Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49704 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49706 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49707 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49711 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49712 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49710 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49713 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49708 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49709 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49714 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49715 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49720 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49727 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49730 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49726 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49733 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49734 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49728 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49736 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49716 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49738 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49729 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49741 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49740 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49724 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49745 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49742 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49752 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49754 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49751 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49746 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49758 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49765 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49769 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49774 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49761 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49776 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49778 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49756 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49777 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49732 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49771 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49781 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49783 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49757 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49787 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49760 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49735 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49786 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49792 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49770 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49779 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49763 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49775 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49797 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49768 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49731 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49790 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49743 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49791 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49807 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49798 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49764 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49737 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49767 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49810 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49766 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49748 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49747 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49773 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49739 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49796 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49750 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49762 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49788 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49793 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49744 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49782 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49780 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49808 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49812 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49801 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49759 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49749 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49784 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49805 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49802 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49800 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49811 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49789 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49794 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49806 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49803 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49753 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49804 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49799 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49809 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49772 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49795 -> 89.197.154.115:7700 |
Source: Network traffic |
Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49785 -> 89.197.154.115:7700 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 89.197.154.115 |
Source: Xwl3DsNmN2.exe, 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://127.0.0.1:%u/ |
Source: 77EC63BDA74BD0D0E0426DC8F80085060.0.dr |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab |
Source: Xwl3DsNmN2.exe, 00000000.00000003.2108588037.000000000052A000.00000004.00000020.00020000.00000000.sdmp, Xwl3DsNmN2.exe, 00000000.00000003.2097560571.0000000002EB8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?72289480ac637 |
Source: Xwl3DsNmN2.exe, 00000000.00000002.3325770193.0000000000523000.00000004.00000020.00020000.00000000.sdmp, Xwl3DsNmN2.exe, 00000000.00000003.2108588037.000000000052A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabT |
Source: Xwl3DsNmN2.exe, 00000000.00000002.3325770193.0000000000523000.00000004.00000020.00020000.00000000.sdmp, Xwl3DsNmN2.exe, 00000000.00000003.2108588037.000000000052A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enS |
Source: Xwl3DsNmN2.exe |
String found in binary or memory: http://www.apache.org/ |
Source: Xwl3DsNmN2.exe |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0 |
Source: Xwl3DsNmN2.exe |
String found in binary or memory: http://www.zeustech.net/ |
Source: Xwl3DsNmN2.exe, 00000000.00000002.3325770193.00000000004E4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://89.197.154.115/ |
Source: Xwl3DsNmN2.exe, 00000000.00000002.3325770193.0000000000523000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://89.197.154.115:7700/ |
Source: Xwl3DsNmN2.exe, 00000000.00000002.3325770193.0000000000505000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://89.197.154.115:7700/6CqFEOIEZ-_A_cH8pgiUAgokwto4FovQaLCp7IwjfjFOHLmm4PXOb0KwnKkTc0c4DgsIXI1B |
Source: Xwl3DsNmN2.exe, 00000000.00000002.3325770193.0000000000523000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://89.197.154.115:7700/My |
Source: Xwl3DsNmN2.exe, 00000000.00000002.3325770193.0000000000523000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://89.197.154.115:7700/hy |
Source: Xwl3DsNmN2.exe, 00000000.00000002.3325770193.0000000000523000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://89.197.154.115:7700/oft |
Source: Xwl3DsNmN2.exe, 00000000.00000002.3326550483.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://89.197.154.115:7700/ptj |
Source: Xwl3DsNmN2.exe, 00000000.00000002.3326550483.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://89.197.154.115:7700/ptj- |
Source: Xwl3DsNmN2.exe, 00000000.00000002.3326550483.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://89.197.154.115:7700/ptj0 |
Source: Xwl3DsNmN2.exe, 00000000.00000003.2258428012.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, Xwl3DsNmN2.exe, 00000000.00000002.3326550483.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://89.197.154.115:7700/ptj476756634-1003 |
Source: Xwl3DsNmN2.exe, 00000000.00000002.3326550483.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://89.197.154.115:7700/ptj7 |
Source: Xwl3DsNmN2.exe, 00000000.00000002.3325770193.0000000000523000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://89.197.154.115:7700/ptj9 |
Source: Xwl3DsNmN2.exe, 00000000.00000003.2258428012.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, Xwl3DsNmN2.exe, 00000000.00000002.3326550483.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://89.197.154.115:7700/ptjJ |
Source: Xwl3DsNmN2.exe, 00000000.00000002.3326550483.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://89.197.154.115:7700/ptjP |
Source: Xwl3DsNmN2.exe, 00000000.00000003.2258428012.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp, Xwl3DsNmN2.exe, 00000000.00000002.3326550483.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://89.197.154.115:7700/ptjW |
Source: Xwl3DsNmN2.exe, 00000000.00000002.3325770193.0000000000523000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://89.197.154.115:7700/ptjft |
Source: Xwl3DsNmN2.exe, 00000000.00000002.3325770193.0000000000523000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://89.197.154.115:7700/ptjh |
Source: Xwl3DsNmN2.exe, 00000000.00000002.3325770193.0000000000523000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://89.197.154.115:7700/ptjm32 |
Source: Xwl3DsNmN2.exe, 00000000.00000002.3326550483.0000000002EA8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://89.197.154.115:7700/ptjnnlsres.dll.muil |
Source: Xwl3DsNmN2.exe, 00000000.00000002.3325770193.0000000000523000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://89.197.154.115:7700/ptjq |
Source: Xwl3DsNmN2.exe, 00000000.00000002.3325770193.0000000000523000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://89.197.154.115:7700/ptjs |
Source: Xwl3DsNmN2.exe, 00000000.00000002.3325770193.0000000000523000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://89.197.154.115:7700/tjc |
Source: Xwl3DsNmN2.exe, type: SAMPLE |
Matched rule: Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon). Author: unknown |
Source: 0.0.Xwl3DsNmN2.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon). Author: unknown |
Source: 0.2.Xwl3DsNmN2.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon). Author: unknown |
Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown |
Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Rule for beacon reflective loader Author: unknown |
Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Meterpreter Beacon - file K5om.dll Author: Florian Roth |
Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net |
Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Cobalt Strike sample from Leviathan report Author: Florian Roth |
Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Cobalt Strike loader Author: @VK_Intel |
Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth |
Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: CobaltStrike payload Author: ditekSHen |
Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPE |
Matched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown |
Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPE |
Matched rule: Rule for beacon reflective loader Author: unknown |
Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPE |
Matched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown |
Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPE |
Matched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown |
Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPE |
Matched rule: Detects Meterpreter Beacon - file K5om.dll Author: Florian Roth |
Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPE |
Matched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net |
Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPE |
Matched rule: Detects Cobalt Strike sample from Leviathan report Author: Florian Roth |
Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPE |
Matched rule: Detects Cobalt Strike loader Author: @VK_Intel |
Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPE |
Matched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth |
Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPE |
Matched rule: CobaltStrike payload Author: ditekSHen |
Source: 00000000.00000002.3325548923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY |
Matched rule: Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon). Author: unknown |
Source: 00000000.00000000.2076699186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY |
Matched rule: Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon). Author: unknown |
Source: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown |
Source: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown |
Source: 00000000.00000002.3326164826.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon). Author: unknown |
Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown |
Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Rule for beacon reflective loader Author: unknown |
Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Meterpreter Beacon - file K5om.dll Author: Florian Roth |
Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net |
Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Cobalt Strike sample from Leviathan report Author: Florian Roth |
Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Cobalt Strike loader Author: @VK_Intel |
Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth |
Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: CobaltStrike payload Author: ditekSHen |
Source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown |
Source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Rule for beacon reflective loader Author: unknown |
Source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown |
Source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown |
Source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net |
Source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth |
Source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Trojan_Raw_Generic_4 Author: unknown |
Source: Process Memory Space: Xwl3DsNmN2.exe PID: 4984, type: MEMORYSTR |
Matched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown |
Source: Process Memory Space: Xwl3DsNmN2.exe PID: 4984, type: MEMORYSTR |
Matched rule: Detects unmodified CobaltStrike beacon DLL Author: yara@s3c.za.net |
Source: Process Memory Space: Xwl3DsNmN2.exe PID: 4984, type: MEMORYSTR |
Matched rule: Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip Author: Florian Roth |
Source: Xwl3DsNmN2.exe, type: SAMPLE |
Matched rule: Windows_Trojan_Metasploit_24338919 os = windows, severity = x86, description = Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon)., creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = ac76190a84c4bdbb6927c5ad84a40e2145ca9e76369a25ac2ffd727eefef4804, id = 24338919-8efe-4cf2-a23a-a3f22095b42d, last_modified = 2021-08-23 |
Source: 0.0.Xwl3DsNmN2.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Metasploit_24338919 os = windows, severity = x86, description = Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon)., creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = ac76190a84c4bdbb6927c5ad84a40e2145ca9e76369a25ac2ffd727eefef4804, id = 24338919-8efe-4cf2-a23a-a3f22095b42d, last_modified = 2021-08-23 |
Source: 0.2.Xwl3DsNmN2.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Metasploit_24338919 os = windows, severity = x86, description = Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon)., creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = ac76190a84c4bdbb6927c5ad84a40e2145ca9e76369a25ac2ffd727eefef4804, id = 24338919-8efe-4cf2-a23a-a3f22095b42d, last_modified = 2021-08-23 |
Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23 |
Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13 |
Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Beacon_K5om date = 2017-06-07, hash1 = e3494fd2cc7e9e02cff76841630892e4baed34a3e1ef2b9ae4e2608f9a4d7be9, author = Florian Roth, description = Detects Meterpreter Beacon - file K5om.dll, reference = https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL |
Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Leviathan_CobaltStrike_Sample_1 date = 2017-10-18, hash1 = 5860ddc428ffa900258207e9c385f843a3472f2fbf252d2f6357d458646cf362, author = Florian Roth, description = Detects Cobalt Strike sample from Leviathan report, reference = https://goo.gl/MZ7dRg, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: crime_win32_csbeacon_1 date = 2020-03-16, author = @VK_Intel, description = Detects Cobalt Strike loader, reference = https://twitter.com/VK_Intel/status/1239632822358474753 |
Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_CobaltStrike author = ditekSHen, description = CobaltStrike payload |
Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23 |
Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13 |
Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23 |
Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23 |
Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPE |
Matched rule: Beacon_K5om date = 2017-06-07, hash1 = e3494fd2cc7e9e02cff76841630892e4baed34a3e1ef2b9ae4e2608f9a4d7be9, author = Florian Roth, description = Detects Meterpreter Beacon - file K5om.dll, reference = https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPE |
Matched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL |
Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPE |
Matched rule: Leviathan_CobaltStrike_Sample_1 date = 2017-10-18, hash1 = 5860ddc428ffa900258207e9c385f843a3472f2fbf252d2f6357d458646cf362, author = Florian Roth, description = Detects Cobalt Strike sample from Leviathan report, reference = https://goo.gl/MZ7dRg, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPE |
Matched rule: crime_win32_csbeacon_1 date = 2020-03-16, author = @VK_Intel, description = Detects Cobalt Strike loader, reference = https://twitter.com/VK_Intel/status/1239632822358474753 |
Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPE |
Matched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0.2.Xwl3DsNmN2.exe.2f70000.1.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_CobaltStrike author = ditekSHen, description = CobaltStrike payload |
Source: 00000000.00000002.3325548923.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Metasploit_24338919 os = windows, severity = x86, description = Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon)., creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = ac76190a84c4bdbb6927c5ad84a40e2145ca9e76369a25ac2ffd727eefef4804, id = 24338919-8efe-4cf2-a23a-a3f22095b42d, last_modified = 2021-08-23 |
Source: 00000000.00000000.2076699186.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Metasploit_24338919 os = windows, severity = x86, description = Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon)., creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = ac76190a84c4bdbb6927c5ad84a40e2145ca9e76369a25ac2ffd727eefef4804, id = 24338919-8efe-4cf2-a23a-a3f22095b42d, last_modified = 2021-08-23 |
Source: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23 |
Source: 00000000.00000002.3326762963.0000000002FA8000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23 |
Source: 00000000.00000002.3326164826.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Metasploit_24338919 os = windows, severity = x86, description = Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon)., creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = ac76190a84c4bdbb6927c5ad84a40e2145ca9e76369a25ac2ffd727eefef4804, id = 24338919-8efe-4cf2-a23a-a3f22095b42d, last_modified = 2021-08-23 |
Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23 |
Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13 |
Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Beacon_K5om date = 2017-06-07, hash1 = e3494fd2cc7e9e02cff76841630892e4baed34a3e1ef2b9ae4e2608f9a4d7be9, author = Florian Roth, description = Detects Meterpreter Beacon - file K5om.dll, reference = https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL |
Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Leviathan_CobaltStrike_Sample_1 date = 2017-10-18, hash1 = 5860ddc428ffa900258207e9c385f843a3472f2fbf252d2f6357d458646cf362, author = Florian Roth, description = Detects Cobalt Strike sample from Leviathan report, reference = https://goo.gl/MZ7dRg, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: crime_win32_csbeacon_1 date = 2020-03-16, author = @VK_Intel, description = Detects Cobalt Strike loader, reference = https://twitter.com/VK_Intel/status/1239632822358474753 |
Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 00000000.00000002.3326762963.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_CobaltStrike author = ditekSHen, description = CobaltStrike payload |
Source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23 |
Source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13 |
Source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23 |
Source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23 |
Source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL |
Source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000000.00000002.3326986916.00000000032D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Trojan_Raw_Generic_4 date_created = 2020-12-02, rev = FireEye, date_modified = 2020-12-02, md5 = f41074be5b423afb02a74bc74222e35d |
Source: Process Memory Space: Xwl3DsNmN2.exe PID: 4984, type: MEMORYSTR |
Matched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23 |
Source: Process Memory Space: Xwl3DsNmN2.exe PID: 4984, type: MEMORYSTR |
Matched rule: CobaltStrike_Unmodifed_Beacon date = 2019-08-16, author = yara@s3c.za.net, description = Detects unmodified CobaltStrike beacon DLL |
Source: Process Memory Space: Xwl3DsNmN2.exe PID: 4984, type: MEMORYSTR |
Matched rule: WiltedTulip_ReflectiveLoader date = 2017-07-23, hash5 = eee430003e7d59a431d1a60d45e823d4afb0d69262cc5e0c79f345aa37333a89, hash4 = cf7c754ceece984e6fa0d799677f50d93133db609772c7a2226e7746e6d046f0, hash3 = a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f, hash2 = 1f52d643e8e633026db73db55eb1848580de00a203ee46263418f02c6bdb8c7a, hash1 = 1097bf8f5b832b54c81c1708327a54a88ca09f7bdab4571f1a335cc26bbd7904, author = Florian Roth, description = Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip, reference = http://www.clearskysec.com/tulip, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: C:\Users\user\Desktop\Xwl3DsNmN2.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Xwl3DsNmN2.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Xwl3DsNmN2.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Xwl3DsNmN2.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Xwl3DsNmN2.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Xwl3DsNmN2.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Xwl3DsNmN2.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Xwl3DsNmN2.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Xwl3DsNmN2.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Xwl3DsNmN2.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Xwl3DsNmN2.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Xwl3DsNmN2.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Xwl3DsNmN2.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Xwl3DsNmN2.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Xwl3DsNmN2.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Xwl3DsNmN2.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Xwl3DsNmN2.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Xwl3DsNmN2.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Xwl3DsNmN2.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Xwl3DsNmN2.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Xwl3DsNmN2.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Xwl3DsNmN2.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Xwl3DsNmN2.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Xwl3DsNmN2.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Xwl3DsNmN2.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Xwl3DsNmN2.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Xwl3DsNmN2.exe |
Section loaded: cryptnet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Xwl3DsNmN2.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Xwl3DsNmN2.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Xwl3DsNmN2.exe |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Xwl3DsNmN2.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Xwl3DsNmN2.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Xwl3DsNmN2.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Xwl3DsNmN2.exe |
Section loaded: cabinet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Xwl3DsNmN2.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Xwl3DsNmN2.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |