Binary string: \??\C:\Windows\System.ServiceModel.pdb source: bac4j0DRRb.exe, 00000000.00000002.3289204149.000000000097A000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\dll\System.ServiceModel.pdb source: bac4j0DRRb.exe, 00000000.00000002.3289204149.000000000097A000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.ServiceModel.pdb source: bac4j0DRRb.exe, 00000000.00000002.3289204149.0000000000942000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.pdb source: bac4j0DRRb.exe, 00000000.00000002.3289204149.000000000097A000.00000004.00000020.00020000.00000000.sdmp |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:49704 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:49707 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:49706 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:49708 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:49713 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:49705 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:49742 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:49752 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:49727 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:49775 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:49763 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:49787 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:49823 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:49811 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:49834 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:49797 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:49847 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:49860 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:49872 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:49897 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:49883 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:49912 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:49923 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:49938 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:49961 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:49999 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:50007 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:49950 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:49974 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:49987 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:50011 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:50016 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:50017 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:50020 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:50010 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:50021 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:50012 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:50018 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:50009 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:50022 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:50023 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:50019 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:50014 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:50024 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:50015 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:50008 -> 18.141.10.107:80 |
Source: Network traffic |
Suricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:50013 -> 18.141.10.107:80 |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: global traffic |
HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: ierinapu.xyzContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate |
Source: bac4j0DRRb.exe, 00000000.00000002.3289675118.0000000002ADB000.00000004.00000800.00020000.00000000.sdmp, bac4j0DRRb.exe, 00000000.00000002.3289675118.000000000296D000.00000004.00000800.00020000.00000000.sdmp, bac4j0DRRb.exe, 00000000.00000002.3289675118.0000000002A15000.00000004.00000800.00020000.00000000.sdmp, bac4j0DRRb.exe, 00000000.00000002.3289675118.0000000002A05000.00000004.00000800.00020000.00000000.sdmp, bac4j0DRRb.exe, 00000000.00000002.3289675118.000000000297D000.00000004.00000800.00020000.00000000.sdmp, bac4j0DRRb.exe, 00000000.00000002.3289675118.00000000029AD000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ierinapu.xyz |
Source: bac4j0DRRb.exe, 00000000.00000002.3289675118.0000000002871000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ierinapu.xyz/ |
Source: bac4j0DRRb.exe, 00000000.00000002.3289675118.0000000002871000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ierinapu.xyz:80/ |
Source: bac4j0DRRb.exe, 00000000.00000002.3289675118.0000000002871000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next |
Source: bac4j0DRRb.exe, 00000000.00000002.3289675118.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, bac4j0DRRb.exe, 00000000.00000002.3289675118.00000000029F5000.00000004.00000800.00020000.00000000.sdmp, bac4j0DRRb.exe, 00000000.00000002.3289675118.000000000294C000.00000004.00000800.00020000.00000000.sdmp, bac4j0DRRb.exe, 00000000.00000002.3289675118.0000000002A51000.00000004.00000800.00020000.00000000.sdmp, bac4j0DRRb.exe, 00000000.00000002.3289675118.000000000299D000.00000004.00000800.00020000.00000000.sdmp, bac4j0DRRb.exe, 00000000.00000002.3289675118.0000000002ABC000.00000004.00000800.00020000.00000000.sdmp, bac4j0DRRb.exe, 00000000.00000002.3289675118.000000000298D000.00000004.00000800.00020000.00000000.sdmp, bac4j0DRRb.exe, 00000000.00000002.3289675118.000000000291E000.00000004.00000800.00020000.00000000.sdmp, bac4j0DRRb.exe, 00000000.00000002.3289675118.0000000002ADB000.00000004.00000800.00020000.00000000.sdmp, bac4j0DRRb.exe, 00000000.00000002.3289675118.000000000296D000.00000004.00000800.00020000.00000000.sdmp, bac4j0DRRb.exe, 00000000.00000002.3289675118.0000000002916000.00000004.00000800.00020000.00000000.sdmp, bac4j0DRRb.exe, 00000000.00000002.3289675118.000000000293F000.00000004.00000800.00020000.00000000.sdmp, bac4j0DRRb.exe, 00000000.00000002.3289675118.0000000002871000.00000004.00000800.00020000.00000000.sdmp, bac4j0DRRb.exe, 00000000.00000002.3289675118.0000000002A15000.00000004.00000800.00020000.00000000.sdmp, bac4j0DRRb.exe, 00000000.00000002.3289675118.0000000002A05000.00000004.00000800.00020000.00000000.sdmp, bac4j0DRRb.exe, 00000000.00000002.3289675118.000000000297D000.00000004.00000800.00020000.00000000.sdmp, bac4j0DRRb.exe, 00000000.00000002.3289675118.00000000029AD000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/ |
Source: bac4j0DRRb.exe, 00000000.00000002.3289675118.0000000002871000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing |
Source: bac4j0DRRb.exe, 00000000.00000002.3289675118.0000000002871000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultH |
Source: bac4j0DRRb.exe, 00000000.00000002.3289675118.0000000002871000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous |
Source: bac4j0DRRb.exe, 00000000.00000002.3289675118.0000000002909000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: bac4j0DRRb.exe, 00000000.00000002.3289675118.00000000029DB000.00000004.00000800.00020000.00000000.sdmp, bac4j0DRRb.exe, 00000000.00000002.3289675118.00000000029F5000.00000004.00000800.00020000.00000000.sdmp, bac4j0DRRb.exe, 00000000.00000002.3289675118.000000000294C000.00000004.00000800.00020000.00000000.sdmp, bac4j0DRRb.exe, 00000000.00000002.3289675118.0000000002A51000.00000004.00000800.00020000.00000000.sdmp, bac4j0DRRb.exe, 00000000.00000002.3289675118.000000000299D000.00000004.00000800.00020000.00000000.sdmp, bac4j0DRRb.exe, 00000000.00000002.3289675118.0000000002ABC000.00000004.00000800.00020000.00000000.sdmp, bac4j0DRRb.exe, 00000000.00000002.3289675118.000000000298D000.00000004.00000800.00020000.00000000.sdmp, bac4j0DRRb.exe, 00000000.00000002.3289675118.000000000291E000.00000004.00000800.00020000.00000000.sdmp, bac4j0DRRb.exe, 00000000.00000002.3289675118.0000000002ADB000.00000004.00000800.00020000.00000000.sdmp, bac4j0DRRb.exe, 00000000.00000002.3289675118.000000000296D000.00000004.00000800.00020000.00000000.sdmp, bac4j0DRRb.exe, 00000000.00000002.3289675118.0000000002916000.00000004.00000800.00020000.00000000.sdmp, bac4j0DRRb.exe, 00000000.00000002.3289675118.000000000293F000.00000004.00000800.00020000.00000000.sdmp, bac4j0DRRb.exe, 00000000.00000002.3289675118.0000000002871000.00000004.00000800.00020000.00000000.sdmp, bac4j0DRRb.exe, 00000000.00000002.3289675118.0000000002A15000.00000004.00000800.00020000.00000000.sdmp, bac4j0DRRb.exe, 00000000.00000002.3289675118.0000000002A05000.00000004.00000800.00020000.00000000.sdmp, bac4j0DRRb.exe, 00000000.00000002.3289675118.000000000297D000.00000004.00000800.00020000.00000000.sdmp, bac4j0DRRb.exe, 00000000.00000002.3289675118.00000000029AD000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://tempuri.org/ |
Source: bac4j0DRRb.exe, 00000000.00000002.3289675118.0000000002916000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://tempuri.org/0t |
Source: bac4j0DRRb.exe, 00000000.00000002.3289675118.0000000002871000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://tempuri.org/Endpoint/ |
Source: bac4j0DRRb.exe, 00000000.00000002.3289675118.00000000029AD000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://tempuri.org/Endpoint/GetArguments |
Source: bac4j0DRRb.exe, 00000000.00000002.3289675118.0000000002871000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://tempuri.org/Endpoint/GetArgumentsLRjq |
Source: bac4j0DRRb.exe, 00000000.00000002.3289675118.0000000002871000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://tempuri.org/Endpoint/GetArgumentsResponse |
Source: bac4j0DRRb.exe, 00000000.00000002.3289675118.0000000002909000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://tempuri.org/Endpoint/GetArgumentsT |
Source: bac4j0DRRb.exe, 00000000.00000002.3289675118.0000000002871000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://tempuri.org/Endpoint/GetUpdatesLRjq |
Source: bac4j0DRRb.exe, 00000000.00000002.3289675118.0000000002871000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://tempuri.org/Endpoint/GetUpdatesResponse |
Source: bac4j0DRRb.exe, 00000000.00000002.3289675118.0000000002871000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://tempuri.org/Endpoint/VerifyScanRequestLRjq( |
Source: bac4j0DRRb.exe, 00000000.00000002.3289675118.0000000002871000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://tempuri.org/Endpoint/VerifyScanRequestResponse |
Source: bac4j0DRRb.exe, 00000000.00000002.3289675118.0000000002871000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdateLRjq |
Source: bac4j0DRRb.exe, 00000000.00000002.3289675118.0000000002871000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdateResponse |
Source: bac4j0DRRb.exe |
String found in binary or memory: https://api.ip.sb/geoip%USERPEnvironmentROFILE% |
Source: bac4j0DRRb.exe |
String found in binary or memory: https://api.ipify.org |
Source: bac4j0DRRb.exe |
String found in binary or memory: https://icanhazip.com5https://wtfismyip.com/textChttp://bot.whatismyipaddress.com/3http://checkip.dy |
Source: bac4j0DRRb.exe |
String found in binary or memory: https://ipinfo.io/ip%appdata% |
Source: bac4j0DRRb.exe, type: SAMPLE |
Matched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown |
Source: bac4j0DRRb.exe, type: SAMPLE |
Matched rule: Detects RedLine infostealer Author: ditekSHen |
Source: 0.0.bac4j0DRRb.exe.450000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown |
Source: 0.0.bac4j0DRRb.exe.450000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects RedLine infostealer Author: ditekSHen |
Source: 00000000.00000000.2027367969.0000000000452000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown |
Source: Process Memory Space: bac4j0DRRb.exe PID: 4028, type: MEMORYSTR |
Matched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown |
Source: bac4j0DRRb.exe, 00000000.00000002.3289204149.000000000090E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameclr.dllT vs bac4j0DRRb.exe |
Source: bac4j0DRRb.exe, 00000000.00000000.2027386663.000000000046A000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameHetaerist.exe4 vs bac4j0DRRb.exe |
Source: bac4j0DRRb.exe |
Binary or memory string: OriginalFilenameHetaerist.exe4 vs bac4j0DRRb.exe |
Source: bac4j0DRRb.exe, type: SAMPLE |
Matched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23 |
Source: bac4j0DRRb.exe, type: SAMPLE |
Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
Source: 0.0.bac4j0DRRb.exe.450000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23 |
Source: 0.0.bac4j0DRRb.exe.450000.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
Source: 00000000.00000000.2027367969.0000000000452000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23 |
Source: Process Memory Space: bac4j0DRRb.exe PID: 4028, type: MEMORYSTR |
Matched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23 |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Section loaded: rasapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Section loaded: rasman.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Section loaded: rtutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: |
Binary string: \??\C:\Windows\System.ServiceModel.pdb source: bac4j0DRRb.exe, 00000000.00000002.3289204149.000000000097A000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\dll\System.ServiceModel.pdb source: bac4j0DRRb.exe, 00000000.00000002.3289204149.000000000097A000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.ServiceModel.pdb source: bac4j0DRRb.exe, 00000000.00000002.3289204149.0000000000942000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.pdb source: bac4j0DRRb.exe, 00000000.00000002.3289204149.000000000097A000.00000004.00000020.00020000.00000000.sdmp |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Last function: Thread delayed |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Last function: Thread delayed |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Queries volume information: C:\Users\user\Desktop\bac4j0DRRb.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\bac4j0DRRb.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation |
Jump to behavior |
Source: Yara match |
File source: bac4j0DRRb.exe, type: SAMPLE |
Source: Yara match |
File source: 0.0.bac4j0DRRb.exe.450000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000000.2027367969.0000000000452000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: bac4j0DRRb.exe PID: 4028, type: MEMORYSTR |
Source: Yara match |
File source: bac4j0DRRb.exe, type: SAMPLE |
Source: Yara match |
File source: 0.0.bac4j0DRRb.exe.450000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000000.2027367969.0000000000452000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: bac4j0DRRb.exe PID: 4028, type: MEMORYSTR |
Source: Yara match |
File source: bac4j0DRRb.exe, type: SAMPLE |
Source: Yara match |
File source: 0.0.bac4j0DRRb.exe.450000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000000.2027367969.0000000000452000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: bac4j0DRRb.exe PID: 4028, type: MEMORYSTR |