Source: Server.exe, 00000000.00000000.2017217921.0000000000FD2000.00000002.00000001.01000000.00000003.sdmp | Binary or memory string: autorun.inf |
Source: Server.exe, 00000000.00000000.2017217921.0000000000FD2000.00000002.00000001.01000000.00000003.sdmp | Binary or memory string: [autorun] |
Source: Server.exe, 00000000.00000002.2085744740.0000000003631000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: autorun.inf |
Source: Server.exe, 00000000.00000002.2085744740.0000000003631000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: [autorun] |
Source: server.exe, 00000002.00000002.4476615014.00000000026C1000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: autorun.inf |
Source: server.exe, 00000002.00000002.4476615014.00000000026C1000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: [autorun] |
Source: Server.exe | Binary or memory string: autorun.inf |
Source: Server.exe | Binary or memory string: [autorun] |
Source: 73e4ea7af59bea49b79c8c5f799f272d.exe.2.dr | Binary or memory string: autorun.inf |
Source: 73e4ea7af59bea49b79c8c5f799f272d.exe.2.dr | Binary or memory string: [autorun] |
Source: server.exe.0.dr | Binary or memory string: autorun.inf |
Source: server.exe.0.dr | Binary or memory string: [autorun] |
Source: Server.exe, type: SAMPLE | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: Server.exe, type: SAMPLE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: Server.exe, type: SAMPLE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 0.0.Server.exe.fd0000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 0.0.Server.exe.fd0000.0.unpack, type: UNPACKEDPE | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 0.0.Server.exe.fd0000.0.unpack, type: UNPACKEDPE | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 00000000.00000000.2017217921.0000000000FD2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 00000000.00000000.2017217921.0000000000FD2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\73e4ea7af59bea49b79c8c5f799f272d.exe, type: DROPPED | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\73e4ea7af59bea49b79c8c5f799f272d.exe, type: DROPPED | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\73e4ea7af59bea49b79c8c5f799f272d.exe, type: DROPPED | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: C:\Users\user\AppData\Roaming\server.exe, type: DROPPED | Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: C:\Users\user\AppData\Roaming\server.exe, type: DROPPED | Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: C:\Users\user\AppData\Roaming\server.exe, type: DROPPED | Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: Server.exe, type: SAMPLE | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: Server.exe, type: SAMPLE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: Server.exe, type: SAMPLE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 0.0.Server.exe.fd0000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 0.0.Server.exe.fd0000.0.unpack, type: UNPACKEDPE | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 0.0.Server.exe.fd0000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 00000000.00000000.2017217921.0000000000FD2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 00000000.00000000.2017217921.0000000000FD2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\73e4ea7af59bea49b79c8c5f799f272d.exe, type: DROPPED | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\73e4ea7af59bea49b79c8c5f799f272d.exe, type: DROPPED | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\73e4ea7af59bea49b79c8c5f799f272d.exe, type: DROPPED | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: C:\Users\user\AppData\Roaming\server.exe, type: DROPPED | Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: C:\Users\user\AppData\Roaming\server.exe, type: DROPPED | Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: C:\Users\user\AppData\Roaming\server.exe, type: DROPPED | Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: C:\Users\user\Desktop\Server.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Section loaded: edputil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Section loaded: appresolver.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Section loaded: bcp47langs.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Section loaded: shfolder.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: ifmon.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mprapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rasmontr.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rasapi32.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rasman.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mfc42u.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rasman.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: authfwcfg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: fwpolicyiomgr.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: firewallapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: fwbase.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: dhcpcmonitor.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: dot3cfg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: dot3api.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: onex.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: eappcfg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: ncrypt.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: eappprxy.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: fwcfg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: hnetmon.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: netshell.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: nlaapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: netsetupapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: netiohlp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: nshhttp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: httpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: nshipsec.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: activeds.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: polstore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: winipsec.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: adsldpc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: adsldpc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: nshwfp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: cabinet.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: p2pnetsh.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: p2p.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rpcnsh.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: whhelper.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wlancfg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wlanapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wshelper.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wevtapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: peerdistsh.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wcmapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: rmclient.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mobilenetworking.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: ktmw32.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: mprmsg.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\netsh.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Memory allocated: 1970000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Memory allocated: 3630000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\Desktop\Server.exe | Memory allocated: 5630000 memory commit | memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Memory allocated: 890000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Memory allocated: 26C0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Memory allocated: 46C0000 memory commit | memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Memory allocated: D50000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Memory allocated: 2A60000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Memory allocated: D80000 memory commit | memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Memory allocated: 1120000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Memory allocated: 2FB0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Memory allocated: 4FB0000 memory commit | memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Memory allocated: B00000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Memory allocated: 2790000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\server.exe | Memory allocated: 4790000 memory commit | memory reserve | memory write watch | Jump to behavior |