Source: Network traffic |
Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 154.216.19.149:2047 -> 192.168.2.7:49706 |
Source: Network traffic |
Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 154.216.19.149:2047 -> 192.168.2.7:49723 |
Source: Network traffic |
Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 154.216.19.149:443 -> 192.168.2.7:49724 |
Source: Network traffic |
Suricata IDS: 2852870 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes : 85.209.133.150:6677 -> 192.168.2.7:49726 |
Source: Network traffic |
Suricata IDS: 2852874 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 : 85.209.133.150:6677 -> 192.168.2.7:49726 |
Source: Network traffic |
Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 154.216.19.149:443 -> 192.168.2.7:49728 |
Source: Network traffic |
Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 154.216.19.149:2047 -> 192.168.2.7:49722 |
Source: Network traffic |
Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 154.216.19.149:443 -> 192.168.2.7:49727 |
Source: Network traffic |
Suricata IDS: 2855924 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound : 192.168.2.7:49726 -> 85.209.133.150:6677 |
Source: Network traffic |
Suricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.7:49726 -> 85.209.133.150:6677 |
Source: Network traffic |
Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 154.216.19.149:443 -> 192.168.2.7:49738 |
Source: Network traffic |
Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 154.216.19.149:443 -> 192.168.2.7:49741 |
Source: Network traffic |
Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 154.216.19.149:443 -> 192.168.2.7:49732 |
Source: Network traffic |
Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 154.216.19.149:443 -> 192.168.2.7:49743 |
Source: Network traffic |
Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 154.216.19.149:443 -> 192.168.2.7:49740 |
Source: Network traffic |
Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 154.216.19.149:443 -> 192.168.2.7:49746 |
Source: Network traffic |
Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 154.216.19.149:443 -> 192.168.2.7:49751 |
Source: Network traffic |
Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 154.216.19.149:443 -> 192.168.2.7:49742 |
Source: Network traffic |
Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 154.216.19.149:443 -> 192.168.2.7:49733 |
Source: Network traffic |
Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 154.216.19.149:443 -> 192.168.2.7:49756 |
Source: Network traffic |
Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 154.216.19.149:443 -> 192.168.2.7:49758 |
Source: Network traffic |
Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 154.216.19.149:443 -> 192.168.2.7:49736 |
Source: Network traffic |
Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 154.216.19.149:443 -> 192.168.2.7:49753 |
Source: Network traffic |
Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 154.216.19.149:443 -> 192.168.2.7:49749 |
Source: Network traffic |
Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 154.216.19.149:443 -> 192.168.2.7:49748 |
Source: Network traffic |
Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 154.216.19.149:443 -> 192.168.2.7:49760 |
Source: Network traffic |
Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 154.216.19.149:443 -> 192.168.2.7:49750 |
Source: Network traffic |
Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 154.216.19.149:443 -> 192.168.2.7:49739 |
Source: Network traffic |
Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 154.216.19.149:443 -> 192.168.2.7:49759 |
Source: Network traffic |
Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 154.216.19.149:443 -> 192.168.2.7:49752 |
Source: Network traffic |
Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 154.216.19.149:443 -> 192.168.2.7:49747 |
Source: Network traffic |
Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 154.216.19.149:443 -> 192.168.2.7:49734 |
Source: Network traffic |
Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 154.216.19.149:443 -> 192.168.2.7:49737 |
Source: Network traffic |
Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 154.216.19.149:443 -> 192.168.2.7:49755 |
Source: Network traffic |
Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 154.216.19.149:443 -> 192.168.2.7:49745 |
Source: Network traffic |
Suricata IDS: 2853193 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound : 192.168.2.7:49726 -> 85.209.133.150:6677 |
Source: Network traffic |
Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 154.216.19.149:443 -> 192.168.2.7:49744 |
Source: Network traffic |
Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 154.216.19.149:443 -> 192.168.2.7:49735 |
Source: Network traffic |
Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 154.216.19.149:443 -> 192.168.2.7:49754 |
Source: Network traffic |
Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 154.216.19.149:443 -> 192.168.2.7:49757 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 204.79.197.203 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.98.116.138 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.98.116.138 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.98.116.138 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.50.201.200 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.50.201.200 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 204.79.197.203 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.50.201.200 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.50.201.200 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.50.201.200 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.98.116.138 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.98.116.138 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.98.116.138 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 154.216.19.149 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 154.216.19.149 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 154.216.19.149 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.98.116.138 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 154.216.19.149 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 204.79.197.203 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 154.216.19.149 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 154.216.19.149 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 154.216.19.149 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 154.216.19.149 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 154.216.19.149 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 154.216.19.149 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 154.216.19.149 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 154.216.19.149 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 154.216.19.149 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 154.216.19.149 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 154.216.19.149 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 154.216.19.149 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 154.216.19.149 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 154.216.19.149 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 154.216.19.149 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 154.216.19.149 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 154.216.19.149 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 154.216.19.149 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 154.216.19.149 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 154.216.19.149 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 154.216.19.149 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 154.216.19.149 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 154.216.19.149 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 154.216.19.149 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 154.216.19.149 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 154.216.19.149 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 154.216.19.149 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 154.216.19.149 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 154.216.19.149 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 154.216.19.149 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 154.216.19.149 |
Source: SendBugReportNew.exe, 00000009.00000002.1404127146.0000000002D49000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://c0rl.m%L |
Source: SendBugReportNew.exe, 00000009.00000002.1404272161.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000E.00000002.1686907778.0000000005107000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0 |
Source: SendBugReportNew.exe, 00000009.00000002.1404272161.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000E.00000002.1686907778.0000000005107000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0 |
Source: file.exe, 00000007.00000003.1288778796.0000000002440000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000007.00000003.1288442437.00000000026C7000.00000004.00000020.00020000.00000000.sdmp, SendBugReportNew.exe, 00000009.00000002.1404272161.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000E.00000002.1686907778.0000000005107000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: file.exe, 00000007.00000003.1288778796.0000000002440000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000007.00000003.1288442437.00000000026C7000.00000004.00000020.00020000.00000000.sdmp, SendBugReportNew.exe, 00000009.00000002.1404272161.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000E.00000002.1686907778.0000000005107000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0 |
Source: file.exe, 00000007.00000003.1288778796.0000000002440000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000007.00000003.1288442437.00000000026C7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000007.00000003.1286758641.00000000028C0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04 |
Source: file.exe, 00000007.00000003.1288778796.0000000002440000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000007.00000003.1288442437.00000000026C7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000007.00000003.1286758641.00000000028C0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s |
Source: file.exe, 00000007.00000003.1286758641.00000000028C0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t |
Source: SendBugReportNew.exe, 00000009.00000002.1404272161.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000E.00000002.1686907778.0000000005107000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08 |
Source: SendBugReportNew.exe, 00000009.00000002.1404272161.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000E.00000002.1686907778.0000000005107000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: file.exe, 00000007.00000003.1288778796.0000000002440000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000007.00000003.1288442437.00000000026C7000.00000004.00000020.00020000.00000000.sdmp, SendBugReportNew.exe, 00000009.00000002.1404272161.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000E.00000002.1686907778.0000000005107000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P |
Source: SendBugReportNew.exe, 00000009.00000002.1404272161.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000E.00000002.1686907778.0000000005107000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00 |
Source: file.exe, 00000007.00000003.1288778796.0000000002440000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000007.00000003.1288442437.00000000026C7000.00000004.00000020.00020000.00000000.sdmp, SendBugReportNew.exe, 00000009.00000002.1404272161.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000E.00000002.1686907778.0000000005107000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02 |
Source: SendBugReportNew.exe, 00000009.00000002.1404272161.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000E.00000002.1686907778.0000000005107000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w |
Source: SendBugReportNew.exe, 00000009.00000002.1404272161.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000E.00000002.1686907778.0000000005107000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: file.exe, 00000007.00000003.1288778796.0000000002440000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000007.00000003.1288442437.00000000026C7000.00000004.00000020.00020000.00000000.sdmp, SendBugReportNew.exe, 00000009.00000002.1404272161.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000E.00000002.1686907778.0000000005107000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: SendBugReportNew.exe, 00000009.00000002.1404272161.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000E.00000002.1686907778.0000000005107000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L |
Source: file.exe, 00000007.00000003.1288778796.0000000002440000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000007.00000003.1288442437.00000000026C7000.00000004.00000020.00020000.00000000.sdmp, SendBugReportNew.exe, 00000009.00000002.1404272161.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000E.00000002.1686907778.0000000005107000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0 |
Source: file.exe, 00000007.00000003.1288778796.0000000002440000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000007.00000003.1288442437.00000000026C7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000007.00000003.1286758641.00000000028C0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0# |
Source: file.exe, 00000007.00000003.1286758641.00000000028C0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0# |
Source: file.exe, 00000007.00000003.1288778796.0000000002440000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000007.00000003.1288442437.00000000026C7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000007.00000003.1286758641.00000000028C0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.comodoca.com0 |
Source: SendBugReportNew.exe, 00000009.00000002.1404272161.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000E.00000002.1686907778.0000000005107000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0A |
Source: file.exe, 00000007.00000003.1288778796.0000000002440000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000007.00000003.1288442437.00000000026C7000.00000004.00000020.00020000.00000000.sdmp, SendBugReportNew.exe, 00000009.00000002.1404127146.0000000002D49000.00000004.00000020.00020000.00000000.sdmp, SendBugReportNew.exe, 00000009.00000002.1404272161.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000E.00000002.1686907778.0000000005107000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: SendBugReportNew.exe, 00000009.00000002.1404272161.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000E.00000002.1686907778.0000000005107000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0L |
Source: file.exe, 00000007.00000003.1288778796.0000000002440000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000007.00000003.1288442437.00000000026C7000.00000004.00000020.00020000.00000000.sdmp, SendBugReportNew.exe, 00000009.00000002.1404272161.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000E.00000002.1686907778.0000000005107000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0O |
Source: file.exe, 00000007.00000003.1288778796.0000000002440000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000007.00000003.1288442437.00000000026C7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000007.00000003.1286758641.00000000028C0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.sectigo.com0 |
Source: file.exe, 00000007.00000003.1288778796.0000000002440000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000007.00000003.1288442437.00000000026C7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://s.symcb.com/universal-root.crl0 |
Source: file.exe, 00000007.00000003.1288778796.0000000002440000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000007.00000003.1288442437.00000000026C7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://s.symcd.com06 |
Source: SendBugReportNew.exe, 00000009.00000002.1404272161.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000E.00000002.1686907778.0000000005107000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0 |
Source: SendBugReportNew.exe, 00000009.00000002.1404272161.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000E.00000002.1686907778.0000000005107000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://s2.symcb.com0 |
Source: file.exe, 00000007.00000003.1288442437.00000000026C7000.00000004.00000020.00020000.00000000.sdmp, SendBugReportNew.exe, 00000009.00000000.1290343124.0000000000401000.00000020.00000001.01000000.00000005.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/ |
Source: SendBugReportNew.exe, 00000009.00000002.1404272161.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000E.00000002.1686907778.0000000005107000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://sv.symcb.com/sv.crl0a |
Source: SendBugReportNew.exe, 00000009.00000002.1404272161.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000E.00000002.1686907778.0000000005107000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://sv.symcb.com/sv.crt0 |
Source: SendBugReportNew.exe, 00000009.00000002.1404272161.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000E.00000002.1686907778.0000000005107000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://sv.symcd.com0& |
Source: file.exe, 00000007.00000003.1288778796.0000000002440000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000007.00000003.1288442437.00000000026C7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0( |
Source: file.exe, 00000007.00000003.1288778796.0000000002440000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000007.00000003.1288442437.00000000026C7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0 |
Source: file.exe, 00000007.00000003.1288778796.0000000002440000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000007.00000003.1288442437.00000000026C7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ts-ocsp.ws.symantec.com0; |
Source: file.exe, 00000007.00000003.1288778796.0000000002440000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000007.00000003.1288442437.00000000026C7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: SendBugReportNew.exe, 00000009.00000002.1404272161.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000E.00000002.1686907778.0000000005107000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0 |
Source: SendBugReportNew.exe, 00000009.00000002.1404272161.0000000002E23000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000E.00000002.1686907778.00000000050BE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.info-zip.org/ |
Source: SendBugReportNew.exe, 00000009.00000002.1404272161.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000E.00000002.1686907778.0000000005107000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.symauth.com/cps0( |
Source: SendBugReportNew.exe, 00000009.00000002.1404127146.0000000002D49000.00000004.00000020.00020000.00000000.sdmp, SendBugReportNew.exe, 00000009.00000002.1404272161.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000E.00000002.1686907778.0000000005107000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.symauth.com/rpa00 |
Source: SendBugReportNew.exe, 00000009.00000002.1404272161.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000E.00000002.1686907778.0000000005107000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.vmware.com/0 |
Source: SendBugReportNew.exe, 00000009.00000002.1404272161.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000E.00000002.1686907778.0000000005107000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.vmware.com/0/ |
Source: OpenWith.exe, OpenWith.exe, 00000011.00000003.1505283509.000001F6663DE000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1677547052.000001F6663D7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1498738651.000001F6663DE000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1511247150.000001F6663E4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1495447075.000001F6663DE000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1501372188.000001F6663DE000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1504313864.000001F6663DE000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1494409589.000001F6663DE000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1496020851.000001F6663DE000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1496455071.000001F6663DE000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1494693265.000001F6663DE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://154.216.19.149:2047/888260cc6af8f/07djb4gj.jifud |
Source: OpenWith.exe, 0000000D.00000002.1394086131.00000000026EC000.00000004.00000010.00020000.00000000.sdmp |
String found in binary or memory: https://154.216.19.149:2047/888260cc6af8f/07djb4gj.jifud( |
Source: OpenWith.exe, 0000000D.00000003.1393605091.0000000004F54000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000D.00000003.1393605091.0000000004F58000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000D.00000002.1394825096.0000000004F59000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://154.216.19.149:2047/888260cc6af8f/07djb4gj.jifudkernelbasentdllkernel32GetProcessMitigationP |
Source: OpenWith.exe, 00000011.00000003.1545991978.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1501094672.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1556366377.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1507797611.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1501856862.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1539955152.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1551283365.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1495610611.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1544923206.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1557954411.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1541801059.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1502193124.000001F666877000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: OpenWith.exe, 00000011.00000003.1545991978.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1501094672.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1556366377.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1507797611.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1501856862.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1539955152.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1551283365.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1495610611.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1544923206.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1557954411.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1541801059.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1502193124.000001F666877000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: OpenWith.exe, 00000011.00000003.1545991978.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1501094672.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1556366377.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1507797611.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1501856862.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1539955152.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1551283365.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1544923206.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1557954411.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1541801059.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1502193124.000001F666877000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.sea |
Source: OpenWith.exe, 00000011.00000003.1495610611.000001F666877000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: OpenWith.exe, 00000011.00000003.1545991978.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1501094672.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1556366377.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1507797611.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1501856862.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1539955152.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1551283365.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1495610611.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1544923206.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1557954411.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1541801059.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1502193124.000001F666877000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: file.exe, 00000007.00000003.1288778796.0000000002440000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000007.00000003.1288442437.00000000026C7000.00000004.00000020.00020000.00000000.sdmp, SendBugReportNew.exe, 00000009.00000002.1404272161.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000E.00000002.1686907778.0000000005107000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://d.symcb.com/cps0% |
Source: file.exe, 00000007.00000003.1288778796.0000000002440000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000007.00000003.1288442437.00000000026C7000.00000004.00000020.00020000.00000000.sdmp, SendBugReportNew.exe, 00000009.00000002.1404272161.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000E.00000002.1686907778.0000000005107000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://d.symcb.com/rpa0 |
Source: file.exe, 00000007.00000003.1288778796.0000000002440000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000007.00000003.1288442437.00000000026C7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://d.symcb.com/rpa0. |
Source: file.exe, 00000007.00000003.1288778796.0000000002440000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000007.00000003.1288442437.00000000026C7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000007.00000003.1286758641.00000000028C0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sectigo.com/CPS0 |
Source: OpenWith.exe, 00000011.00000003.1505283509.000001F6663DE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91 |
Source: OpenWith.exe, 00000011.00000003.1504313864.000001F6663DE000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1502338268.000001F66667B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016 |
Source: OpenWith.exe, 00000011.00000003.1504313864.000001F6663DE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201691ad-216 |
Source: SendBugReportNew.exe, 00000009.00000002.1404127146.0000000002D49000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.digicert.c |
Source: file.exe, 00000007.00000003.1288778796.0000000002440000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000007.00000003.1288442437.00000000026C7000.00000004.00000020.00020000.00000000.sdmp, SendBugReportNew.exe, 00000009.00000002.1404272161.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000E.00000002.1686907778.0000000005107000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.digicert.com/CPS0 |
Source: OpenWith.exe, 00000011.00000003.1545991978.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1501094672.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1556366377.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1507797611.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1501856862.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1539955152.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1551283365.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1495610611.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1544923206.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1557954411.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1541801059.000001F666877000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000011.00000003.1502193124.000001F666877000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: file.exe, 00000007.00000003.1288442437.00000000026C7000.00000004.00000020.00020000.00000000.sdmp, SendBugReportNew.exe, 00000009.00000000.1290343124.0000000000401000.00000020.00000001.01000000.00000005.sdmp |
String found in binary or memory: https://www.iobit.com/en/privacy.phpOpenU |
Source: unknown |
Network traffic detected: HTTP traffic on port 49733 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49744 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49743 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49742 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49672 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49741 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49740 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49727 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49743 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49746 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49739 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49738 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49736 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49737 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49736 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49759 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49735 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49753 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49734 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49733 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49732 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49675 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49698 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49732 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49671 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49724 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49742 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49728 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49749 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49752 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49728 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49727 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49718 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49725 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49735 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49724 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49739 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49756 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49674 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49758 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49760 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49725 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49741 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49748 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49760 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49745 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49718 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49751 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49759 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49758 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49757 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49738 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49755 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49756 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49698 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49755 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49757 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49734 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49754 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49753 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49752 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49677 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49751 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49750 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49740 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49747 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49744 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49750 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49749 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49748 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49754 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49747 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49737 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49746 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49745 |
Source: 23.2.cmd.exe.34407f8.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 32.2.cmd.exe.31c00c8.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: 14.2.cmd.exe.5152b57.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 23.2.cmd.exe.53fcb57.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 14.2.cmd.exe.59800c8.8.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: 14.2.cmd.exe.59800c8.8.unpack, type: UNPACKEDPE |
Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: 14.2.cmd.exe.510da8a.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 9.2.SendBugReportNew.exe.2ec65ce.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 36.2.MSBuild.exe.150000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: 23.2.cmd.exe.53fd757.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 32.2.cmd.exe.52e1a8a.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 23.2.cmd.exe.53b7a8a.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 32.2.cmd.exe.31c00c8.0.unpack, type: UNPACKEDPE |
Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: 32.2.cmd.exe.5327757.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 9.2.SendBugReportNew.exe.2ec59ce.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 32.2.cmd.exe.5326b57.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 14.2.cmd.exe.5153757.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 9.2.SendBugReportNew.exe.2e80901.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 00000020.00000002.1996059413.00000000031C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: 0000000E.00000002.1687453554.0000000005980000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: 00000024.00000002.1997258638.0000000000152000.00000002.00000001.01000000.00000000.sdmp, type: MEMORY |
Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: C:\Users\user\AppData\Local\Temp\tqco, type: DROPPED |
Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: C:\Users\user\AppData\Local\Temp\cfi, type: DROPPED |
Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_000001F665D830C7 RtlAllocateHeap,RtlAllocateHeap,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,RtlDeleteBoundaryDescriptor,RtlDeleteBoundaryDescriptor, |
17_3_000001F665D830C7 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4218AC10C NtAcceptConnectPort, |
17_3_00007DF4218AC10C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4218AD2F4 NtAcceptConnectPort,NtAcceptConnectPort, |
17_3_00007DF4218AD2F4 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4218AC47C NtAcceptConnectPort, |
17_3_00007DF4218AC47C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4218AB498 NtAcceptConnectPort,_calloc_dbg,DuplicateHandle,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort, |
17_3_00007DF4218AB498 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4218AD3C0 NtAcceptConnectPort,NtAcceptConnectPort, |
17_3_00007DF4218AD3C0 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4218AC70C NtAcceptConnectPort, |
17_3_00007DF4218AC70C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4218AC7CC NtAcceptConnectPort, |
17_3_00007DF4218AC7CC |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4218AAD14 NtAcceptConnectPort, |
17_3_00007DF4218AAD14 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4218AACC8 NtAcceptConnectPort, |
17_3_00007DF4218AACC8 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4218ABCC0 RtlDosPathNameToNtPathName_U,NtAcceptConnectPort,NtAcceptConnectPort,??3@YAXPEAX@Z, |
17_3_00007DF4218ABCC0 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4218AACE8 NtAcceptConnectPort, |
17_3_00007DF4218AACE8 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4218AAC0C NtAcceptConnectPort, |
17_3_00007DF4218AAC0C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4218AAF40 NtAcceptConnectPort, |
17_3_00007DF4218AAF40 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4218AAF60 NtAcceptConnectPort, |
17_3_00007DF4218AAF60 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4218ABE6C NtAcceptConnectPort, |
17_3_00007DF4218ABE6C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4218AAE5C NtAcceptConnectPort, |
17_3_00007DF4218AAE5C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4218AADD4 NtAcceptConnectPort, |
17_3_00007DF4218AADD4 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_2_000001F664381A90 NtAcceptConnectPort,NtAcceptConnectPort,RtlAddVectoredExceptionHandler, |
17_2_000001F664381A90 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_2_000001F664380AC8 NtAcceptConnectPort,NtAcceptConnectPort, |
17_2_000001F664380AC8 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_2_000001F664381CD0 RtlAllocateHeap,NtAcceptConnectPort,FindCloseChangeNotification, |
17_2_000001F664381CD0 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_2_000001F6643815AC NtAcceptConnectPort, |
17_2_000001F6643815AC |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_3_00007DF4ADB71CE8 _calloc_dbg,CreateProcessW,NtResumeThread,FindCloseChangeNotification,??3@YAXPEAX@Z, |
26_3_00007DF4ADB71CE8 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_3_00007DF4ADB71958 _calloc_dbg,NtAllocateVirtualMemory,NtWriteVirtualMemory,NtQueryInformationProcess,NtReadVirtualMemory,NtReadVirtualMemory,NtReadVirtualMemory,NtReadVirtualMemory,NtProtectVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory,NtProtectVirtualMemory, |
26_3_00007DF4ADB71958 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_0000023076702418 NtAcceptConnectPort, |
26_2_0000023076702418 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_000002307670288C NtAcceptConnectPort, |
26_2_000002307670288C |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_00000230767028E8 NtAcceptConnectPort, |
26_2_00000230767028E8 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_00000230767028B8 NtAcceptConnectPort, |
26_2_00000230767028B8 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_0000023076702990 NtAcceptConnectPort, |
26_2_0000023076702990 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_00000230767029D4 NtAcceptConnectPort, |
26_2_00000230767029D4 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_00000230767027B8 NtAcceptConnectPort, |
26_2_00000230767027B8 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_0000023076702C64 NtAcceptConnectPort, |
26_2_0000023076702C64 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_000002307670252C NtAcceptConnectPort, |
26_2_000002307670252C |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_00007DF4ADB71E64 CreateProcessW,NtResumeThread,FindCloseChangeNotification, |
26_2_00007DF4ADB71E64 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_00007DF4ADB7199C NtQueryInformationProcess,NtReadVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory, |
26_2_00007DF4ADB7199C |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_00007DF4ADB82704 NtQuerySystemInformation,??3@YAXPEAX@Z,_malloc_dbg,NtQuerySystemInformation, |
26_2_00007DF4ADB82704 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 27_2_00000213BBF5385C NtQuerySystemInformation, |
27_2_00000213BBF5385C |
Source: C:\Users\user\Desktop\file.exe |
Code function: 7_2_00404FAA |
7_2_00404FAA |
Source: C:\Users\user\Desktop\file.exe |
Code function: 7_2_0041206B |
7_2_0041206B |
Source: C:\Users\user\Desktop\file.exe |
Code function: 7_2_0041022D |
7_2_0041022D |
Source: C:\Users\user\Desktop\file.exe |
Code function: 7_2_00411F91 |
7_2_00411F91 |
Source: C:\Users\user\AppData\Roaming\Javaoraclev4\YIUEROPTJR\V3.exe |
Code function: 10_2_00C90BC1 |
10_2_00C90BC1 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_000001F665D824F7 |
17_3_000001F665D824F7 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_000001F665D85E7C |
17_3_000001F665D85E7C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_000001F665D8557C |
17_3_000001F665D8557C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_000001F665D858FC |
17_3_000001F665D858FC |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_000001F665D81BA6 |
17_3_000001F665D81BA6 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_000001F665D8279C |
17_3_000001F665D8279C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_000001F665D84A38 |
17_3_000001F665D84A38 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_000001F665D82C3C |
17_3_000001F665D82C3C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4218DB104 |
17_3_00007DF4218DB104 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF421882634 |
17_3_00007DF421882634 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF42194A168 |
17_3_00007DF42194A168 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4218F20BC |
17_3_00007DF4218F20BC |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4218CF02C |
17_3_00007DF4218CF02C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF421881058 |
17_3_00007DF421881058 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF42196AF80 |
17_3_00007DF42196AF80 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4218FCFB4 |
17_3_00007DF4218FCFB4 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF42197BFCC |
17_3_00007DF42197BFCC |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF42196B318 |
17_3_00007DF42196B318 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4219772C8 |
17_3_00007DF4219772C8 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF42191E24C |
17_3_00007DF42191E24C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4218D2524 |
17_3_00007DF4218D2524 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF42196A4A0 |
17_3_00007DF42196A4A0 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF421968474 |
17_3_00007DF421968474 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4218E93F4 |
17_3_00007DF4218E93F4 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4218C43F8 |
17_3_00007DF4218C43F8 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4218DA430 |
17_3_00007DF4218DA430 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF42195A3D4 |
17_3_00007DF42195A3D4 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4218CF3B8 |
17_3_00007DF4218CF3B8 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4218E96E0 |
17_3_00007DF4218E96E0 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF42188F624 |
17_3_00007DF42188F624 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4218DD594 |
17_3_00007DF4218DD594 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4218E95D0 |
17_3_00007DF4218E95D0 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4218D75E4 |
17_3_00007DF4218D75E4 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4218A996C |
17_3_00007DF4218A996C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF42189F95C |
17_3_00007DF42189F95C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF42196A8BC |
17_3_00007DF42196A8BC |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4218DB7B8 |
17_3_00007DF4218DB7B8 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF42189FB24 |
17_3_00007DF42189FB24 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF42196FB04 |
17_3_00007DF42196FB04 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF42197CB04 |
17_3_00007DF42197CB04 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4218E9B38 |
17_3_00007DF4218E9B38 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4218D9B70 |
17_3_00007DF4218D9B70 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4218CFA94 |
17_3_00007DF4218CFA94 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4218F9AE0 |
17_3_00007DF4218F9AE0 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4218DCA38 |
17_3_00007DF4218DCA38 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4219669A8 |
17_3_00007DF4219669A8 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF42189D9F0 |
17_3_00007DF42189D9F0 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF421885C24 |
17_3_00007DF421885C24 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF421926C60 |
17_3_00007DF421926C60 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4218EDC54 |
17_3_00007DF4218EDC54 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF42195EBE4 |
17_3_00007DF42195EBE4 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4218B0F04 |
17_3_00007DF4218B0F04 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4218B9F4C |
17_3_00007DF4218B9F4C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF421969F68 |
17_3_00007DF421969F68 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF42196AE00 |
17_3_00007DF42196AE00 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF421891E54 |
17_3_00007DF421891E54 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF421976DAC |
17_3_00007DF421976DAC |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF421963D84 |
17_3_00007DF421963D84 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_3_00007DF4218CFDE0 |
17_3_00007DF4218CFDE0 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 17_2_000001F664380C5C |
17_2_000001F664380C5C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 25_2_00D47068 |
25_2_00D47068 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 25_2_00D4B550 |
25_2_00D4B550 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 25_2_00D46798 |
25_2_00D46798 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 25_2_00D46450 |
25_2_00D46450 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 25_2_00D40C10 |
25_2_00D40C10 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_3_00007DF4ADB74EFC |
26_3_00007DF4ADB74EFC |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_3_00007DF4ADB7392C |
26_3_00007DF4ADB7392C |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_3_00007DF4ADB72204 |
26_3_00007DF4ADB72204 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_00000230766FC25C |
26_2_00000230766FC25C |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_0000023076702D24 |
26_2_0000023076702D24 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_00000230766F2628 |
26_2_00000230766F2628 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_0000023076707270 |
26_2_0000023076707270 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_0000023076730270 |
26_2_0000023076730270 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_0000023076724A50 |
26_2_0000023076724A50 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_0000023076733A4D |
26_2_0000023076733A4D |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_0000023076723A38 |
26_2_0000023076723A38 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_0000023076705ADC |
26_2_0000023076705ADC |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_000002307670E398 |
26_2_000002307670E398 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_000002307672CC00 |
26_2_000002307672CC00 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_0000023076717094 |
26_2_0000023076717094 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_0000023076730874 |
26_2_0000023076730874 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_000002307671D854 |
26_2_000002307671D854 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_0000023076725918 |
26_2_0000023076725918 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_00000230767248D0 |
26_2_00000230767248D0 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_000002307672E984 |
26_2_000002307672E984 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_0000023076710174 |
26_2_0000023076710174 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_000002307672F940 |
26_2_000002307672F940 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_000002307672F1D0 |
26_2_000002307672F1D0 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_0000023076713EA4 |
26_2_0000023076713EA4 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_0000023076717684 |
26_2_0000023076717684 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_0000023076706F24 |
26_2_0000023076706F24 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_0000023076725EC8 |
26_2_0000023076725EC8 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_00000230767186B4 |
26_2_00000230767186B4 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_000002307670BEB8 |
26_2_000002307670BEB8 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_0000023076723F70 |
26_2_0000023076723F70 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_000002307670C750 |
26_2_000002307670C750 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_000002307670D010 |
26_2_000002307670D010 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_000002307672A81C |
26_2_000002307672A81C |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_0000023076720478 |
26_2_0000023076720478 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_0000023076736434 |
26_2_0000023076736434 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_0000023076716D18 |
26_2_0000023076716D18 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_000002307670DCE4 |
26_2_000002307670DCE4 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_000002307672ECE4 |
26_2_000002307672ECE4 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_00000230766F14D0 |
26_2_00000230766F14D0 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_0000023076730D90 |
26_2_0000023076730D90 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_000002307670F618 |
26_2_000002307670F618 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_0000023076724DE8 |
26_2_0000023076724DE8 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_00000230767295D4 |
26_2_00000230767295D4 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_00000230767255B0 |
26_2_00000230767255B0 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 26_2_00007DF4ADB722CC |
26_2_00007DF4ADB722CC |
Source: C:\Windows\System32\dllhost.exe |
Code function: 27_2_00000213BBF5737C |
27_2_00000213BBF5737C |
Source: C:\Windows\System32\dllhost.exe |
Code function: 27_2_00000213BBF73B40 |
27_2_00000213BBF73B40 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 27_2_00000213BBF7C2EC |
27_2_00000213BBF7C2EC |
Source: C:\Windows\System32\dllhost.exe |
Code function: 27_2_00000213BBF692D4 |
27_2_00000213BBF692D4 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 27_2_00000213BBF72AA0 |
27_2_00000213BBF72AA0 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 27_2_00000213BBF72254 |
27_2_00000213BBF72254 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 27_2_00000213BBF73210 |
27_2_00000213BBF73210 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 27_2_00000213BBF69998 |
27_2_00000213BBF69998 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 27_2_00000213BBF68980 |
27_2_00000213BBF68980 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 27_2_00000213BBF74144 |
27_2_00000213BBF74144 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 27_2_00000213BBF6A860 |
27_2_00000213BBF6A860 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 27_2_00000213BBF69818 |
27_2_00000213BBF69818 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 27_2_00000213BBF5BFE4 |
27_2_00000213BBF5BFE4 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 27_2_00000213BBF627A4 |
27_2_00000213BBF627A4 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 27_2_00000213BBF6F76C |
27_2_00000213BBF6F76C |
Source: C:\Windows\System32\dllhost.exe |
Code function: 27_2_00000213BBF6AF55 |
27_2_00000213BBF6AF55 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 27_2_00000213BBF68EB8 |
27_2_00000213BBF68EB8 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 27_2_00000213BBF7C668 |
27_2_00000213BBF7C668 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 27_2_00000213BBF74660 |
27_2_00000213BBF74660 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 27_2_00000213BBF5D604 |
27_2_00000213BBF5D604 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 27_2_00000213BBF6AE10 |
27_2_00000213BBF6AE10 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 27_2_00000213BBF58DF4 |
27_2_00000213BBF58DF4 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 27_2_00000213BBF5C5D4 |
27_2_00000213BBF5C5D4 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 27_2_00000213BBF725B4 |
27_2_00000213BBF725B4 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 27_2_00000213BBF69D30 |
27_2_00000213BBF69D30 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 27_2_00000213BBF7B516 |
27_2_00000213BBF7B516 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 27_2_00000213BBF6E51C |
27_2_00000213BBF6E51C |
Source: C:\Windows\System32\dllhost.exe |
Code function: 27_2_00000213BBF6A4F8 |
27_2_00000213BBF6A4F8 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 27_2_00000213BBF7C500 |
27_2_00000213BBF7C500 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 27_2_00000213BBF5BC68 |
27_2_00000213BBF5BC68 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 27_2_00000213BBF653C8 |
27_2_00000213BBF653C8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 36_2_00A20C0C |
36_2_00A20C0C |
Source: 23.2.cmd.exe.34407f8.1.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 32.2.cmd.exe.31c00c8.0.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 14.2.cmd.exe.5152b57.4.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 23.2.cmd.exe.53fcb57.3.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 14.2.cmd.exe.59800c8.8.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 14.2.cmd.exe.59800c8.8.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 14.2.cmd.exe.510da8a.3.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 9.2.SendBugReportNew.exe.2ec65ce.5.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 36.2.MSBuild.exe.150000.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 23.2.cmd.exe.53fd757.4.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 32.2.cmd.exe.52e1a8a.6.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 23.2.cmd.exe.53b7a8a.5.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 32.2.cmd.exe.31c00c8.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 32.2.cmd.exe.5327757.3.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 9.2.SendBugReportNew.exe.2ec59ce.6.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 32.2.cmd.exe.5326b57.4.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 14.2.cmd.exe.5153757.6.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 9.2.SendBugReportNew.exe.2e80901.3.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 00000020.00000002.1996059413.00000000031C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 0000000E.00000002.1687453554.0000000005980000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 00000024.00000002.1997258638.0000000000152000.00000002.00000001.01000000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: C:\Users\user\AppData\Local\Temp\tqco, type: DROPPED |
Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: C:\Users\user\AppData\Local\Temp\cfi, type: DROPPED |
Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: unknown |
Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe" |
|
Source: C:\Users\user\Desktop\file.exe |
Process created: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe "C:\Users\user~1\AppData\Local\Temp\SendBugReportNew.exe" |
|
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Process created: C:\Users\user\AppData\Roaming\Javaoraclev4\YIUEROPTJR\V3.exe C:\Users\user\AppData\Roaming\Javaoraclev4\YIUEROPTJR\V3.exe |
|
Source: C:\Users\user\AppData\Roaming\Javaoraclev4\YIUEROPTJR\V3.exe |
Process created: C:\Windows\SysWOW64\OpenWith.exe "C:\Windows\system32\openwith.exe" |
|
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\SysWOW64\OpenWith.exe |
Process created: C:\Windows\System32\OpenWith.exe "C:\Windows\system32\openwith.exe" |
|
Source: unknown |
Process created: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe "C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe" |
|
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
|
Source: C:\Windows\System32\OpenWith.exe |
Process created: C:\Program Files\Windows Media Player\wmplayer.exe "C:\Program Files\Windows Media Player\wmplayer.exe" |
|
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Process created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe" |
|
Source: unknown |
Process created: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe "C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe" |
|
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
|
Source: C:\Users\user\Desktop\file.exe |
Process created: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe "C:\Users\user~1\AppData\Local\Temp\SendBugReportNew.exe" |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Process created: C:\Users\user\AppData\Roaming\Javaoraclev4\YIUEROPTJR\V3.exe C:\Users\user\AppData\Roaming\Javaoraclev4\YIUEROPTJR\V3.exe |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Javaoraclev4\YIUEROPTJR\V3.exe |
Process created: C:\Windows\SysWOW64\OpenWith.exe "C:\Windows\system32\openwith.exe" |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Process created: C:\Windows\System32\OpenWith.exe "C:\Windows\system32\openwith.exe" |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Process created: C:\Program Files\Windows Media Player\wmplayer.exe "C:\Program Files\Windows Media Player\wmplayer.exe" |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe |
Jump to behavior |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Process created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe" |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
|
Source: C:\Users\user\Desktop\file.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: appresolver.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: msimg32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: oleacc.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: oledlg.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: dbghelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: pla.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: pdh.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: tdh.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: cabinet.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: wevtapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: shdocvw.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Javaoraclev4\YIUEROPTJR\V3.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Javaoraclev4\YIUEROPTJR\V3.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Section loaded: umpdc.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: winbrand.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: linkinfo.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: ntshrui.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: cscapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: bitsproxy.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: netapi32.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: wkscli.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: cscapi.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: msimg32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: oleacc.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: oledlg.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: dbghelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: pla.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: pdh.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: tdh.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: cabinet.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: wevtapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: shdocvw.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: winbrand.dll |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: wldp.dll |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: msftedit.dll |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: comsvcs.dll |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: cryptsp.dll |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: rsaenh.dll |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: cryptbase.dll |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: cmlua.dll |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: cmutil.dll |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: version.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: rasapi32.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: rasman.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: rtutils.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: avicap32.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: msvfw32.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\System32\dllhost.exe |
Section loaded: cryptbase.dll |
|
Source: C:\Windows\System32\dllhost.exe |
Section loaded: iphlpapi.dll |
|
Source: C:\Windows\System32\dllhost.exe |
Section loaded: mswsock.dll |
|
Source: C:\Windows\System32\dllhost.exe |
Section loaded: dhcpcsvc.dll |
|
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: msimg32.dll |
|
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: version.dll |
|
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: wsock32.dll |
|
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: version.dll |
|
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: mpr.dll |
|
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: wsock32.dll |
|
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: oleacc.dll |
|
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: oledlg.dll |
|
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: mpr.dll |
|
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: winmm.dll |
|
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: dbghelp.dll |
|
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: pla.dll |
|
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: pdh.dll |
|
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: tdh.dll |
|
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: cabinet.dll |
|
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: wevtapi.dll |
|
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: shdocvw.dll |
|
Source: C:\Users\user\AppData\Local\Temp\SendBugReportNew.exe |
Section loaded: winhttp.dll |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: winbrand.dll |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: wldp.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: mscoree.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: version.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: vcruntime140_clr0400.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: ucrtbase_clr0400.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: cryptsp.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: rsaenh.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: cryptbase.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: sspicli.dll |
|
Source: cfi.14.dr, Messages.cs |
.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{Settings.Host,Settings.Port,Settings.SPL,Settings.KEY,Helper.ID()}}, (string[])null, (Type[])null, (bool[])null, true) |
Source: cfi.14.dr, Messages.cs |
.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{Pack[2],Helper.Decompress(Convert.FromBase64String(Pack[3]))}}, (string[])null, (Type[])null, (bool[])null, true) |
Source: 14.2.cmd.exe.59800c8.8.raw.unpack, Messages.cs |
.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{Settings.Host,Settings.Port,Settings.SPL,Settings.KEY,Helper.ID()}}, (string[])null, (Type[])null, (bool[])null, true) |
Source: 14.2.cmd.exe.59800c8.8.raw.unpack, Messages.cs |
.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{Pack[2],Helper.Decompress(Convert.FromBase64String(Pack[3]))}}, (string[])null, (Type[])null, (bool[])null, true) |
Source: tqco.32.dr, Messages.cs |
.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{Settings.Host,Settings.Port,Settings.SPL,Settings.KEY,Helper.ID()}}, (string[])null, (Type[])null, (bool[])null, true) |
Source: tqco.32.dr, Messages.cs |
.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{Pack[2],Helper.Decompress(Convert.FromBase64String(Pack[3]))}}, (string[])null, (Type[])null, (bool[])null, true) |
Source: 32.2.cmd.exe.31c00c8.0.raw.unpack, Messages.cs |
.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{Settings.Host,Settings.Port,Settings.SPL,Settings.KEY,Helper.ID()}}, (string[])null, (Type[])null, (bool[])null, true) |
Source: 32.2.cmd.exe.31c00c8.0.raw.unpack, Messages.cs |
.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{Pack[2],Helper.Decompress(Convert.FromBase64String(Pack[3]))}}, (string[])null, (Type[])null, (bool[])null, true) |
Source: cfi.14.dr, Messages.cs |
.Net Code: Plugin System.AppDomain.Load(byte[]) |
Source: cfi.14.dr, Messages.cs |
.Net Code: Memory System.AppDomain.Load(byte[]) |
Source: cfi.14.dr, Messages.cs |
.Net Code: Memory |
Source: 14.2.cmd.exe.59800c8.8.raw.unpack, Messages.cs |
.Net Code: Plugin System.AppDomain.Load(byte[]) |
Source: 14.2.cmd.exe.59800c8.8.raw.unpack, Messages.cs |
.Net Code: Memory System.AppDomain.Load(byte[]) |
Source: 14.2.cmd.exe.59800c8.8.raw.unpack, Messages.cs |
.Net Code: Memory |
Source: 17.3.OpenWith.exe.1f6665ad970.1.raw.unpack, Runtime.cs |
.Net Code: CoreMain System.Reflection.Assembly.Load(byte[]) |
Source: 17.3.OpenWith.exe.1f6665ad970.1.raw.unpack, Runtime.cs |
.Net Code: CoreMain |
Source: 17.3.OpenWith.exe.1f6665ad970.4.raw.unpack, Runtime.cs |
.Net Code: CoreMain System.Reflection.Assembly.Load(byte[]) |
Source: 17.3.OpenWith.exe.1f6665ad970.4.raw.unpack, Runtime.cs |
.Net Code: CoreMain |
Source: 17.3.OpenWith.exe.1f6665ad970.0.raw.unpack, Runtime.cs |
.Net Code: CoreMain System.Reflection.Assembly.Load(byte[]) |
Source: 17.3.OpenWith.exe.1f6665ad970.0.raw.unpack, Runtime.cs |
.Net Code: CoreMain |
Source: 17.2.OpenWith.exe.1f6665ad970.2.raw.unpack, Runtime.cs |
.Net Code: CoreMain System.Reflection.Assembly.Load(byte[]) |
Source: 17.2.OpenWith.exe.1f6665ad970.2.raw.unpack, Runtime.cs |
.Net Code: CoreMain |
Source: 17.3.OpenWith.exe.1f6665ad970.5.raw.unpack, Runtime.cs |
.Net Code: CoreMain System.Reflection.Assembly.Load(byte[]) |
Source: 17.3.OpenWith.exe.1f6665ad970.5.raw.unpack, Runtime.cs |
.Net Code: CoreMain |
Source: 17.2.OpenWith.exe.1f665dac830.1.raw.unpack, Runtime.cs |
.Net Code: CoreMain System.Reflection.Assembly.Load(byte[]) |
Source: 17.2.OpenWith.exe.1f665dac830.1.raw.unpack, Runtime.cs |
.Net Code: CoreMain |
Source: 17.3.OpenWith.exe.1f6665ad970.3.raw.unpack, Runtime.cs |
.Net Code: CoreMain System.Reflection.Assembly.Load(byte[]) |
Source: 17.3.OpenWith.exe.1f6665ad970.3.raw.unpack, Runtime.cs |
.Net Code: CoreMain |
Source: 17.3.OpenWith.exe.1f6665ad970.2.raw.unpack, Runtime.cs |
.Net Code: CoreMain System.Reflection.Assembly.Load(byte[]) |
Source: 17.3.OpenWith.exe.1f6665ad970.2.raw.unpack, Runtime.cs |
.Net Code: CoreMain |
Source: tqco.32.dr, Messages.cs |
.Net Code: Plugin System.AppDomain.Load(byte[]) |
Source: tqco.32.dr, Messages.cs |
.Net Code: Memory System.AppDomain.Load(byte[]) |
Source: tqco.32.dr, Messages.cs |
.Net Code: Memory |
Source: 32.2.cmd.exe.31c00c8.0.raw.unpack, Messages.cs |
.Net Code: Plugin System.AppDomain.Load(byte[]) |
Source: 32.2.cmd.exe.31c00c8.0.raw.unpack, Messages.cs |
.Net Code: Memory System.AppDomain.Load(byte[]) |
Source: 32.2.cmd.exe.31c00c8.0.raw.unpack, Messages.cs |
.Net Code: Memory |
Source: C:\Users\user\Desktop\file.exe |
Code function: 7_2_00411C20 push eax; ret |
7_2_00411C4E |
Source: C:\Users\user\AppData\Roaming\Javaoraclev4\YIUEROPTJR\V3.exe |
Code function: 10_3_00C96A80 push edx; ret |
10_3_00C96A81 |
Source: C:\Users\user\AppData\Roaming\Javaoraclev4\YIUEROPTJR\V3.exe |
Code function: 10_3_00C94C95 push es; retf |
10_3_00C94C91 |
Source: C:\Users\user\AppData\Roaming\Javaoraclev4\YIUEROPTJR\V3.exe |
Code function: 10_3_00C95E69 push ebx; iretd |
10_3_00C95E6A |
Source: C:\Users\user\AppData\Roaming\Javaoraclev4\YIUEROPTJR\V3.exe |
Code function: 10_3_00C94C62 push es; retf |
10_3_00C94C91 |
Source: C:\Users\user\AppData\Roaming\Javaoraclev4\YIUEROPTJR\V3.exe |
Code function: 10_3_00C961E2 push eax; retf |
10_3_00C961F1 |
Source: C:\Users\user\AppData\Roaming\Javaoraclev4\YIUEROPTJR\V3.exe |
Code function: 10_3_00C947A2 push ebp; iretd |
10_3_00C947A3 |
Source: C:\Users\user\AppData\Roaming\Javaoraclev4\YIUEROPTJR\V3.exe |
Code function: 10_3_00C92F50 push eax; retf |
10_3_00C92F51 |
Source: C:\Users\user\AppData\Roaming\Javaoraclev4\YIUEROPTJR\V3.exe |
Code function: 10_3_00C94170 push ecx; iretd |
10_3_00C9417C |
Source: C:\Users\user\AppData\Roaming\Javaoraclev4\YIUEROPTJR\V3.exe |
Code function: 10_3_00C96777 push esi; ret |
10_3_00C96782 |
Source: C:\Users\user\AppData\Roaming\Javaoraclev4\YIUEROPTJR\V3.exe |
Code function: 10_3_00C94130 pushad ; ret |
10_3_00C94138 |
Source: C:\Users\user\AppData\Roaming\Javaoraclev4\YIUEROPTJR\V3.exe |
Code function: 10_2_00C3C01A push ds; iretd |
10_2_00C3C036 |
Source: C:\Users\user\AppData\Roaming\Javaoraclev4\YIUEROPTJR\V3.exe |
Code function: 10_2_00C912F4 push ecx; ret |
10_2_00C91307 |
Source: C:\Users\user\AppData\Roaming\Javaoraclev4\YIUEROPTJR\V3.exe |
Code function: 10_2_00C31436 push ds; retf |
10_2_00C3143B |
Source: C:\Users\user\AppData\Roaming\Javaoraclev4\YIUEROPTJR\V3.exe |
Code function: 10_2_00C3E5F8 push ebx; ret |
10_2_00C3E5F9 |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Code function: 13_3_02724262 push eax; retf |
13_3_02724271 |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Code function: 13_3_02722822 push ebp; iretd |
13_3_02722823 |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Code function: 13_3_02722CE2 push es; retf |
13_3_02722D11 |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Code function: 13_3_02723EE9 push ebx; iretd |
13_3_02723EEA |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Code function: 13_3_02722D15 push es; retf |
13_3_02722D11 |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Code function: 13_3_02724B00 push edx; ret |
13_3_02724B01 |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Code function: 13_3_027221F0 push ecx; iretd |
13_3_027221FC |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Code function: 13_3_027247F7 push esi; ret |
13_3_02724802 |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Code function: 13_3_02720FD0 push eax; retf |
13_3_02720FD1 |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Code function: 13_3_027221B0 pushad ; ret |
13_3_027221B8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 25_2_00D451C8 pushad ; ret |
25_2_00D451C9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 25_2_00D45474 pushfd ; ret |
25_2_00D45475 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 25_2_00D439E8 push ebx; retf |
25_2_00D43ADA |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 25_2_00D43A18 push ebx; retf |
25_2_00D43ADA |
Source: C:\Windows\System32\dllhost.exe |
Code function: 27_2_00000213BBF50B44 push ss; ret |
27_2_00000213BBF50B46 |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Javaoraclev4\YIUEROPTJR\V3.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\dllhost.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\dllhost.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\y572q81e.default |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App Settings |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\startupCache |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\6f70cc77-7837-4f44-9c31-7de59e446d67 |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\safebrowsing\google4 |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\settings\main |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfak |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\safebrowsing |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\settings |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\settings\main\ms-language-packs\browser\newtab |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\doomed |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\thumbnails |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\settings\main\ms-language-packs |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2 |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\settings\main\ms-language-packs\browser |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries |
Jump to behavior |