Windows Analysis Report
a1K847qsM0.exe

Overview

General Information

Sample name: a1K847qsM0.exe
renamed because original name is a hash value
Original sample name: 55e2016fcb659bdf0f46a24ef2876609.exe
Analysis ID: 1580216
MD5: 55e2016fcb659bdf0f46a24ef2876609
SHA1: 5afb69f26ddf1884372643a2b00d16a481fc7c26
SHA256: 3825fe6fd9e8754b3d4a374b8c73884647c6898d5e1220a0fe89b1a3dc8e35c4
Tags: exenjratRATuser-abuse_ch
Infos:

Detection

Njrat
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Njrat
.NET source code contains potential unpacker
AI detected suspicious sample
Contains functionality to disable the Task Manager (.Net Source)
Contains functionality to spread to USB devices (.Net source)
Disables zone checking for all users
Drops PE files to the document folder of the user
Drops PE files to the startup folder
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies the windows firewall
Uses netsh to modify the Windows network and firewall settings
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to call native functions
Contains functionality to detect virtual machines (SLDT)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates a window with clipboard capturing capabilities
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the program root directory (C:\Program Files)
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May infect USB drives
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Startup Folder File Write
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Name Description Attribution Blogpost URLs Link
NjRAT RedPacket Security describes NJRat as "a remote access trojan (RAT) has capabilities to log keystrokes, access the victim's camera, steal credentials stored in browsers, open a reverse shell, upload/download files, view the victim's desktop, perform process, file, and registry manipulations, and capabilities to let the attacker update, uninstall, restart, close, disconnect the RAT and rename its campaign ID. Through the Command & Control (CnC) server software, the attacker has capabilities to create and configure the malware to spread through USB drives."It is supposedly popular with actors in the Middle East. Similar to other RATs, many leaked builders may be backdoored.
  • AQUATIC PANDA
  • Earth Lusca
  • Operation C-Major
  • The Gorgon Group
https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat

AV Detection

barindex
Source: a1K847qsM0.exe Avira: detected
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Avira: detection malicious, Label: TR/Dropper.Gen
Source: C:\Notepad.exe Avira: detection malicious, Label: TR/Dropper.Gen
Source: C:\Program Files (x86)\Explower.exe Avira: detection malicious, Label: TR/Dropper.Gen
Source: C:\Program Files (x86)\Explower.exe Avira: detection malicious, Label: TR/Dropper.Gen
Source: C:\Program Files (x86)\Explower.exe Avira: detection malicious, Label: TR/Dropper.Gen
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Avira: detection malicious, Label: TR/Dropper.Gen
Source: C:\Program Files (x86)\Explower.exe Avira: detection malicious, Label: TR/Dropper.Gen
Source: C:\Program Files (x86)\Explower.exe Avira: detection malicious, Label: TR/Dropper.Gen
Source: C:\Program Files (x86)\Explower.exe Avira: detection malicious, Label: TR/Dropper.Gen
Source: C:\Users\user\AppData\Local\Temp\server.exe Avira: detection malicious, Label: TR/Dropper.Gen
Source: C:\Program Files (x86)\Explower.exe Avira: detection malicious, Label: TR/Dropper.Gen
Source: C:\Program Files (x86)\Explower.exe Avira: detection malicious, Label: TR/Dropper.Gen
Source: C:\Program Files (x86)\Explower.exe Avira: detection malicious, Label: TR/Dropper.Gen
Source: C:\Program Files (x86)\Explower.exe Avira: detection malicious, Label: TR/Dropper.Gen
Source: 0.0.a1K847qsM0.exe.d20000.0.unpack Malware Configuration Extractor: Njrat {"Campaign ID": "Owned", "Version": "0.7d", "Install Name": "24983f03fb74576bbc5af6aa1085b23d", "Install Dir": "system", "Registry Value": "Software\\Microsoft\\Windows\\CurrentVersion\\Run", "Network Seprator": "|'|'|"}
Source: C:\Notepad.exe ReversingLabs: Detection: 86%
Source: C:\Notepad.exe Virustotal: Detection: 78% Perma Link
Source: C:\Program Files (x86)\Explower.exe ReversingLabs: Detection: 86%
Source: C:\Program Files (x86)\Explower.exe Virustotal: Detection: 78% Perma Link
Source: C:\Users\user\AppData\Local\Explower.exe ReversingLabs: Detection: 86%
Source: C:\Users\user\AppData\Local\Explower.exe Virustotal: Detection: 78% Perma Link
Source: C:\Users\user\AppData\Local\Microsoft\Windows\History\Explower.exe ReversingLabs: Detection: 86%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\History\Explower.exe Virustotal: Detection: 78% Perma Link
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Explower.exe ReversingLabs: Detection: 86%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\Explower.exe ReversingLabs: Detection: 86%
Source: C:\Users\user\AppData\Local\Temp\server.exe ReversingLabs: Detection: 86%
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe ReversingLabs: Detection: 86%
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe ReversingLabs: Detection: 86%
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe ReversingLabs: Detection: 86%
Source: C:\Users\user\Desktop\Explower.exe ReversingLabs: Detection: 86%
Source: C:\Users\user\Documents\Explower.exe ReversingLabs: Detection: 86%
Source: C:\Users\user\Favorites\Explower.exe ReversingLabs: Detection: 86%
Source: C:\Windows\SysWOW64\Explower.exe ReversingLabs: Detection: 86%
Source: a1K847qsM0.exe ReversingLabs: Detection: 86%
Source: a1K847qsM0.exe Virustotal: Detection: 78% Perma Link
Source: Yara match File source: a1K847qsM0.exe, type: SAMPLE
Source: Yara match File source: 0.0.a1K847qsM0.exe.d20000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.2090087518.0000000004458000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000000.2063530458.0000000000D22000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.4534386921.00000000026E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: a1K847qsM0.exe PID: 1276, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: server.exe PID: 384, type: MEMORYSTR
Source: Yara match File source: C:\Program Files (x86)\Explower.exe, type: DROPPED
Source: Yara match File source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED
Source: Yara match File source: C:\Notepad.exe, type: DROPPED
Source: Yara match File source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPED
Source: Yara match File source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Joe Sandbox ML: detected
Source: C:\Notepad.exe Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Explower.exe Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Explower.exe Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Explower.exe Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Explower.exe Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Explower.exe Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Explower.exe Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\server.exe Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Explower.exe Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Explower.exe Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Explower.exe Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Explower.exe Joe Sandbox ML: detected
Source: a1K847qsM0.exe Joe Sandbox ML: detected
Source: a1K847qsM0.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Users\user\Desktop\a1K847qsM0.exe File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll Jump to behavior
Source: a1K847qsM0.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Spreading

barindex
Source: a1K847qsM0.exe, Usb1.cs .Net Code: infect
Source: server.exe.0.dr, Usb1.cs .Net Code: infect
Source: Explower.exe.2.dr, Usb1.cs .Net Code: infect
Source: Explower.exe0.2.dr, Usb1.cs .Net Code: infect
Source: Explower.exe1.2.dr, Usb1.cs .Net Code: infect
Source: Explower.exe2.2.dr, Usb1.cs .Net Code: infect
Source: Explower.exe3.2.dr, Usb1.cs .Net Code: infect
Source: Explower.exe4.2.dr, Usb1.cs .Net Code: infect
Source: Notepad.exe.2.dr, Usb1.cs .Net Code: infect
Source: Explower.exe5.2.dr, Usb1.cs .Net Code: infect
Source: Microsoft Corporation.exe.2.dr, Usb1.cs .Net Code: infect
Source: a1K847qsM0.exe, 00000000.00000002.2090087518.0000000004458000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: \autorun.inf
Source: a1K847qsM0.exe, 00000000.00000002.2090087518.0000000004458000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: [autorun]
Source: a1K847qsM0.exe, 00000000.00000002.2090087518.0000000004458000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: autorun.inf
Source: a1K847qsM0.exe, 00000000.00000000.2063530458.0000000000D22000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: \autorun.inf
Source: a1K847qsM0.exe, 00000000.00000000.2063530458.0000000000D22000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: [autorun]
Source: a1K847qsM0.exe, 00000000.00000000.2063530458.0000000000D22000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: autorun.inf
Source: a1K847qsM0.exe Binary or memory string: \autorun.inf
Source: a1K847qsM0.exe Binary or memory string: [autorun]
Source: a1K847qsM0.exe Binary or memory string: autorun.inf
Source: 24983f03fb74576bbc5af6aa1085b23dWindows Update.exe.2.dr Binary or memory string: \autorun.inf
Source: 24983f03fb74576bbc5af6aa1085b23dWindows Update.exe.2.dr Binary or memory string: [autorun]
Source: 24983f03fb74576bbc5af6aa1085b23dWindows Update.exe.2.dr Binary or memory string: autorun.inf
Source: Notepad.exe.2.dr Binary or memory string: \autorun.inf
Source: Notepad.exe.2.dr Binary or memory string: [autorun]
Source: Notepad.exe.2.dr Binary or memory string: autorun.inf
Source: Explower.exe7.2.dr Binary or memory string: \autorun.inf
Source: Explower.exe7.2.dr Binary or memory string: [autorun]
Source: Explower.exe7.2.dr Binary or memory string: autorun.inf
Source: Explower.exe2.2.dr Binary or memory string: \autorun.inf
Source: Explower.exe2.2.dr Binary or memory string: [autorun]
Source: Explower.exe2.2.dr Binary or memory string: autorun.inf
Source: Explower.exe5.2.dr Binary or memory string: \autorun.inf
Source: Explower.exe5.2.dr Binary or memory string: [autorun]
Source: Explower.exe5.2.dr Binary or memory string: autorun.inf
Source: Microsoft Corporation.exe.2.dr Binary or memory string: \autorun.inf
Source: Microsoft Corporation.exe.2.dr Binary or memory string: [autorun]
Source: Microsoft Corporation.exe.2.dr Binary or memory string: autorun.inf
Source: Explower.exe4.2.dr Binary or memory string: \autorun.inf
Source: Explower.exe4.2.dr Binary or memory string: [autorun]
Source: Explower.exe4.2.dr Binary or memory string: autorun.inf
Source: Explower.exe0.2.dr Binary or memory string: \autorun.inf
Source: Explower.exe0.2.dr Binary or memory string: [autorun]
Source: Explower.exe0.2.dr Binary or memory string: autorun.inf
Source: Explower.exe8.2.dr Binary or memory string: \autorun.inf
Source: Explower.exe8.2.dr Binary or memory string: [autorun]
Source: Explower.exe8.2.dr Binary or memory string: autorun.inf
Source: server.exe.0.dr Binary or memory string: \autorun.inf
Source: server.exe.0.dr Binary or memory string: [autorun]
Source: server.exe.0.dr Binary or memory string: autorun.inf
Source: Explower.exe1.2.dr Binary or memory string: \autorun.inf
Source: Explower.exe1.2.dr Binary or memory string: [autorun]
Source: Explower.exe1.2.dr Binary or memory string: autorun.inf
Source: Explower.exe.2.dr Binary or memory string: \autorun.inf
Source: Explower.exe.2.dr Binary or memory string: [autorun]
Source: Explower.exe.2.dr Binary or memory string: autorun.inf
Source: Explower.exe3.2.dr Binary or memory string: \autorun.inf
Source: Explower.exe3.2.dr Binary or memory string: [autorun]
Source: Explower.exe3.2.dr Binary or memory string: autorun.inf
Source: Explower.exe6.2.dr Binary or memory string: \autorun.inf
Source: Explower.exe6.2.dr Binary or memory string: [autorun]
Source: Explower.exe6.2.dr Binary or memory string: autorun.inf
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe File opened: C:\Users\user\AppData\ Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe File opened: C:\Users\user\AppData\Roaming\Microsoft\ Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\ Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe File opened: C:\Users\user\ Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ Jump to behavior

Networking

barindex
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49705 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49705 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49707 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49714 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49714 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49704 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49704 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49707 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49722 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49722 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49729 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49729 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49739 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49739 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49746 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49746 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:49746 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49752 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49752 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49763 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49763 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49769 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49769 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49780 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49780 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49786 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49786 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49797 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49797 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49809 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49809 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49803 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49803 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49821 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49821 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49838 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49838 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:49809 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49827 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49827 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49844 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49844 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49850 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49850 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49855 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49855 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49864 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49864 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49872 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49872 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49884 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49884 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49890 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49890 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49896 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49896 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49902 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49902 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49878 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49878 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49908 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49908 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49911 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49911 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49915 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49915 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49921 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49921 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49927 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49927 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49932 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49932 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49935 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49935 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49940 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49940 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49945 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49945 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49948 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49948 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49959 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49959 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49967 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49967 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49961 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49973 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49961 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49973 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49954 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49954 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49974 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49974 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49980 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49980 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49993 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49987 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49993 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49987 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49986 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:49993 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49986 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50000 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50000 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49999 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49999 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50008 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50008 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50018 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50020 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50020 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50018 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50025 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50025 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:50018 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50013 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50013 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50033 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50029 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50033 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50029 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50043 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50043 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50045 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50045 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50035 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50035 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50051 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50038 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50051 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50041 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50057 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50038 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50046 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50050 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50046 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50050 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50039 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50039 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50006 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50058 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50052 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50057 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50041 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50058 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:50035 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50052 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50067 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50042 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50067 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50042 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50055 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50048 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:50038 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50055 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50061 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50048 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50061 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50056 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50060 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:50051 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50060 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:50052 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50056 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50068 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50068 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50006 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50036 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50054 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50065 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:50048 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50065 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50064 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50036 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50054 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50062 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50062 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50049 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50049 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50053 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50063 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50053 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50063 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:50049 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50069 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50069 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50064 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50037 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50037 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50040 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50040 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50047 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50047 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:50047 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50059 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50059 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50044 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50044 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:50044 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50066 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50066 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:50066 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50070 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50070 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50073 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50078 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50078 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50077 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50077 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50073 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50075 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50075 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50072 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50080 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50072 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50085 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50080 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50074 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50074 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50091 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50091 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50083 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50083 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50086 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50071 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50086 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50071 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50088 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50088 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50076 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50093 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50093 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50084 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50085 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50082 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50081 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50082 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50081 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50099 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50099 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50096 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50096 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50102 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50105 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50105 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50102 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:50086 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50095 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50084 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50095 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50109 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50115 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50097 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50115 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50104 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50097 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50076 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50090 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50119 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50092 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50119 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50108 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50092 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50117 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50112 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50098 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50112 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50104 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:50092 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50109 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50100 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50089 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50120 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50089 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50079 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50108 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50103 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50117 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50090 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50101 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50101 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50122 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50100 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50110 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50120 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50116 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50122 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50116 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:50100 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50118 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50094 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50079 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50121 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50098 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50087 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50110 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50087 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50118 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50094 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50113 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50123 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50113 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50123 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50107 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50107 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50114 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:50116 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50114 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50106 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50106 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:50107 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:50114 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50103 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50121 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:50121 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50111 -> 167.71.56.116:22342
Source: Network traffic Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50111 -> 167.71.56.116:22342
Source: global traffic TCP traffic: 192.168.2.5:49704 -> 167.71.56.116:22342
Source: Joe Sandbox View IP Address: 167.71.56.116 167.71.56.116
Source: Joe Sandbox View ASN Name: DIGITALOCEAN-ASNUS DIGITALOCEAN-ASNUS
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: unknown TCP traffic detected without corresponding DNS query: 167.71.56.116
Source: C:\Users\user\Desktop\a1K847qsM0.exe Window created: window name: CLIPBRDWNDCLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Window created: window name: CLIPBRDWNDCLASS Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Window created: window name: CLIPBRDWNDCLASS Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Window created: window name: CLIPBRDWNDCLASS Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Window created: window name: CLIPBRDWNDCLASS Jump to behavior

E-Banking Fraud

barindex
Source: Yara match File source: a1K847qsM0.exe, type: SAMPLE
Source: Yara match File source: 0.0.a1K847qsM0.exe.d20000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.2090087518.0000000004458000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000000.2063530458.0000000000D22000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.4534386921.00000000026E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: a1K847qsM0.exe PID: 1276, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: server.exe PID: 384, type: MEMORYSTR
Source: Yara match File source: C:\Program Files (x86)\Explower.exe, type: DROPPED
Source: Yara match File source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED
Source: Yara match File source: C:\Notepad.exe, type: DROPPED
Source: Yara match File source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPED
Source: Yara match File source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED

System Summary

barindex
Source: a1K847qsM0.exe, type: SAMPLE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: a1K847qsM0.exe, type: SAMPLE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: a1K847qsM0.exe, type: SAMPLE Matched rule: Detects njRAT based on some strings Author: Sekoia.io
Source: a1K847qsM0.exe, type: SAMPLE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: a1K847qsM0.exe, type: SAMPLE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 0.0.a1K847qsM0.exe.d20000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 0.0.a1K847qsM0.exe.d20000.0.unpack, type: UNPACKEDPE Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 0.0.a1K847qsM0.exe.d20000.0.unpack, type: UNPACKEDPE Matched rule: Detects njRAT based on some strings Author: Sekoia.io
Source: 0.0.a1K847qsM0.exe.d20000.0.unpack, type: UNPACKEDPE Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 0.0.a1K847qsM0.exe.d20000.0.unpack, type: UNPACKEDPE Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 00000000.00000002.2090087518.0000000004458000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000000.00000002.2090087518.0000000004458000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 00000000.00000000.2063530458.0000000000D22000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000000.00000000.2063530458.0000000000D22000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: C:\Program Files (x86)\Explower.exe, type: DROPPED Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: C:\Program Files (x86)\Explower.exe, type: DROPPED Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: C:\Program Files (x86)\Explower.exe, type: DROPPED Matched rule: Detects njRAT based on some strings Author: Sekoia.io
Source: C:\Program Files (x86)\Explower.exe, type: DROPPED Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: C:\Program Files (x86)\Explower.exe, type: DROPPED Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: C:\Program Files (x86)\Explower.exe, type: DROPPED Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: C:\Program Files (x86)\Explower.exe, type: DROPPED Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: C:\Program Files (x86)\Explower.exe, type: DROPPED Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: C:\Program Files (x86)\Explower.exe, type: DROPPED Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: C:\Program Files (x86)\Explower.exe, type: DROPPED Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: C:\Program Files (x86)\Explower.exe, type: DROPPED Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED Matched rule: Detects njRAT based on some strings Author: Sekoia.io
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: C:\Notepad.exe, type: DROPPED Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: C:\Notepad.exe, type: DROPPED Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: C:\Notepad.exe, type: DROPPED Matched rule: Detects njRAT based on some strings Author: Sekoia.io
Source: C:\Notepad.exe, type: DROPPED Matched rule: Detects njRAT based on some strings Author: Sekoia.io
Source: C:\Notepad.exe, type: DROPPED Matched rule: Detects njRAT based on some strings Author: Sekoia.io
Source: C:\Notepad.exe, type: DROPPED Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: C:\Notepad.exe, type: DROPPED Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPED Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPED Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPED Matched rule: Detects njRAT based on some strings Author: Sekoia.io
Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPED Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPED Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPED Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPED Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPED Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPED Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPED Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPED Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPED Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPED Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPED Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: Detects njRAT based on some strings Author: Sekoia.io
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: Detects njRAT based on some strings Author: Sekoia.io
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: Detects njRAT based on some strings Author: Sekoia.io
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: Detects njRAT based on some strings Author: Sekoia.io
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: Detects njRAT based on some strings Author: Sekoia.io
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: Detects njRAT based on some strings Author: Sekoia.io
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: Detects njRAT based on some strings Author: Sekoia.io
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: Detects njRAT based on some strings Author: Sekoia.io
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: Detects njRAT based on some strings Author: Sekoia.io
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: C:\Users\user\AppData\Local\Temp\server.exe Process Stats: CPU usage > 49%
Source: C:\Users\user\AppData\Local\Temp\server.exe Code function: 2_2_008FBDCA NtQuerySystemInformation, 2_2_008FBDCA
Source: C:\Users\user\AppData\Local\Temp\server.exe Code function: 2_2_008FBD99 NtQuerySystemInformation, 2_2_008FBD99
Source: C:\Users\user\AppData\Local\Temp\server.exe File created: C:\Windows\SysWOW64\Explower.exe Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Code function: 0_2_013F26E7 0_2_013F26E7
Source: C:\Users\user\Desktop\a1K847qsM0.exe Code function: 0_2_018E4298 0_2_018E4298
Source: C:\Users\user\Desktop\a1K847qsM0.exe Code function: 0_2_018E470F 0_2_018E470F
Source: C:\Users\user\Desktop\a1K847qsM0.exe Code function: 0_2_018E499D 0_2_018E499D
Source: C:\Users\user\Desktop\a1K847qsM0.exe Code function: 0_2_018E4936 0_2_018E4936
Source: C:\Users\user\Desktop\a1K847qsM0.exe Code function: 0_2_018E4630 0_2_018E4630
Source: C:\Users\user\Desktop\a1K847qsM0.exe Code function: 0_2_018E4544 0_2_018E4544
Source: C:\Users\user\Desktop\a1K847qsM0.exe Code function: 0_2_018E4B5B 0_2_018E4B5B
Source: C:\Users\user\Desktop\a1K847qsM0.exe Code function: 0_2_018E47D4 0_2_018E47D4
Source: C:\Users\user\Desktop\a1K847qsM0.exe Code function: 0_2_018E4269 0_2_018E4269
Source: C:\Users\user\Desktop\a1K847qsM0.exe Code function: 0_2_018E49F9 0_2_018E49F9
Source: C:\Users\user\Desktop\a1K847qsM0.exe Code function: 0_2_018E44F1 0_2_018E44F1
Source: C:\Users\user\Desktop\a1K847qsM0.exe Code function: 0_2_018E4C8F 0_2_018E4C8F
Source: C:\Users\user\Desktop\a1K847qsM0.exe Code function: 0_2_018E5000 0_2_018E5000
Source: C:\Users\user\Desktop\a1K847qsM0.exe Code function: 0_2_018E4F9D 0_2_018E4F9D
Source: C:\Users\user\Desktop\a1K847qsM0.exe Code function: 0_2_018E4F2F 0_2_018E4F2F
Source: C:\Users\user\Desktop\a1K847qsM0.exe Code function: 0_2_018E505D 0_2_018E505D
Source: C:\Users\user\Desktop\a1K847qsM0.exe Code function: 0_2_018E5459 0_2_018E5459
Source: C:\Users\user\Desktop\a1K847qsM0.exe Code function: 0_2_018E536F 0_2_018E536F
Source: C:\Users\user\Desktop\a1K847qsM0.exe Code function: 0_2_018E50E3 0_2_018E50E3
Source: C:\Users\user\AppData\Local\Temp\server.exe Code function: 2_2_008F26E7 2_2_008F26E7
Source: C:\Users\user\AppData\Local\Temp\server.exe Code function: 2_2_048C4298 2_2_048C4298
Source: C:\Users\user\AppData\Local\Temp\server.exe Code function: 2_2_048C7418 2_2_048C7418
Source: C:\Users\user\AppData\Local\Temp\server.exe Code function: 2_2_048C499D 2_2_048C499D
Source: C:\Users\user\AppData\Local\Temp\server.exe Code function: 2_2_048C47D4 2_2_048C47D4
Source: C:\Users\user\AppData\Local\Temp\server.exe Code function: 2_2_048C73FE 2_2_048C73FE
Source: C:\Users\user\AppData\Local\Temp\server.exe Code function: 2_2_048C49F9 2_2_048C49F9
Source: C:\Users\user\AppData\Local\Temp\server.exe Code function: 2_2_048C44F1 2_2_048C44F1
Source: C:\Users\user\AppData\Local\Temp\server.exe Code function: 2_2_048C470F 2_2_048C470F
Source: C:\Users\user\AppData\Local\Temp\server.exe Code function: 2_2_048C4936 2_2_048C4936
Source: C:\Users\user\AppData\Local\Temp\server.exe Code function: 2_2_048C4630 2_2_048C4630
Source: C:\Users\user\AppData\Local\Temp\server.exe Code function: 2_2_048C4544 2_2_048C4544
Source: C:\Users\user\AppData\Local\Temp\server.exe Code function: 2_2_048C4B5B 2_2_048C4B5B
Source: C:\Users\user\AppData\Local\Temp\server.exe Code function: 2_2_048C4269 2_2_048C4269
Source: C:\Users\user\AppData\Local\Temp\server.exe Code function: 2_2_048C4C8F 2_2_048C4C8F
Source: C:\Users\user\AppData\Local\Temp\server.exe Code function: 2_2_048C4F9D 2_2_048C4F9D
Source: C:\Users\user\AppData\Local\Temp\server.exe Code function: 2_2_048C50E3 2_2_048C50E3
Source: C:\Users\user\AppData\Local\Temp\server.exe Code function: 2_2_048C5000 2_2_048C5000
Source: C:\Users\user\AppData\Local\Temp\server.exe Code function: 2_2_048C4F2F 2_2_048C4F2F
Source: C:\Users\user\AppData\Local\Temp\server.exe Code function: 2_2_048C505D 2_2_048C505D
Source: C:\Users\user\AppData\Local\Temp\server.exe Code function: 2_2_048C5459 2_2_048C5459
Source: C:\Users\user\AppData\Local\Temp\server.exe Code function: 2_2_048C536F 2_2_048C536F
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Code function: 13_2_012226E7 13_2_012226E7
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Code function: 14_2_013126E7 14_2_013126E7
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Code function: 15_2_015A26E7 15_2_015A26E7
Source: a1K847qsM0.exe, 00000000.00000002.2089394653.000000000145E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamemscorwks.dllT vs a1K847qsM0.exe
Source: a1K847qsM0.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: a1K847qsM0.exe, type: SAMPLE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: a1K847qsM0.exe, type: SAMPLE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: a1K847qsM0.exe, type: SAMPLE Matched rule: crimeware_njrat_strings author = Sekoia.io, description = Detects njRAT based on some strings, creation_date = 2022-08-22, classification = TLP:CLEAR, version = 1.0, id = 215807ae-fbcb-478d-8941-e0787b883669
Source: a1K847qsM0.exe, type: SAMPLE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: a1K847qsM0.exe, type: SAMPLE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 0.0.a1K847qsM0.exe.d20000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 0.0.a1K847qsM0.exe.d20000.0.unpack, type: UNPACKEDPE Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.0.a1K847qsM0.exe.d20000.0.unpack, type: UNPACKEDPE Matched rule: crimeware_njrat_strings author = Sekoia.io, description = Detects njRAT based on some strings, creation_date = 2022-08-22, classification = TLP:CLEAR, version = 1.0, id = 215807ae-fbcb-478d-8941-e0787b883669
Source: 0.0.a1K847qsM0.exe.d20000.0.unpack, type: UNPACKEDPE Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 0.0.a1K847qsM0.exe.d20000.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 00000000.00000002.2090087518.0000000004458000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000000.00000002.2090087518.0000000004458000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 00000000.00000000.2063530458.0000000000D22000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000000.00000000.2063530458.0000000000D22000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: C:\Program Files (x86)\Explower.exe, type: DROPPED Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: C:\Program Files (x86)\Explower.exe, type: DROPPED Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: C:\Program Files (x86)\Explower.exe, type: DROPPED Matched rule: crimeware_njrat_strings author = Sekoia.io, description = Detects njRAT based on some strings, creation_date = 2022-08-22, classification = TLP:CLEAR, version = 1.0, id = 215807ae-fbcb-478d-8941-e0787b883669
Source: C:\Program Files (x86)\Explower.exe, type: DROPPED Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: C:\Program Files (x86)\Explower.exe, type: DROPPED Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: C:\Program Files (x86)\Explower.exe, type: DROPPED Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: C:\Program Files (x86)\Explower.exe, type: DROPPED Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: C:\Program Files (x86)\Explower.exe, type: DROPPED Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: C:\Program Files (x86)\Explower.exe, type: DROPPED Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: C:\Program Files (x86)\Explower.exe, type: DROPPED Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: C:\Program Files (x86)\Explower.exe, type: DROPPED Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED Matched rule: crimeware_njrat_strings author = Sekoia.io, description = Detects njRAT based on some strings, creation_date = 2022-08-22, classification = TLP:CLEAR, version = 1.0, id = 215807ae-fbcb-478d-8941-e0787b883669
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: C:\Notepad.exe, type: DROPPED Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: C:\Notepad.exe, type: DROPPED Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: C:\Notepad.exe, type: DROPPED Matched rule: crimeware_njrat_strings author = Sekoia.io, description = Detects njRAT based on some strings, creation_date = 2022-08-22, classification = TLP:CLEAR, version = 1.0, id = 215807ae-fbcb-478d-8941-e0787b883669
Source: C:\Notepad.exe, type: DROPPED Matched rule: crimeware_njrat_strings author = Sekoia.io, description = Detects njRAT based on some strings, creation_date = 2022-08-22, classification = TLP:CLEAR, version = 1.0, id = 215807ae-fbcb-478d-8941-e0787b883669
Source: C:\Notepad.exe, type: DROPPED Matched rule: crimeware_njrat_strings author = Sekoia.io, description = Detects njRAT based on some strings, creation_date = 2022-08-22, classification = TLP:CLEAR, version = 1.0, id = 215807ae-fbcb-478d-8941-e0787b883669
Source: C:\Notepad.exe, type: DROPPED Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: C:\Notepad.exe, type: DROPPED Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPED Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPED Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPED Matched rule: crimeware_njrat_strings author = Sekoia.io, description = Detects njRAT based on some strings, creation_date = 2022-08-22, classification = TLP:CLEAR, version = 1.0, id = 215807ae-fbcb-478d-8941-e0787b883669
Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPED Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPED Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPED Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPED Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPED Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPED Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPED Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPED Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPED Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPED Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPED Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: crimeware_njrat_strings author = Sekoia.io, description = Detects njRAT based on some strings, creation_date = 2022-08-22, classification = TLP:CLEAR, version = 1.0, id = 215807ae-fbcb-478d-8941-e0787b883669
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: crimeware_njrat_strings author = Sekoia.io, description = Detects njRAT based on some strings, creation_date = 2022-08-22, classification = TLP:CLEAR, version = 1.0, id = 215807ae-fbcb-478d-8941-e0787b883669
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: crimeware_njrat_strings author = Sekoia.io, description = Detects njRAT based on some strings, creation_date = 2022-08-22, classification = TLP:CLEAR, version = 1.0, id = 215807ae-fbcb-478d-8941-e0787b883669
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: crimeware_njrat_strings author = Sekoia.io, description = Detects njRAT based on some strings, creation_date = 2022-08-22, classification = TLP:CLEAR, version = 1.0, id = 215807ae-fbcb-478d-8941-e0787b883669
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: crimeware_njrat_strings author = Sekoia.io, description = Detects njRAT based on some strings, creation_date = 2022-08-22, classification = TLP:CLEAR, version = 1.0, id = 215807ae-fbcb-478d-8941-e0787b883669
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: crimeware_njrat_strings author = Sekoia.io, description = Detects njRAT based on some strings, creation_date = 2022-08-22, classification = TLP:CLEAR, version = 1.0, id = 215807ae-fbcb-478d-8941-e0787b883669
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: crimeware_njrat_strings author = Sekoia.io, description = Detects njRAT based on some strings, creation_date = 2022-08-22, classification = TLP:CLEAR, version = 1.0, id = 215807ae-fbcb-478d-8941-e0787b883669
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: crimeware_njrat_strings author = Sekoia.io, description = Detects njRAT based on some strings, creation_date = 2022-08-22, classification = TLP:CLEAR, version = 1.0, id = 215807ae-fbcb-478d-8941-e0787b883669
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: crimeware_njrat_strings author = Sekoia.io, description = Detects njRAT based on some strings, creation_date = 2022-08-22, classification = TLP:CLEAR, version = 1.0, id = 215807ae-fbcb-478d-8941-e0787b883669
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: classification engine Classification label: mal100.spre.phis.troj.adwa.evad.winEXE@16/22@0/1
Source: C:\Users\user\AppData\Local\Temp\server.exe Code function: 2_2_008FBC4E AdjustTokenPrivileges, 2_2_008FBC4E
Source: C:\Users\user\AppData\Local\Temp\server.exe Code function: 2_2_008FBC17 AdjustTokenPrivileges, 2_2_008FBC17
Source: C:\Users\user\AppData\Local\Temp\server.exe File created: C:\Program Files (x86)\Explower.exe Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe File created: C:\Users\user\AppData\Roaming\app Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Mutant created: NULL
Source: C:\Users\user\AppData\Local\Temp\server.exe Mutant created: \Sessions\1\BaseNamedObjects\24983f03fb74576bbc5af6aa1085b23d
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7056:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\server.exe Mutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1576:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6396:120:WilError_03
Source: C:\Users\user\Desktop\a1K847qsM0.exe File created: C:\Users\user\AppData\Local\Temp\FransescoPast.txt Jump to behavior
Source: a1K847qsM0.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: a1K847qsM0.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
Source: C:\Users\user\Desktop\a1K847qsM0.exe File read: C:\Users\user\Desktop\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: a1K847qsM0.exe ReversingLabs: Detection: 86%
Source: a1K847qsM0.exe Virustotal: Detection: 78%
Source: C:\Users\user\Desktop\a1K847qsM0.exe File read: C:\Users\user\Desktop\a1K847qsM0.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\a1K847qsM0.exe "C:\Users\user\Desktop\a1K847qsM0.exe"
Source: C:\Users\user\Desktop\a1K847qsM0.exe Process created: C:\Users\user\AppData\Local\Temp\server.exe "C:\Users\user\AppData\Local\Temp\server.exe"
Source: C:\Users\user\AppData\Local\Temp\server.exe Process created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Local\Temp\server.exe" "server.exe" ENABLE
Source: C:\Windows\SysWOW64\netsh.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\server.exe Process created: C:\Windows\SysWOW64\netsh.exe netsh firewall delete allowedprogram "C:\Users\user\AppData\Local\Temp\server.exe"
Source: C:\Users\user\AppData\Local\Temp\server.exe Process created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Local\Temp\server.exe" "server.exe" ENABLE
Source: C:\Windows\SysWOW64\netsh.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\netsh.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe"
Source: unknown Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe"
Source: unknown Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe"
Source: unknown Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe"
Source: C:\Users\user\Desktop\a1K847qsM0.exe Process created: C:\Users\user\AppData\Local\Temp\server.exe "C:\Users\user\AppData\Local\Temp\server.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Local\Temp\server.exe" "server.exe" ENABLE Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process created: C:\Windows\SysWOW64\netsh.exe netsh firewall delete allowedprogram "C:\Users\user\AppData\Local\Temp\server.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Local\Temp\server.exe" "server.exe" ENABLE Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: ifmon.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: mprapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: rasmontr.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: rasapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: rasman.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: mfc42u.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: rasman.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: authfwcfg.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: fwpolicyiomgr.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: firewallapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: fwbase.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: dhcpcmonitor.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: dot3cfg.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: dot3api.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: onex.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: eappcfg.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: eappprxy.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: fwcfg.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: hnetmon.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: netshell.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: netsetupapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: netiohlp.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: nshhttp.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: httpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: nshipsec.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: activeds.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: polstore.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: winipsec.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: adsldpc.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: nshwfp.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: p2pnetsh.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: p2p.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: rpcnsh.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: whhelper.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: wlancfg.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: wlanapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: wshelper.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: wevtapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: peerdistsh.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: wcmapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: rmclient.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: mobilenetworking.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: slc.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: ktmw32.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: mprmsg.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: ifmon.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: mprapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: rasmontr.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: rasapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: rasman.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: mfc42u.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: rasman.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: authfwcfg.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: fwpolicyiomgr.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: firewallapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: fwbase.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: dhcpcmonitor.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: dot3cfg.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: dot3api.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: onex.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: eappcfg.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: eappprxy.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: fwcfg.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: hnetmon.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: netshell.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: netsetupapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: netiohlp.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: nshhttp.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: httpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: nshipsec.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: activeds.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: polstore.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: winipsec.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: adsldpc.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: nshwfp.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: p2pnetsh.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: p2p.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: rpcnsh.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: whhelper.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: wlancfg.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: wlanapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: wshelper.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: wevtapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: peerdistsh.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: wcmapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: rmclient.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: mobilenetworking.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: slc.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: ktmw32.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: mprmsg.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: ifmon.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: mprapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: rasmontr.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: rasapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: rasman.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: mfc42u.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: rasman.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: authfwcfg.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: fwpolicyiomgr.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: firewallapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: fwbase.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: dhcpcmonitor.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: dot3cfg.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: dot3api.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: onex.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: eappcfg.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: eappprxy.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: fwcfg.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: hnetmon.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: netshell.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: netsetupapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: netiohlp.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: nshhttp.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: httpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: nshipsec.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: activeds.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: polstore.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: winipsec.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: adsldpc.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: nshwfp.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: p2pnetsh.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: p2p.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: rpcnsh.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: whhelper.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: wlancfg.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: wlanapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: wshelper.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: wevtapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: peerdistsh.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: wcmapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: rmclient.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: mobilenetworking.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: slc.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: ktmw32.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: mprmsg.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Section loaded: acgenral.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Section loaded: msacm32.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\InprocServer32 Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll Jump to behavior
Source: a1K847qsM0.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: C:\Users\user\Desktop\a1K847qsM0.exe File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll Jump to behavior
Source: a1K847qsM0.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

barindex
Source: a1K847qsM0.exe, Fransesco.cs .Net Code: Plugin System.Reflection.Assembly.Load(byte[])
Source: server.exe.0.dr, Fransesco.cs .Net Code: Plugin System.Reflection.Assembly.Load(byte[])
Source: Explower.exe.2.dr, Fransesco.cs .Net Code: Plugin System.Reflection.Assembly.Load(byte[])
Source: Explower.exe0.2.dr, Fransesco.cs .Net Code: Plugin System.Reflection.Assembly.Load(byte[])
Source: Explower.exe1.2.dr, Fransesco.cs .Net Code: Plugin System.Reflection.Assembly.Load(byte[])
Source: Explower.exe2.2.dr, Fransesco.cs .Net Code: Plugin System.Reflection.Assembly.Load(byte[])
Source: Explower.exe3.2.dr, Fransesco.cs .Net Code: Plugin System.Reflection.Assembly.Load(byte[])
Source: Explower.exe4.2.dr, Fransesco.cs .Net Code: Plugin System.Reflection.Assembly.Load(byte[])
Source: Notepad.exe.2.dr, Fransesco.cs .Net Code: Plugin System.Reflection.Assembly.Load(byte[])
Source: Explower.exe5.2.dr, Fransesco.cs .Net Code: Plugin System.Reflection.Assembly.Load(byte[])
Source: Microsoft Corporation.exe.2.dr, Fransesco.cs .Net Code: Plugin System.Reflection.Assembly.Load(byte[])
Source: C:\Users\user\Desktop\a1K847qsM0.exe Code function: 0_2_013F28F7 push eax; iretd 0_2_013F290E
Source: C:\Users\user\Desktop\a1K847qsM0.exe Code function: 0_2_013F26E7 push edi; iretd 0_2_013F2866
Source: C:\Users\user\Desktop\a1K847qsM0.exe Code function: 0_2_013F27CB push edi; iretd 0_2_013F2866
Source: C:\Users\user\AppData\Local\Temp\server.exe Code function: 2_2_008F27CB push edi; iretd 2_2_008F2866
Source: C:\Users\user\AppData\Local\Temp\server.exe Code function: 2_2_008F2F5C push eax; iretd 2_2_008F2F5E
Source: C:\Users\user\AppData\Local\Temp\server.exe Code function: 2_2_008F30AD push edi; iretd 2_2_008F30AE
Source: C:\Users\user\AppData\Local\Temp\server.exe Code function: 2_2_008F2EAB push edi; iretd 2_2_008F2ECE
Source: C:\Users\user\AppData\Local\Temp\server.exe Code function: 2_2_008F26E7 push edi; iretd 2_2_008F2866
Source: C:\Users\user\AppData\Local\Temp\server.exe Code function: 2_2_008F2F23 push eax; iretd 2_2_008F2F2E
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Code function: 13_2_012226E7 push edi; iretd 13_2_01222866
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Code function: 13_2_012228F7 push eax; iretd 13_2_0122290E
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Code function: 13_2_012227CB push edi; iretd 13_2_01222866
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Code function: 14_2_013128F7 push eax; iretd 14_2_0131290E
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Code function: 14_2_013126E7 push edi; iretd 14_2_01312866
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Code function: 14_2_013127CB push edi; iretd 14_2_01312866
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Code function: 15_2_015A27CB push edi; iretd 15_2_015A2866
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Code function: 15_2_015A28F7 push eax; iretd 15_2_015A290E
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Code function: 15_2_015A26E7 push edi; iretd 15_2_015A2866

Persistence and Installation Behavior

barindex
Source: C:\Users\user\AppData\Local\Temp\server.exe File created: C:\Users\user\Documents\Explower.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\server.exe File created: C:\Users\user\Desktop\Explower.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\server.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\Explower.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\server.exe File created: C:\Notepad.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\server.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\server.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\History\Explower.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\server.exe File created: C:\Windows\SysWOW64\Explower.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\server.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\server.exe File created: C:\Program Files (x86)\Explower.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\server.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Explower.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\server.exe File created: C:\Users\user\AppData\Local\Explower.exe Jump to dropped file
Source: C:\Users\user\Desktop\a1K847qsM0.exe File created: C:\Users\user\AppData\Local\Temp\server.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\server.exe File created: C:\Users\user\Favorites\Explower.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\server.exe File created: C:\Users\user\Documents\Explower.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\server.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\server.exe File created: C:\Program Files (x86)\Explower.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\server.exe File created: C:\Windows\SysWOW64\Explower.exe Jump to dropped file

Boot Survival

barindex
Source: C:\Users\user\AppData\Local\Temp\server.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\server.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\server.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\server.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Memory allocated: 16B0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Memory allocated: 3450000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Memory allocated: 1A10000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Memory allocated: BB0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Memory allocated: 26E0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Memory allocated: 46E0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Memory allocated: 56A0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Memory allocated: 66A0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Memory allocated: 6910000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Memory allocated: 4D20000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Memory allocated: 7910000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Memory allocated: 7910000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Memory allocated: 6910000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Memory allocated: 2C30000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Memory allocated: 3280000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Memory allocated: 5280000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Memory allocated: 16E0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Memory allocated: 32F0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Memory allocated: 52F0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Memory allocated: 1860000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Memory allocated: 34D0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Memory allocated: 54D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Code function: 15_2_05680006 sldt word ptr [eax] 15_2_05680006
Source: C:\Users\user\Desktop\a1K847qsM0.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Window / User API: threadDelayed 898 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Window / User API: threadDelayed 1140 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Window / User API: threadDelayed 3632 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Window / User API: foregroundWindowGot 672 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Window / User API: foregroundWindowGot 687 Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe TID: 6128 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe TID: 2316 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe TID: 4980 Thread sleep time: -1140000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe TID: 4980 Thread sleep time: -3632000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe TID: 6204 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe TID: 5568 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe TID: 5364 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe TID: 4072 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\a1K847qsM0.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe File opened: C:\Users\user\AppData\ Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe File opened: C:\Users\user\AppData\Roaming\Microsoft\ Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\ Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe File opened: C:\Users\user\ Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ Jump to behavior
Source: server.exe, 00000002.00000002.4533296745.00000000006F7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW <add nam
Source: server.exe, 00000002.00000002.4533296745.00000000006F7000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000003.00000003.2124388933.0000000003211000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000006.00000003.2153394359.00000000031F1000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: netsh.exe, 00000005.00000003.2134957244.0000000003131000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll$
Source: C:\Users\user\AppData\Local\Temp\server.exe Process information queried: ProcessInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Memory allocated: page read and write | page guard Jump to behavior
Source: C:\Users\user\Desktop\a1K847qsM0.exe Process created: C:\Users\user\AppData\Local\Temp\server.exe "C:\Users\user\AppData\Local\Temp\server.exe" Jump to behavior
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 07:06:58 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 09:17:30 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 07:16:17 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/24 | 16:52:32 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 01:20:23 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 10:34:33 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/09 | 10:09:37 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/07 | 01:47:42 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 10:03:50 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 20:09:33 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 12:49:07 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 05:57:34 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 10:05:13 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 07:58:26 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 00:07:01 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 15:55:46 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 04:27:52 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/07 | 03:27:49 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 06:34:55 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 14:35:23 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 18:33:59 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/07 | 00:41:05 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 12:55:55 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 02:57:43 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/11 | 14:07:25 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 04:44:16 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 15:25:48 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 04:49:30 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 03:54:58 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 11:47:51 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 18:12:35 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 08:15:53 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 14:47:42 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 14:50:39 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 02:50:42 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/24 | 18:01:56 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 06:37:33 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 10:10:31 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 03:42:39 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/07 | 03:26:19 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/24 | 18:11:15 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 17:43:01 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 05:37:40 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 12:32:47 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 03:01:21 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 07:59:56 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/05 | 22:06:51 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 06:04:29 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/24 | 13:56:28 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/02 | 23:58:11 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 06:55:40 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 12:22:12 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 17:22:53 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 12:12:53 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 02:25:30 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/24 | 18:00:26 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/05 | 21:21:38 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 08:25:12 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 02:33:05 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 09:34:46 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 10:59:41 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 16:09:31 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 00:17:36 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 00:44:32 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 16:22:32 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 01:40:17 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 11:35:32 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 20:56:23 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/11 | 13:46:11 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 18:40:16 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/24 | 12:26:09 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/24 | 15:42:07 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 14:03:49 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 05:36:10 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 13:22:41 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 03:18:57 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/05 | 22:48:23 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 11:14:47 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 08:58:55 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/24 | 16:56:19 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 17:06:46 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 01:41:47 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 16:06:25 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 09:58:48 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 06:58:57 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 03:25:23 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/02 | 23:51:49 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 15:02:48 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/09 | 10:13:25 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 15:57:22 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/11 | 13:57:00 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 10:51:10 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 03:46:47 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 15:39:00 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 10:22:50 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 12:07:35 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 01:51:43 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 05:07:14 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 06:49:52 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 06:59:11 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 12:28:59 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 11:40:13 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 21:07:02 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 16:28:03 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 04:20:14 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 19:29:16 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/24 | 17:04:41 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 18:21:52 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 10:22:14 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 20:34:45 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 19:19:57 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 01:55:14 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 11:50:48 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 08:08:35 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/07 | 04:16:50 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 07:20:05 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 18:03:30 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 03:32:04 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 00:29:55 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 04:30:49 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/23 | 21:42:33 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 16:49:19 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 20:18:38 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 08:10:39 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 00:00:39 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 04:35:11 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 00:06:47 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 14:33:51 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 13:36:24 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 07:02:35 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/09 | 09:33:53 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 12:23:42 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 16:20:48 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 00:42:48 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 12:33:01 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 07:59:19 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 11:08:36 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 02:20:16 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 18:50:20 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 15:12:44 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 02:24:00 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 15:47:26 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 15:22:03 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 05:53:11 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 15:20:31 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 10:31:55 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 11:39:19 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 02:34:35 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 07:32:24 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 16:26:19 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 15:29:04 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 08:59:49 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 09:05:11 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 01:42:01 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/05 | 22:41:22 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 16:27:49 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 01:37:20 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 07:38:32 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/24 | 13:30:26 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/05 | 20:46:01 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 10:02:59 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 04:31:03 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 04:48:39 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 09:59:18 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 10:12:18 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 04:21:44 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 08:51:54 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/09 | 09:27:05 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 14:25:19 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 05:29:08 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 06:24:20 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/05 | 22:25:15 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 09:24:11 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 05:46:45 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 05:43:52 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 12:34:31 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 06:02:05 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 01:16:35 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 06:45:08 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 13:31:46 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/07 | 03:59:23 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/24 | 00:58:25 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 06:00:42 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/11 | 13:45:57 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 06:35:49 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 00:10:35 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 07:10:09 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/26 | 22:14:36 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 04:50:04 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 05:45:15 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 05:13:02 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 16:17:51 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/24 | 13:25:08 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 16:14:12 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/07 | 04:40:32 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/24 | 15:33:02 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/02 | 23:21:20 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/24 | 15:54:26 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 19:18:27 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 17:12:57 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 19:17:05 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 16:53:52 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 13:27:58 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/23 | 21:43:26 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 10:11:25 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 07:01:05 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/09 | 09:05:27 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 16:07:47 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 05:34:10 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 15:09:02 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 08:12:39 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 04:38:04 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/07 | 04:35:14 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 09:45:35 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/09 | 08:34:54 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 15:54:53 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/24 | 14:51:40 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 07:03:28 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 03:16:57 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 18:45:02 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 09:11:22 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 16:11:06 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 09:46:29 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 05:56:41 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 16:43:56 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 14:04:40 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 03:14:34 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 16:02:30 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/24 | 16:50:48 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/05 | 21:38:35 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 04:01:50 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 16:26:56 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/07 | 00:29:42 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 21:56:52 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 15:28:11 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/07 | 03:11:06 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 06:15:55 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 07:14:17 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/24 | 18:29:05 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 09:07:34 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 09:48:50 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 01:54:21 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 03:30:04 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 03:20:45 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 11:40:50 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 04:41:38 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/24 | 13:10:32 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 11:57:49 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 08:18:31 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 01:41:47 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 05:29:45 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 10:59:04 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 04:55:42 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 01:51:06 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/07 | 03:44:10 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 12:59:03 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 17:21:23 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 07:23:59 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 06:55:40 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 16:40:03 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 11:30:54 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/24 | 13:13:26 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/05 | 23:13:25 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 05:26:51 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/07 | 01:36:16 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/24 | 16:13:17 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 16:43:48 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 19:35:27 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/24 | 17:46:50 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 09:39:24 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 15:45:03 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/24 | 18:21:11 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 09:31:53 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 19:14:40 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 10:30:25 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 00:32:13 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 19:24:38 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/11 | 14:19:44 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 19:08:00 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 04:57:42 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 08:53:01 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 20:25:03 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/24 | 04:45:33 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/07 | 01:04:03 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 19:26:22 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 15:03:31 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 15:13:29 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 14:59:16 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 18:40:53 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 01:05:09 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 15:38:09 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 05:40:37 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/05 | 20:39:36 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 12:24:35 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 15:31:08 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/24 | 17:40:05 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 10:45:22 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 07:10:46 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 16:58:30 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 04:18:11 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 00:21:24 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 05:02:13 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 16:34:51 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 05:26:15 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/02 | 23:56:27 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 05:51:26 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 12:22:12 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 13:59:32 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 23:57:44 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 16:16:21 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 20:11:37 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 08:00:04 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/11 | 14:53:22 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 04:47:09 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 08:33:47 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 10:21:59 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 10:31:18 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 02:41:00 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 23:18:29 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 07:19:32 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/05 | 22:22:21 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 07:25:43 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 02:03:15 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 09:00:10 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 17:55:20 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 02:29:17 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 01:21:53 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 10:15:48 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 05:56:41 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 15:01:18 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 14:52:15 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 07:05:28 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 12:31:17 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/11 | 14:21:48 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 14:42:56 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 05:38:33 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 07:11:39 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 07:06:58 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 14:04:03 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 18:50:59 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 15:44:49 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 14:26:57 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 05:32:26 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 14:46:04 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 06:03:35 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 18:02:00 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 15:52:44 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 09:00:49 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 04:24:22 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/26 | 22:09:18 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 09:10:08 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 23:44:32 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 10:47:22 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 21:51:15 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 12:18:24 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 06:32:32 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 01:31:12 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 08:35:47 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 10:04:20 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 03:37:05 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 19:59:51 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 22:47:56 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 18:41:09 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/02 | 23:41:51 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 03:02:14 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 09:08:04 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 07:40:36 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 11:12:24 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 22:57:15 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/07 | 02:32:38 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 04:00:59 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 09:00:33 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 16:31:37 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 04:02:07 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 23:37:13 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 07:11:39 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/07 | 03:08:48 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 10:46:15 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 04:12:02 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 05:48:30 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/24 | 17:06:05 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 04:41:22 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 19:44:30 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 10:38:19 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 18:53:28 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 06:17:55 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 20:42:40 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 15:17:22 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 08:18:47 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 10:34:49 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 03:28:00 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 16:09:19 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 18:32:04 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 10:31:18 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 07:26:36 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 06:39:56 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 15:19:08 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 11:01:35 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 03:49:24 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/02 | 23:29:51 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 04:44:52 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 10:50:56 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 11:02:12 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/09 | 10:16:02 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 04:09:22 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/11 | 14:10:20 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 01:38:13 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 03:56:05 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 05:39:04 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 04:46:39 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/07 | 03:40:03 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 07:43:14 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 09:43:12 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 08:50:47 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 15:37:16 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 08:13:30 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 06:47:08 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 09:19:53 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 14:29:26 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 00:47:26 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 16:40:17 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/02 | 23:19:33 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 10:45:38 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 13:32:39 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 06:05:36 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 02:30:11 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 09:59:55 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 09:39:47 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 16:48:26 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 19:42:09 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 15:25:56 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 12:09:58 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 15:51:22 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/05 | 21:00:51 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/24 | 13:37:27 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 12:14:17 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 06:18:32 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 08:47:50 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 03:26:52 - Program Manager
Source: a1K847qsM0.exe, 24983f03fb74576bbc5af6aa1085b23dWindows Update.exe.2.dr, Notepad.exe.2.dr, Explower.exe7.2.dr, Explower.exe2.2.dr, Explower.exe5.2.dr, Microsoft Corporation.exe.2.dr, Explower.exe4.2.dr, Explower.exe0.2.dr, Explower.exe8.2.dr, server.exe.0.dr Binary or memory string: Shell_traywnd+MostrarBarraDeTarefas
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 02:44:31 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/24 | 16:34:02 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/24 | 16:53:25 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/07 | 03:07:18 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 03:58:43 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 10:11:24 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 11:11:31 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 13:01:56 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 09:47:20 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 08:58:56 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 03:41:46 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 07:15:47 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 07:33:17 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 17:38:08 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 17:56:13 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 07:39:26 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 02:04:46 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 05:09:37 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 20:06:56 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 12:26:36 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 17:18:28 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 02:22:16 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 11:18:32 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 08:26:06 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 15:43:02 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 06:31:02 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 02:28:24 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 06:43:44 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 16:51:06 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 02:57:06 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/07 | 02:58:23 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 08:07:41 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 07:24:12 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/07 | 02:41:04 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 05:01:06 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 04:15:33 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 07:46:07 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 11:25:36 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 13:54:54 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 10:05:14 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 09:06:57 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/24 | 14:24:07 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 04:34:56 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 03:05:45 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 09:28:58 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 09:46:28 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 08:41:58 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 17:00:46 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/31 | 17:58:14 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/24 | 15:19:55 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 24/12/29 | 07:18:02 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 01:29:47 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 05:06:20 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 06:10:54 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 07:16:54 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 05:42:38 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/03 | 10:06:06 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 01:13:58 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 04:54:28 - Program Manager
Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 25/01/06 | 05:59:57 - Program Manager
Source: C:\Windows\SysWOW64\netsh.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Source: a1K847qsM0.exe, Fransesco.cs .Net Code: INS
Source: server.exe.0.dr, Fransesco.cs .Net Code: INS
Source: Explower.exe.2.dr, Fransesco.cs .Net Code: INS
Source: Explower.exe0.2.dr, Fransesco.cs .Net Code: INS
Source: Explower.exe1.2.dr, Fransesco.cs .Net Code: INS
Source: Explower.exe2.2.dr, Fransesco.cs .Net Code: INS
Source: Explower.exe3.2.dr, Fransesco.cs .Net Code: INS
Source: Explower.exe4.2.dr, Fransesco.cs .Net Code: INS
Source: Notepad.exe.2.dr, Fransesco.cs .Net Code: INS
Source: Explower.exe5.2.dr, Fransesco.cs .Net Code: INS
Source: Microsoft Corporation.exe.2.dr, Fransesco.cs .Net Code: INS
Source: C:\Users\user\AppData\Local\Temp\server.exe Registry value created: HKEY_CURRENT_USER\Environment SEE_MASK_NOZONECHECKS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\server.exe Process created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Local\Temp\server.exe" "server.exe" ENABLE
Source: C:\Users\user\AppData\Local\Temp\server.exe Process created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Local\Temp\server.exe" "server.exe" ENABLE

Stealing of Sensitive Information

barindex
Source: Yara match File source: a1K847qsM0.exe, type: SAMPLE
Source: Yara match File source: 0.0.a1K847qsM0.exe.d20000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.2090087518.0000000004458000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000000.2063530458.0000000000D22000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.4534386921.00000000026E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: a1K847qsM0.exe PID: 1276, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: server.exe PID: 384, type: MEMORYSTR
Source: Yara match File source: C:\Program Files (x86)\Explower.exe, type: DROPPED
Source: Yara match File source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED
Source: Yara match File source: C:\Notepad.exe, type: DROPPED
Source: Yara match File source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPED
Source: Yara match File source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED

Remote Access Functionality

barindex
Source: Yara match File source: a1K847qsM0.exe, type: SAMPLE
Source: Yara match File source: 0.0.a1K847qsM0.exe.d20000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.2090087518.0000000004458000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000000.2063530458.0000000000D22000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.4534386921.00000000026E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: a1K847qsM0.exe PID: 1276, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: server.exe PID: 384, type: MEMORYSTR
Source: Yara match File source: C:\Program Files (x86)\Explower.exe, type: DROPPED
Source: Yara match File source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED
Source: Yara match File source: C:\Notepad.exe, type: DROPPED
Source: Yara match File source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPED
Source: Yara match File source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs