Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.raw.unpack |
Malware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "cp8nl.hyperhost.ua", "Username": "royallog@fibraunollc.top", "Password": " 7213575aceACE@#$ "} |
Source: Yara match |
File source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe, type: SAMPLE |
Source: Yara match |
File source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e1840090.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.0.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.7ff77c310000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.7ff77c310000.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000000.1972524893.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.1992227700.00007FF77C48D000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.1980910200.00000286E183A000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe PID: 6548, type: MEMORYSTR |
Source: Yara match |
File source: C:\Users\user\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe, type: DROPPED |
Source: jsc.exe, 00000003.00000002.3233652969.000000000328E000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cp8nl.hyperhost.ua |
Source: jsc.exe, 00000003.00000002.3233070835.00000000015C5000.00000004.00000020.00020000.00000000.sdmp, jsc.exe, 00000003.00000002.3233652969.000000000328E000.00000004.00000800.00020000.00000000.sdmp, jsc.exe, 00000003.00000002.3235153161.0000000006656000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04 |
Source: jsc.exe, 00000003.00000002.3235153161.0000000006680000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: jsc.exe, 00000003.00000002.3233652969.000000000328E000.00000004.00000800.00020000.00000000.sdmp, jsc.exe, 00000003.00000002.3235153161.0000000006656000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0# |
Source: jsc.exe, 00000003.00000002.3233070835.00000000015C5000.00000004.00000020.00020000.00000000.sdmp, jsc.exe, 00000003.00000002.3233652969.000000000328E000.00000004.00000800.00020000.00000000.sdmp, jsc.exe, 00000003.00000002.3235153161.0000000006656000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.comodoca.com0 |
Source: jsc.exe, 00000003.00000002.3233652969.000000000328E000.00000004.00000800.00020000.00000000.sdmp, jsc.exe, 00000003.00000002.3235153161.0000000006656000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.sectigo.com0 |
Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid |
Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe, 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidX |
Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe, T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.0.dr |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidY |
Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe, T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.0.dr |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe, 00000000.00000002.1991858132.00007FF77C43D000.00000004.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameX |
Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe, 00000000.00000002.1980910200.00000286E183A000.00000004.00001000.00020000.00000000.sdmp, jsc.exe, 00000003.00000002.3232681836.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://account.dyn.com/ |
Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe, T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.0.dr |
String found in binary or memory: https://aka.ms/dotnet-warnings/ |
Source: jsc.exe, 00000003.00000002.3233652969.000000000328E000.00000004.00000800.00020000.00000000.sdmp, jsc.exe, 00000003.00000002.3235153161.0000000006656000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sectigo.com/CPS0 |
Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe, type: SAMPLE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP utility, command line and INF Author: ditekSHen |
Source: 3.2.jsc.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e1840090.1.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP utility, command line and INF Author: ditekSHen |
Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e1840090.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP utility, command line and INF Author: ditekSHen |
Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e1840090.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 0.0.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.7ff77c310000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP utility, command line and INF Author: ditekSHen |
Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.7ff77c310000.2.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP utility, command line and INF Author: ditekSHen |
Source: C:\Users\user\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe, type: DROPPED |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP utility, command line and INF Author: ditekSHen |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Code function: 0_2_00007FF77C340560 |
0_2_00007FF77C340560 |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Code function: 0_2_00007FF77C328F50 |
0_2_00007FF77C328F50 |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Code function: 0_2_00007FF77C33C160 |
0_2_00007FF77C33C160 |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Code function: 0_2_00007FF77C33EB10 |
0_2_00007FF77C33EB10 |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Code function: 0_2_00007FF77C338D40 |
0_2_00007FF77C338D40 |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Code function: 0_2_00007FF77C343600 |
0_2_00007FF77C343600 |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Code function: 0_2_00007FF77C32FDA0 |
0_2_00007FF77C32FDA0 |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Code function: 0_2_00007FF77C342700 |
0_2_00007FF77C342700 |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Code function: 0_2_00007FF77C337F10 |
0_2_00007FF77C337F10 |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Code function: 0_2_00007FF77C317EC0 |
0_2_00007FF77C317EC0 |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Code function: 0_2_00007FF77C343F70 |
0_2_00007FF77C343F70 |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Code function: 0_2_00007FF77C323720 |
0_2_00007FF77C323720 |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Code function: 0_2_00007FF77C3357F0 |
0_2_00007FF77C3357F0 |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Code function: 0_2_00007FF77C32F7F4 |
0_2_00007FF77C32F7F4 |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Code function: 0_2_00007FF77C341800 |
0_2_00007FF77C341800 |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Code function: 0_2_00007FF77C333010 |
0_2_00007FF77C333010 |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Code function: 0_2_00007FF77C334890 |
0_2_00007FF77C334890 |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Code function: 0_2_00007FF77C3388C0 |
0_2_00007FF77C3388C0 |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Code function: 0_2_00007FF77C3340D0 |
0_2_00007FF77C3340D0 |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Code function: 0_2_00007FF77C332934 |
0_2_00007FF77C332934 |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Code function: 0_2_00007FF77C3269D0 |
0_2_00007FF77C3269D0 |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Code function: 0_2_00007FF77C3369D0 |
0_2_00007FF77C3369D0 |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Code function: 0_2_00007FF77C3489D0 |
0_2_00007FF77C3489D0 |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Code function: 0_2_00007FF77C322A60 |
0_2_00007FF77C322A60 |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Code function: 0_2_00007FF77C342290 |
0_2_00007FF77C342290 |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Code function: 0_2_00007FF77C32E2F0 |
0_2_00007FF77C32E2F0 |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Code function: 0_2_00007FF77C33F360 |
0_2_00007FF77C33F360 |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Code function: 0_2_00007FF77C33DC30 |
0_2_00007FF77C33DC30 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Code function: 3_2_01769BE2 |
3_2_01769BE2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Code function: 3_2_01764A98 |
3_2_01764A98 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Code function: 3_2_0176CDA8 |
3_2_0176CDA8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Code function: 3_2_01763E80 |
3_2_01763E80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Code function: 3_2_017641C8 |
3_2_017641C8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Code function: 3_2_065256F0 |
3_2_065256F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Code function: 3_2_06523F60 |
3_2_06523F60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Code function: 3_2_0652DD10 |
3_2_0652DD10 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Code function: 3_2_0652BD18 |
3_2_0652BD18 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Code function: 3_2_06522AF8 |
3_2_06522AF8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Code function: 3_2_06528BA3 |
3_2_06528BA3 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Code function: 3_2_06520040 |
3_2_06520040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Code function: 3_2_06523253 |
3_2_06523253 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Code function: 3_2_06525010 |
3_2_06525010 |
Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Binary or memory string: OriginalFilename vs T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe, 00000000.00000002.1992373539.00007FF77C518000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameFunc6DeclareLocal.dllD vs T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe, 00000000.00000002.1980910200.00000286E183A000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenamec25e7689-8eb9-43a0-830e-91b697d7907d.exe4 vs T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe, 00000000.00000002.1980910200.00000286E183A000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameFunc6DeclareLocal.dllD vs T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Binary or memory string: OriginalFilenameFunc6DeclareLocal.dllD vs T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.0.dr |
Binary or memory string: OriginalFilenameFunc6DeclareLocal.dllD vs T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe, type: SAMPLE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCMD author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP utility, command line and INF |
Source: 3.2.jsc.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e1840090.1.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCMD author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP utility, command line and INF |
Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e1840090.1.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCMD author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP utility, command line and INF |
Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e1840090.1.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 0.0.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.7ff77c310000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCMD author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP utility, command line and INF |
Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.7ff77c310000.2.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCMD author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP utility, command line and INF |
Source: C:\Users\user\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe, type: DROPPED |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCMD author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP utility, command line and INF |
Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.raw.unpack, N43UVggPg.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.raw.unpack, N43UVggPg.cs |
Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.raw.unpack, Ow96S4wT.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.raw.unpack, Ow96S4wT.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.raw.unpack, Ow96S4wT.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.raw.unpack, Ow96S4wT.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.raw.unpack, MjzNdC.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.raw.unpack, MjzNdC.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Code function: 0_2_00007FF77C322890 LookupPrivilegeValueW,GetCurrentProcess,OpenProcessToken,AdjustTokenPrivileges,GetLastError,CloseHandle,GetLargePageMinimum,VirtualAlloc,GetCurrentProcess,VirtualAllocExNuma, |
0_2_00007FF77C322890 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor |
Source: unknown |
Process created: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe "C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe" |
|
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe" |
|
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe" |
Jump to behavior |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Section loaded: icu.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Section loaded: vaultcli.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Static PE information: section name: .managed |
Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Static PE information: section name: hydrated |
Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Static PE information: section name: _RDATA |
Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.0.dr |
Static PE information: section name: .managed |
Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.0.dr |
Static PE information: section name: hydrated |
Source: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.0.dr |
Static PE information: section name: _RDATA |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
File created: \t#u00dcb#u0130tak sage tekl#u0130f talep ve f#u0130yat tekl#u0130f#u0130 sxlx..exe |
|
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
File created: \t#u00dcb#u0130tak sage tekl#u0130f talep ve f#u0130yat tekl#u0130f#u0130 sxlx..exe |
|
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
File created: \t#u00dcb#u0130tak sage tekl#u0130f talep ve f#u0130yat tekl#u0130f#u0130 sxlx..exe |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Memory allocated: 286DCEF0000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Memory allocated: 1760000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Memory allocated: 3240000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Memory allocated: 30A0000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408 |
Thread sleep time: -17524406870024063s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408 |
Thread sleep time: -100000s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 3176 |
Thread sleep count: 5216 > 30 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408 |
Thread sleep time: -99875s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408 |
Thread sleep time: -99766s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408 |
Thread sleep time: -99641s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 3176 |
Thread sleep count: 865 > 30 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408 |
Thread sleep time: -99530s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408 |
Thread sleep time: -99422s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408 |
Thread sleep time: -99313s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408 |
Thread sleep time: -99188s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408 |
Thread sleep time: -99063s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408 |
Thread sleep time: -98938s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408 |
Thread sleep time: -98828s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408 |
Thread sleep time: -98719s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408 |
Thread sleep time: -98594s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408 |
Thread sleep time: -98484s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408 |
Thread sleep time: -98374s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408 |
Thread sleep time: -98262s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408 |
Thread sleep time: -98141s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408 |
Thread sleep time: -98031s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408 |
Thread sleep time: -97922s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408 |
Thread sleep time: -97812s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408 |
Thread sleep time: -97703s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408 |
Thread sleep time: -97594s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408 |
Thread sleep time: -97484s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408 |
Thread sleep time: -97370s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408 |
Thread sleep time: -97250s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408 |
Thread sleep time: -97141s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408 |
Thread sleep time: -97016s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408 |
Thread sleep time: -96891s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408 |
Thread sleep time: -96781s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408 |
Thread sleep time: -96672s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe TID: 6408 |
Thread sleep time: -922337203685477s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Thread delayed: delay time: 100000 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Thread delayed: delay time: 99875 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Thread delayed: delay time: 99766 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Thread delayed: delay time: 99641 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Thread delayed: delay time: 99530 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Thread delayed: delay time: 99422 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Thread delayed: delay time: 99313 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Thread delayed: delay time: 99188 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Thread delayed: delay time: 99063 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Thread delayed: delay time: 98938 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Thread delayed: delay time: 98828 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Thread delayed: delay time: 98719 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Thread delayed: delay time: 98594 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Thread delayed: delay time: 98484 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Thread delayed: delay time: 98374 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Thread delayed: delay time: 98262 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Thread delayed: delay time: 98141 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Thread delayed: delay time: 98031 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Thread delayed: delay time: 97922 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Thread delayed: delay time: 97812 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Thread delayed: delay time: 97703 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Thread delayed: delay time: 97594 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Thread delayed: delay time: 97484 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Thread delayed: delay time: 97370 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Thread delayed: delay time: 97250 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Thread delayed: delay time: 97141 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Thread delayed: delay time: 97016 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Thread delayed: delay time: 96891 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Thread delayed: delay time: 96781 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Thread delayed: delay time: 96672 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Code function: 0_2_00007FF77C3155C0 RtlAddVectoredExceptionHandler, |
0_2_00007FF77C3155C0 |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Code function: 0_2_00007FF77C379808 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_00007FF77C379808 |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: 400000 |
Jump to behavior |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: 402000 |
Jump to behavior |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: 43C000 |
Jump to behavior |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: 43E000 |
Jump to behavior |
Source: C:\Users\user\Desktop\T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe |
Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe base: 11FE008 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: Yara match |
File source: 3.2.jsc.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e1840090.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e1840090.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000003.00000002.3232681836.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000003.00000002.3233652969.000000000328E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000003.00000002.3233652969.00000000032B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000003.00000002.3233652969.0000000003241000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.1980910200.00000286E183A000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe PID: 6548, type: MEMORYSTR |
Source: Yara match |
File source: Process Memory Space: jsc.exe PID: 6368, type: MEMORYSTR |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
File opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
File opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe |
Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities |
Jump to behavior |
Source: Yara match |
File source: 3.2.jsc.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e1840090.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e1840090.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000003.00000002.3232681836.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000003.00000002.3233652969.0000000003241000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.1980910200.00000286E183A000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe PID: 6548, type: MEMORYSTR |
Source: Yara match |
File source: Process Memory Space: jsc.exe PID: 6368, type: MEMORYSTR |
Source: Yara match |
File source: 3.2.jsc.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e1840090.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e187aac8.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe.286e1840090.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000003.00000002.3232681836.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000003.00000002.3233652969.000000000328E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000003.00000002.3233652969.00000000032B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000003.00000002.3233652969.0000000003241000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.1980910200.00000286E183A000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: T#U00dcB#U0130TAK SAGE TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130 sxlx..exe PID: 6548, type: MEMORYSTR |
Source: Yara match |
File source: Process Memory Space: jsc.exe PID: 6368, type: MEMORYSTR |