Source: 18.2.WindowsServices.exe.25c0000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 18.2.WindowsServices.exe.25c0000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 18.2.WindowsServices.exe.25c0000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 18.2.WindowsServices.exe.25c0000.2.raw.unpack, type: UNPACKEDPE | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 18.2.WindowsServices.exe.25c0000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 4.2.iR2UtZj5vP.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 4.2.iR2UtZj5vP.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 4.2.iR2UtZj5vP.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 4.2.iR2UtZj5vP.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 4.2.iR2UtZj5vP.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 18.2.WindowsServices.exe.25c0000.2.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 18.2.WindowsServices.exe.25c0000.2.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 18.2.WindowsServices.exe.25c0000.2.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 18.2.WindowsServices.exe.25c0000.2.unpack, type: UNPACKEDPE | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 18.2.WindowsServices.exe.25c0000.2.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 1.2.iR2UtZj5vP.exe.2160000.3.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 1.2.iR2UtZj5vP.exe.2160000.3.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 1.2.iR2UtZj5vP.exe.2160000.3.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 1.2.iR2UtZj5vP.exe.2160000.3.unpack, type: UNPACKEDPE | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 1.2.iR2UtZj5vP.exe.2160000.3.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 8.1.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 8.1.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 8.1.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 8.1.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 8.1.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 17.1.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 17.1.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 17.1.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 17.1.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 17.1.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 17.2.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 17.2.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 17.2.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 17.2.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 17.2.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 22.2.WindowsServices.exe.2150000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 22.2.WindowsServices.exe.2150000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 22.2.WindowsServices.exe.2150000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 22.2.WindowsServices.exe.2150000.2.raw.unpack, type: UNPACKEDPE | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 22.2.WindowsServices.exe.2150000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 18.2.WindowsServices.exe.2590000.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 18.2.WindowsServices.exe.2590000.1.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 18.2.WindowsServices.exe.2590000.1.unpack, type: UNPACKEDPE | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 18.2.WindowsServices.exe.2590000.1.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 25.2.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 25.2.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 25.2.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 25.2.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 25.2.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 5.2.WindowsServices.exe.4f0000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 5.2.WindowsServices.exe.4f0000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 5.2.WindowsServices.exe.4f0000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 5.2.WindowsServices.exe.4f0000.1.raw.unpack, type: UNPACKEDPE | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 5.2.WindowsServices.exe.4f0000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 21.2.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 21.2.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 21.2.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 21.2.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 21.2.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 4.1.iR2UtZj5vP.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 4.1.iR2UtZj5vP.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 4.1.iR2UtZj5vP.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 4.1.iR2UtZj5vP.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 4.1.iR2UtZj5vP.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 25.1.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 25.1.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 25.1.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 25.1.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 25.1.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 1.2.iR2UtZj5vP.exe.2160000.3.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 1.2.iR2UtZj5vP.exe.2160000.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 1.2.iR2UtZj5vP.exe.2160000.3.raw.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 1.2.iR2UtZj5vP.exe.2160000.3.raw.unpack, type: UNPACKEDPE | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 1.2.iR2UtZj5vP.exe.2160000.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 22.2.WindowsServices.exe.2150000.2.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 22.2.WindowsServices.exe.2150000.2.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 22.2.WindowsServices.exe.2150000.2.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 22.2.WindowsServices.exe.2150000.2.unpack, type: UNPACKEDPE | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 22.2.WindowsServices.exe.2150000.2.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 21.1.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 21.1.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 21.1.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 21.1.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 21.1.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 5.2.WindowsServices.exe.4f0000.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 5.2.WindowsServices.exe.4f0000.1.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 5.2.WindowsServices.exe.4f0000.1.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 5.2.WindowsServices.exe.4f0000.1.unpack, type: UNPACKEDPE | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 5.2.WindowsServices.exe.4f0000.1.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 14.2.WindowsServices.exe.2030000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 14.2.WindowsServices.exe.2030000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 14.2.WindowsServices.exe.2030000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 14.2.WindowsServices.exe.2030000.2.raw.unpack, type: UNPACKEDPE | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 14.2.WindowsServices.exe.2030000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 14.2.WindowsServices.exe.2030000.2.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 14.2.WindowsServices.exe.2030000.2.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 14.2.WindowsServices.exe.2030000.2.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 14.2.WindowsServices.exe.2030000.2.unpack, type: UNPACKEDPE | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 14.2.WindowsServices.exe.2030000.2.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 1.2.iR2UtZj5vP.exe.2130000.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 1.2.iR2UtZj5vP.exe.2130000.1.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 1.2.iR2UtZj5vP.exe.2130000.1.unpack, type: UNPACKEDPE | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 1.2.iR2UtZj5vP.exe.2130000.1.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 00000004.00000002.1423595922.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 00000004.00000002.1423595922.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000004.00000002.1423595922.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 00000019.00000001.1855089629.000000000040E000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 00000019.00000001.1855089629.000000000040E000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000019.00000001.1855089629.000000000040E000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 00000004.00000001.1338787516.0000000000402000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 00000004.00000001.1338787516.0000000000402000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000004.00000001.1338787516.0000000000402000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 00000012.00000002.1747188257.00000000025C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 00000012.00000002.1747188257.00000000025C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 00000012.00000002.1747188257.00000000025C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000012.00000002.1747188257.00000000025C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 00000012.00000002.1747188257.00000000025C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 00000019.00000002.1917172495.000000000040E000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 00000019.00000002.1917172495.000000000040E000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000019.00000002.1917172495.000000000040E000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 00000011.00000002.1749146703.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 00000011.00000002.1749146703.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000011.00000002.1749146703.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 00000015.00000001.1739321784.0000000000402000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 00000015.00000001.1739321784.0000000000402000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000015.00000001.1739321784.0000000000402000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 00000001.00000002.1341895171.0000000002160000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 00000001.00000002.1341895171.0000000002160000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 00000001.00000002.1341895171.0000000002160000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000001.00000002.1341895171.0000000002160000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 00000001.00000002.1341895171.0000000002160000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 00000005.00000002.1429390738.00000000004F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 00000005.00000002.1429390738.00000000004F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 00000005.00000002.1429390738.00000000004F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000005.00000002.1429390738.00000000004F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 00000005.00000002.1429390738.00000000004F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 00000015.00000002.1809054876.000000000040E000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 00000015.00000002.1809054876.000000000040E000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000015.00000002.1809054876.000000000040E000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 00000019.00000001.1855089629.0000000000402000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 00000019.00000001.1855089629.0000000000402000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000019.00000001.1855089629.0000000000402000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 00000019.00000002.1917172495.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 00000019.00000002.1917172495.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000019.00000002.1917172495.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 00000004.00000001.1338787516.000000000040E000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 00000004.00000001.1338787516.000000000040E000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000004.00000001.1338787516.000000000040E000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 00000004.00000002.1423595922.000000000040E000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 00000004.00000002.1423595922.000000000040E000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000004.00000002.1423595922.000000000040E000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 00000008.00000001.1426610906.000000000040E000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 00000008.00000001.1426610906.000000000040E000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000008.00000001.1426610906.000000000040E000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 00000016.00000002.1875231931.0000000002150000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 00000016.00000002.1875231931.0000000002150000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 00000016.00000002.1875231931.0000000002150000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000016.00000002.1875231931.0000000002150000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 00000016.00000002.1875231931.0000000002150000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 00000011.00000002.1749146703.000000000040E000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 00000011.00000002.1749146703.000000000040E000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000011.00000002.1749146703.000000000040E000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 00000008.00000001.1426610906.0000000000402000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 00000008.00000001.1426610906.0000000000402000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000008.00000001.1426610906.0000000000402000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 00000011.00000001.1677403153.000000000040E000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 00000011.00000001.1677403153.000000000040E000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000011.00000001.1677403153.000000000040E000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 00000015.00000001.1739321784.000000000040E000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 00000015.00000001.1739321784.000000000040E000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000015.00000001.1739321784.000000000040E000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 00000011.00000001.1677403153.0000000000402000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 00000011.00000001.1677403153.0000000000402000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000011.00000001.1677403153.0000000000402000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 00000015.00000002.1809054876.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 00000015.00000002.1809054876.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000015.00000002.1809054876.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 0000000E.00000002.1684106540.0000000002030000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 0000000E.00000002.1684106540.0000000002030000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 0000000E.00000002.1684106540.0000000002030000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 0000000E.00000002.1684106540.0000000002030000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 0000000E.00000002.1684106540.0000000002030000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Code function: 1_2_00405A10 LoadLibraryA,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetModuleFileNameW,wcscpy,wcscpy,wcscat,wcscat,wcscpy,wcscat,wcscat,CreateProcessW,Wow64GetThreadContext,NtReadVirtualMemory,NtUnmapViewOfSection,NtUnmapViewOfSection,NtUnmapViewOfSection,NtUnmapViewOfSection,VirtualAllocEx,VirtualAllocEx,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,Wow64SetThreadContext,WriteProcessMemory,ResumeThread,Wow64SuspendThread,WriteProcessMemory,wcscpy,wcscat,MoveFileExW,CopyFileW,ResumeThread,Sleep,CreateToolhelp32Snapshot,Module32First,strstr,Wow64SuspendThread,Wow64SuspendThread,FindCloseChangeNotification,DeleteFileW,ResumeThread,Sleep,DeleteFileW,Wow64SuspendThread,Sleep,MoveFileExW,ResumeThread,wcscat,wcsstr,CreateFileW,TerminateProcess,strstr,CreateFileW,CreateFileW,CreateFileW,CreateFileW,FindCloseChangeNotification,CreateToolhelp32Snapshot,Process32First,Process32Next,strstr,strstr,FindCloseChangeNotification,CreateFileA,CreateFileA,CreateFileW,wcslen,CreateFileW,wcscat,CreateFileW,VirtualAlloc,ReadFile,FindCloseChangeNotification,VirtualAlloc,CreateProcessA,Sleep,TerminateProcess, | 1_2_00405A10 |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Code function: 4_2_00B8AA46 NtQuerySystemInformation, | 4_2_00B8AA46 |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Code function: 4_2_00B8AA15 NtQuerySystemInformation, | 4_2_00B8AA15 |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Code function: 5_2_00405A10 LoadLibraryA,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetModuleFileNameW,wcscpy,wcscpy,wcscat,wcscat,wcscpy,wcscat,wcscat,CreateProcessW,Wow64GetThreadContext,NtReadVirtualMemory,NtUnmapViewOfSection,NtUnmapViewOfSection,NtUnmapViewOfSection,NtUnmapViewOfSection,VirtualAllocEx,VirtualAllocEx,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,Wow64SetThreadContext,WriteProcessMemory,ResumeThread,Wow64SuspendThread,WriteProcessMemory,wcscpy,wcscat,MoveFileExW,CopyFileW,ResumeThread,Sleep,CreateToolhelp32Snapshot,Module32First,strstr,Wow64SuspendThread,Wow64SuspendThread,FindCloseChangeNotification,DeleteFileW,ResumeThread,Sleep,DeleteFileW,Wow64SuspendThread,Sleep,MoveFileExW,ResumeThread,wcscat,wcsstr,CreateFileW,TerminateProcess,strstr,CreateFileW,CreateFileW,CreateFileW,CreateFileW,FindCloseChangeNotification,CreateToolhelp32Snapshot,Process32First,Process32Next,strstr,strstr,FindCloseChangeNotification,CreateFileA,CreateFileA,CreateFileW,wcslen,CreateFileW,wcscat,CreateFileW,VirtualAlloc,ReadFile,FindCloseChangeNotification,VirtualAlloc,CreateProcessA,Sleep,TerminateProcess, | 5_2_00405A10 |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Code function: 14_2_00405A10 LoadLibraryA,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetModuleFileNameW,wcscpy,wcscpy,wcscat,wcscat,wcscpy,wcscat,wcscat,CreateProcessW,Wow64GetThreadContext,NtReadVirtualMemory,NtUnmapViewOfSection,NtUnmapViewOfSection,NtUnmapViewOfSection,NtUnmapViewOfSection,VirtualAllocEx,VirtualAllocEx,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,Wow64SetThreadContext,WriteProcessMemory,ResumeThread,Wow64SuspendThread,WriteProcessMemory,wcscpy,wcscat,MoveFileExW,CopyFileW,ResumeThread,Sleep,CreateToolhelp32Snapshot,Module32First,strstr,Wow64SuspendThread,Wow64SuspendThread,FindCloseChangeNotification,DeleteFileW,ResumeThread,Sleep,DeleteFileW,Wow64SuspendThread,Sleep,MoveFileExW,ResumeThread,wcscat,wcsstr,CreateFileW,TerminateProcess,strstr,CreateFileW,CreateFileW,CreateFileW,CreateFileW,FindCloseChangeNotification,CreateToolhelp32Snapshot,Process32First,Process32Next,strstr,strstr,FindCloseChangeNotification,CreateFileA,CreateFileA,CreateFileW,wcslen,CreateFileW,wcscat,CreateFileW,VirtualAlloc,ReadFile,FindCloseChangeNotification,VirtualAlloc,CreateProcessA,Sleep,TerminateProcess, | 14_2_00405A10 |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Code function: 17_2_00B3AA46 NtQuerySystemInformation, | 17_2_00B3AA46 |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Code function: 17_2_00B3AA15 NtQuerySystemInformation, | 17_2_00B3AA15 |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Code function: 18_2_00405A10 LoadLibraryA,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetModuleFileNameW,wcscpy,wcscpy,wcscat,wcscat,wcscpy,wcscat,wcscat,CreateProcessW,Wow64GetThreadContext,NtReadVirtualMemory,NtUnmapViewOfSection,NtUnmapViewOfSection,NtUnmapViewOfSection,NtUnmapViewOfSection,VirtualAllocEx,VirtualAllocEx,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,Wow64SetThreadContext,WriteProcessMemory,ResumeThread,Wow64SuspendThread,WriteProcessMemory,wcscpy,wcscat,MoveFileExW,CopyFileW,ResumeThread,Sleep,CreateToolhelp32Snapshot,Module32First,strstr,Wow64SuspendThread,Wow64SuspendThread,FindCloseChangeNotification,DeleteFileW,ResumeThread,Sleep,DeleteFileW,Wow64SuspendThread,Sleep,MoveFileExW,ResumeThread,wcscat,wcsstr,CreateFileW,TerminateProcess,strstr,CreateFileW,CreateFileW,CreateFileW,CreateFileW,FindCloseChangeNotification,CreateToolhelp32Snapshot,Process32First,Process32Next,strstr,strstr,FindCloseChangeNotification,CreateFileA,CreateFileA,CreateFileW,wcslen,CreateFileW,wcscat,CreateFileW,VirtualAlloc,ReadFile,FindCloseChangeNotification,VirtualAlloc,CreateProcessA,Sleep,TerminateProcess, | 18_2_00405A10 |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Code function: 21_2_00D7AA46 NtQuerySystemInformation, | 21_2_00D7AA46 |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Code function: 21_2_00D7AA15 NtQuerySystemInformation, | 21_2_00D7AA15 |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Code function: 22_2_00405A10 LoadLibraryA,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetModuleFileNameW,wcscpy,wcscpy,wcscat,wcscat,wcscpy,wcscat,wcscat,CreateProcessW,Wow64GetThreadContext,NtReadVirtualMemory,NtUnmapViewOfSection,NtUnmapViewOfSection,NtUnmapViewOfSection,NtUnmapViewOfSection,VirtualAllocEx,VirtualAllocEx,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,Wow64SetThreadContext,WriteProcessMemory,ResumeThread,Wow64SuspendThread,WriteProcessMemory,wcscpy,wcscat,MoveFileExW,CopyFileW,ResumeThread,Sleep,CreateToolhelp32Snapshot,Module32First,strstr,Wow64SuspendThread,Wow64SuspendThread,FindCloseChangeNotification,DeleteFileW,ResumeThread,Sleep,DeleteFileW,Wow64SuspendThread,Sleep,MoveFileExW,ResumeThread,wcscat,wcsstr,CreateFileW,TerminateProcess,strstr,CreateFileW,CreateFileW,CreateFileW,CreateFileW,FindCloseChangeNotification,CreateToolhelp32Snapshot,Process32First,Process32Next,strstr,strstr,FindCloseChangeNotification,CreateFileA,CreateFileA,CreateFileW,wcslen,CreateFileW,wcscat,CreateFileW,VirtualAlloc,ReadFile,FindCloseChangeNotification,VirtualAlloc,CreateProcessA,Sleep,TerminateProcess, | 22_2_00405A10 |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Code function: 25_2_00E8AA46 NtQuerySystemInformation, | 25_2_00E8AA46 |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Code function: 25_2_00E8AA15 NtQuerySystemInformation, | 25_2_00E8AA15 |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Section loaded: mfc42.dll | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Section loaded: edputil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Section loaded: appresolver.dll | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Section loaded: bcp47langs.dll | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: mfc42.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: shfolder.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: wbemcomn.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: avicap32.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: msvfw32.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: sxs.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: ifmon.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mprapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rasmontr.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rasapi32.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rasman.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mfc42u.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rasman.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: authfwcfg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: fwpolicyiomgr.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: firewallapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: fwbase.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: dhcpcmonitor.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: dot3cfg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: dot3api.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: onex.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: eappcfg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: ncrypt.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: eappprxy.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: fwcfg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: hnetmon.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: netshell.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: nlaapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: netsetupapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: netiohlp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: nshhttp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: httpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: nshipsec.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: activeds.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: polstore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: winipsec.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: adsldpc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: adsldpc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: nshwfp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: cabinet.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: p2pnetsh.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: p2p.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rpcnsh.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: whhelper.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wlancfg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wlanapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wshelper.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wevtapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: peerdistsh.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wcmapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rmclient.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mobilenetworking.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: ktmw32.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mprmsg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: mfc42.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: mfc42.dll | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: uxtheme.dll | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: windows.storage.dll | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: wldp.dll | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: ntmarta.dll | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: mscoree.dll | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: version.dll | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: windows.storage.dll | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: wldp.dll | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: profapi.dll | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: uxtheme.dll | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: cryptsp.dll | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: rsaenh.dll | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: cryptbase.dll | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: mfc42.dll | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: uxtheme.dll | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: windows.storage.dll | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: wldp.dll | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: ntmarta.dll | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: mscoree.dll | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: version.dll | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: windows.storage.dll | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: wldp.dll | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: profapi.dll | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: uxtheme.dll | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: cryptsp.dll | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: rsaenh.dll | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Section loaded: cryptbase.dll | |
Source: 18.2.WindowsServices.exe.25c0000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 18.2.WindowsServices.exe.25c0000.2.raw.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 18.2.WindowsServices.exe.25c0000.2.raw.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 18.2.WindowsServices.exe.25c0000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 18.2.WindowsServices.exe.25c0000.2.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 4.2.iR2UtZj5vP.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 4.2.iR2UtZj5vP.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 4.2.iR2UtZj5vP.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 4.2.iR2UtZj5vP.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 4.2.iR2UtZj5vP.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 18.2.WindowsServices.exe.25c0000.2.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 18.2.WindowsServices.exe.25c0000.2.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 18.2.WindowsServices.exe.25c0000.2.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 18.2.WindowsServices.exe.25c0000.2.unpack, type: UNPACKEDPE | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 18.2.WindowsServices.exe.25c0000.2.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 1.2.iR2UtZj5vP.exe.2160000.3.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 1.2.iR2UtZj5vP.exe.2160000.3.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 1.2.iR2UtZj5vP.exe.2160000.3.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 1.2.iR2UtZj5vP.exe.2160000.3.unpack, type: UNPACKEDPE | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 1.2.iR2UtZj5vP.exe.2160000.3.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 8.1.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 8.1.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 8.1.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 8.1.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 8.1.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 17.1.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 17.1.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 17.1.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 17.1.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 17.1.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 17.2.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 17.2.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 17.2.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 17.2.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 17.2.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 22.2.WindowsServices.exe.2150000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 22.2.WindowsServices.exe.2150000.2.raw.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 22.2.WindowsServices.exe.2150000.2.raw.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 22.2.WindowsServices.exe.2150000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 22.2.WindowsServices.exe.2150000.2.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 18.2.WindowsServices.exe.2590000.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 18.2.WindowsServices.exe.2590000.1.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 18.2.WindowsServices.exe.2590000.1.unpack, type: UNPACKEDPE | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 18.2.WindowsServices.exe.2590000.1.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 25.2.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 25.2.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 25.2.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 25.2.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 25.2.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 5.2.WindowsServices.exe.4f0000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 5.2.WindowsServices.exe.4f0000.1.raw.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 5.2.WindowsServices.exe.4f0000.1.raw.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 5.2.WindowsServices.exe.4f0000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 5.2.WindowsServices.exe.4f0000.1.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 21.2.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 21.2.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 21.2.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 21.2.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 21.2.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 4.1.iR2UtZj5vP.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 4.1.iR2UtZj5vP.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 4.1.iR2UtZj5vP.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 4.1.iR2UtZj5vP.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 4.1.iR2UtZj5vP.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 25.1.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 25.1.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 25.1.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 25.1.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 25.1.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 1.2.iR2UtZj5vP.exe.2160000.3.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 1.2.iR2UtZj5vP.exe.2160000.3.raw.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 1.2.iR2UtZj5vP.exe.2160000.3.raw.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 1.2.iR2UtZj5vP.exe.2160000.3.raw.unpack, type: UNPACKEDPE | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 1.2.iR2UtZj5vP.exe.2160000.3.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 22.2.WindowsServices.exe.2150000.2.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 22.2.WindowsServices.exe.2150000.2.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 22.2.WindowsServices.exe.2150000.2.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 22.2.WindowsServices.exe.2150000.2.unpack, type: UNPACKEDPE | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 22.2.WindowsServices.exe.2150000.2.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 21.1.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 21.1.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 21.1.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 21.1.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 21.1.WindowsServices.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 5.2.WindowsServices.exe.4f0000.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 5.2.WindowsServices.exe.4f0000.1.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 5.2.WindowsServices.exe.4f0000.1.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 5.2.WindowsServices.exe.4f0000.1.unpack, type: UNPACKEDPE | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 5.2.WindowsServices.exe.4f0000.1.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 14.2.WindowsServices.exe.2030000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 14.2.WindowsServices.exe.2030000.2.raw.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 14.2.WindowsServices.exe.2030000.2.raw.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 14.2.WindowsServices.exe.2030000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 14.2.WindowsServices.exe.2030000.2.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 14.2.WindowsServices.exe.2030000.2.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 14.2.WindowsServices.exe.2030000.2.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 14.2.WindowsServices.exe.2030000.2.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 14.2.WindowsServices.exe.2030000.2.unpack, type: UNPACKEDPE | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 14.2.WindowsServices.exe.2030000.2.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 1.2.iR2UtZj5vP.exe.2130000.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 1.2.iR2UtZj5vP.exe.2130000.1.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 1.2.iR2UtZj5vP.exe.2130000.1.unpack, type: UNPACKEDPE | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 1.2.iR2UtZj5vP.exe.2130000.1.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 00000004.00000002.1423595922.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 00000004.00000002.1423595922.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000004.00000002.1423595922.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 00000019.00000001.1855089629.000000000040E000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 00000019.00000001.1855089629.000000000040E000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000019.00000001.1855089629.000000000040E000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 00000004.00000001.1338787516.0000000000402000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 00000004.00000001.1338787516.0000000000402000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000004.00000001.1338787516.0000000000402000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 00000012.00000002.1747188257.00000000025C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 00000012.00000002.1747188257.00000000025C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000012.00000002.1747188257.00000000025C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000012.00000002.1747188257.00000000025C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 00000012.00000002.1747188257.00000000025C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 00000019.00000002.1917172495.000000000040E000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 00000019.00000002.1917172495.000000000040E000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000019.00000002.1917172495.000000000040E000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 00000011.00000002.1749146703.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 00000011.00000002.1749146703.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000011.00000002.1749146703.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 00000015.00000001.1739321784.0000000000402000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 00000015.00000001.1739321784.0000000000402000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000015.00000001.1739321784.0000000000402000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 00000001.00000002.1341895171.0000000002160000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 00000001.00000002.1341895171.0000000002160000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000001.00000002.1341895171.0000000002160000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000001.00000002.1341895171.0000000002160000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 00000001.00000002.1341895171.0000000002160000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 00000005.00000002.1429390738.00000000004F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 00000005.00000002.1429390738.00000000004F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000005.00000002.1429390738.00000000004F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000005.00000002.1429390738.00000000004F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 00000005.00000002.1429390738.00000000004F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 00000015.00000002.1809054876.000000000040E000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 00000015.00000002.1809054876.000000000040E000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000015.00000002.1809054876.000000000040E000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 00000019.00000001.1855089629.0000000000402000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 00000019.00000001.1855089629.0000000000402000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000019.00000001.1855089629.0000000000402000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 00000019.00000002.1917172495.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 00000019.00000002.1917172495.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000019.00000002.1917172495.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 00000004.00000001.1338787516.000000000040E000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 00000004.00000001.1338787516.000000000040E000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000004.00000001.1338787516.000000000040E000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 00000004.00000002.1423595922.000000000040E000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 00000004.00000002.1423595922.000000000040E000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000004.00000002.1423595922.000000000040E000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 00000008.00000001.1426610906.000000000040E000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 00000008.00000001.1426610906.000000000040E000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000008.00000001.1426610906.000000000040E000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 00000016.00000002.1875231931.0000000002150000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 00000016.00000002.1875231931.0000000002150000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000016.00000002.1875231931.0000000002150000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000016.00000002.1875231931.0000000002150000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 00000016.00000002.1875231931.0000000002150000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 00000011.00000002.1749146703.000000000040E000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 00000011.00000002.1749146703.000000000040E000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000011.00000002.1749146703.000000000040E000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 00000008.00000001.1426610906.0000000000402000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 00000008.00000001.1426610906.0000000000402000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000008.00000001.1426610906.0000000000402000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 00000011.00000001.1677403153.000000000040E000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 00000011.00000001.1677403153.000000000040E000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000011.00000001.1677403153.000000000040E000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 00000015.00000001.1739321784.000000000040E000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 00000015.00000001.1739321784.000000000040E000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000015.00000001.1739321784.000000000040E000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 00000011.00000001.1677403153.0000000000402000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 00000011.00000001.1677403153.0000000000402000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000011.00000001.1677403153.0000000000402000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 00000015.00000002.1809054876.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 00000015.00000002.1809054876.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000015.00000002.1809054876.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 0000000E.00000002.1684106540.0000000002030000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 0000000E.00000002.1684106540.0000000002030000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0000000E.00000002.1684106540.0000000002030000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 0000000E.00000002.1684106540.0000000002030000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 0000000E.00000002.1684106540.0000000002030000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Memory allocated: F30000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Memory allocated: 2B80000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Memory allocated: 4B80000 memory commit | memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Memory allocated: 62C0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\Desktop\iR2UtZj5vP.exe | Memory allocated: 72C0000 memory commit | memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: CC0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 2D30000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 10D0000 memory commit | memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 6650000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 7650000 memory commit | memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 78A0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 88A0000 memory commit | memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 8B40000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 9B40000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: AB40000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: BB40000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: CB40000 memory commit | memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 78A0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 88A0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 98A0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 6650000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 9BE0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: ABE0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: D070000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: E070000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: F070000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 10070000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 11070000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: B0E0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 12070000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 13070000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 14070000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 15070000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 16070000 memory commit | memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 16AC0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 17AC0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 18AC0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 19AC0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 1AAC0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 1BAC0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 1CAC0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 1DAC0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: C6E0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: D6E0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: E6E0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: F6E0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 106E0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 116E0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 126E0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 136E0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 146E0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: D460000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: E460000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: F460000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 10460000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 11460000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 12460000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 13460000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 14460000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 1EAC0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 1FAC0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 20AC0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 21AC0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 22AC0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 23AC0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 24AC0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 25AC0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 26AC0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 27AC0000 memory commit | memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 28F60000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: EFE0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: FFE0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 10FE0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 11FE0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 12FE0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 13FE0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 155A0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 165A0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 175A0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 185A0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 195A0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 1A5A0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 1B5A0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 1C5A0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 1D5A0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 1E5A0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 1F5A0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 205A0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: F4E0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 104E0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 114E0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 13120000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 14120000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 215A0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 225A0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 235A0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 245A0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 255A0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 265A0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 29F60000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 2AF60000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 2BF60000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 2CF60000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: F8A0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 13120000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 2DF60000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 2EF60000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 2FF60000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 30F60000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 31F60000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 32F60000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 33F60000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: F8A0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: F8A0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 34F60000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 35F60000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 36F60000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 37F60000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 38F60000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 14220000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 2AF60000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 14220000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: BE0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 2B10000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 10D0000 memory commit | memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: DD0000 memory reserve | memory write watch | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 2BB0000 memory reserve | memory write watch | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 4BB0000 memory commit | memory reserve | memory write watch | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: F30000 memory reserve | memory write watch | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: 2C00000 memory reserve | memory write watch | |
Source: C:\Users\user\AppData\Local\Temp\WindowsServices.exe | Memory allocated: F30000 memory commit | memory reserve | memory write watch | |