Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_00154696 GetFileAttributesW,FindFirstFileW,FindClose, |
0_2_00154696 |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_0015C93C FindFirstFileW,FindClose, |
0_2_0015C93C |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_0015C9C7 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf, |
0_2_0015C9C7 |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_0015F200 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_0015F200 |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_0015F35D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_0015F35D |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_0015F65E FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose, |
0_2_0015F65E |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_00153A2B FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
0_2_00153A2B |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_00153D4E FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
0_2_00153D4E |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_0015BF27 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose, |
0_2_0015BF27 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h |
2_2_0291DEF0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 02EFE4C5h |
2_2_02EFE307 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 02EFF781h |
2_2_02EFF4C8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 02EFE4C5h |
2_2_02EFE514 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h |
2_2_02EFE9E8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 02EFFBD9h |
2_2_02EFF92B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 053B021Dh |
2_2_053B0040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 053B0BA7h |
2_2_053B0040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 053B24ADh |
2_2_053B2090 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 053B1D39h |
2_2_053B1A88 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 053BEFE1h |
2_2_053BED38 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 053BF439h |
2_2_053BF190 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 053BF891h |
2_2_053BF5E8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 053BC471h |
2_2_053BC1C8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 053BE2D9h |
2_2_053BE030 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 053BE731h |
2_2_053BE488 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 053B24ADh |
2_2_053B2081 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 053BEB89h |
2_2_053BE8E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 053BD5D1h |
2_2_053BD328 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 053BDA29h |
2_2_053BD780 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 053B24ADh |
2_2_053B23DB |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 053BDE81h |
2_2_053BDBD8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 053BC8C9h |
2_2_053BC620 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 053BCD21h |
2_2_053BCA78 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 053BFCE9h |
2_2_053BFA40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 053BD179h |
2_2_053BCED0 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 202.4.96.3 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 202.4.96.3 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 202.4.96.3 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 202.4.96.3 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 202.4.96.3 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 202.4.96.3 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 202.4.96.3 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 202.4.96.3 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 202.4.96.3 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 202.4.96.3 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 202.4.96.3 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 202.4.96.3 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 202.4.96.3 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 202.4.96.3 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 202.4.96.3 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 202.4.96.3 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 202.4.96.3 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 202.4.96.3 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 202.4.96.3 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 202.4.96.3 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 202.4.96.3 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 202.4.96.3 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 202.4.96.3 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 202.4.96.3 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 202.4.96.3 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 202.4.96.3 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 202.4.96.3 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 202.4.96.3 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 202.4.96.3 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 202.4.96.3 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 202.4.96.3 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 202.4.96.3 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: RegSvcs.exe, 00000002.00000002.3772899142.00000000030BC000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://51.38.247.67:8081/_send_.php?L |
Source: RegSvcs.exe, 00000002.00000002.3772038405.0000000002A39000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3772636346.0000000002E60000.00000004.08000000.00040000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3772208860.0000000002B60000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded |
Source: RegSvcs.exe, 00000002.00000002.3772038405.0000000002A39000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3772899142.0000000002F61000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3772636346.0000000002E60000.00000004.08000000.00040000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3772208860.0000000002B60000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: http://aborters.duckdns.org:8081 |
Source: RegSvcs.exe, 00000002.00000002.3772038405.0000000002A39000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3772899142.0000000002F61000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3772636346.0000000002E60000.00000004.08000000.00040000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3772208860.0000000002B60000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: http://anotherarmy.dns.army:8081 |
Source: RegSvcs.exe, 00000002.00000002.3772899142.0000000002F61000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org |
Source: RegSvcs.exe, 00000002.00000002.3772899142.0000000002F61000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org/ |
Source: RegSvcs.exe, 00000002.00000002.3772038405.0000000002A39000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3772636346.0000000002E60000.00000004.08000000.00040000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3772208860.0000000002B60000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org/q |
Source: RegSvcs.exe, 00000002.00000002.3776103096.0000000005433000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.comodoca.com |
Source: RegSvcs.exe, 00000002.00000002.3772899142.00000000030CC000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3770897205.0000000000E56000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3776103096.0000000005433000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04 |
Source: RegSvcs.exe, 00000002.00000002.3770897205.0000000000E56000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: RegSvcs.exe, 00000002.00000002.3772899142.00000000030CC000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3770897205.0000000000E56000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3776103096.0000000005433000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q |
Source: RegSvcs.exe, 00000002.00000002.3772899142.00000000030CC000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3776103096.0000000005433000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.comodoca.com/cPanelIncCertificationAuthority.crl0 |
Source: RegSvcs.exe, 00000002.00000002.3772899142.00000000030CC000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://logosbd.net |
Source: RegSvcs.exe, 00000002.00000002.3772899142.00000000030CC000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3772899142.00000000030BC000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://mail.logosbd.net |
Source: RegSvcs.exe, 00000002.00000002.3772899142.00000000030CC000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3770897205.0000000000E56000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3776103096.0000000005433000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.comodoca.com0 |
Source: RegSvcs.exe, 00000002.00000002.3772899142.0000000002F61000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: RegSvcs.exe, 00000002.00000002.3772038405.0000000002A39000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3772899142.0000000002F61000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3772636346.0000000002E60000.00000004.08000000.00040000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3772208860.0000000002B60000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: http://varders.kozow.com:8081 |
Source: RegSvcs.exe, 00000002.00000002.3774685263.0000000004238000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: RegSvcs.exe, 00000002.00000002.3772899142.000000000304C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org |
Source: RegSvcs.exe, 00000002.00000002.3772038405.0000000002A39000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3772899142.000000000304C000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3772636346.0000000002E60000.00000004.08000000.00040000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3772208860.0000000002B60000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org/bot |
Source: RegSvcs.exe, 00000002.00000002.3772899142.000000000304C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text= |
Source: RegSvcs.exe, 00000002.00000002.3772899142.000000000304C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:849224%0D%0ADate%20a |
Source: RegSvcs.exe, 00000002.00000002.3774685263.0000000004238000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: RegSvcs.exe, 00000002.00000002.3774685263.0000000004238000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: RegSvcs.exe, 00000002.00000002.3774685263.0000000004238000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: RegSvcs.exe, 00000002.00000002.3772899142.0000000003113000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3772899142.000000000306F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://chrome.google.com/webstore?hl=en |
Source: RegSvcs.exe, 00000002.00000002.3774685263.0000000004238000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: RegSvcs.exe, 00000002.00000002.3774685263.0000000004238000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: RegSvcs.exe, 00000002.00000002.3774685263.0000000004238000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: RegSvcs.exe, 00000002.00000002.3772899142.000000000304C000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3772899142.0000000002FB6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3772899142.0000000003025000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org |
Source: RegSvcs.exe, 00000002.00000002.3772038405.0000000002A39000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3772899142.0000000002FB6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3772636346.0000000002E60000.00000004.08000000.00040000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3772208860.0000000002B60000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/ |
Source: RegSvcs.exe, 00000002.00000002.3772899142.0000000003025000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33 |
Source: RegSvcs.exe, 00000002.00000002.3772899142.000000000304C000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3772899142.0000000002FDF000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3772899142.0000000003025000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33$ |
Source: RegSvcs.exe, 00000002.00000002.3772899142.00000000030CC000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3776103096.0000000005433000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sectigo.com/CPS0 |
Source: RegSvcs.exe, 00000002.00000002.3774685263.0000000004238000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: RegSvcs.exe, 00000002.00000002.3774685263.0000000004238000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: RegSvcs.exe, 00000002.00000002.3772899142.0000000003113000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3772899142.0000000003104000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3772899142.000000000306F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.office.com/ |
Source: RegSvcs.exe, 00000002.00000002.3772899142.000000000310E000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.office.com/lB |
Source: 2.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects RedLine infostealer Author: ditekSHen |
Source: 2.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects RedLine infostealer Author: ditekSHen |
Source: 0.2.rcrypt.exe.33b0000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects RedLine infostealer Author: ditekSHen |
Source: 2.2.RegSvcs.exe.2a79a56.2.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 2.2.RegSvcs.exe.2a79a56.2.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 2.2.RegSvcs.exe.2a79a56.2.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 2.2.RegSvcs.exe.2e60000.5.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 2.2.RegSvcs.exe.2e60000.5.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 2.2.RegSvcs.exe.2e60000.5.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 2.2.RegSvcs.exe.2e60000.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 2.2.RegSvcs.exe.2e60000.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 2.2.RegSvcs.exe.2e60000.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 2.2.RegSvcs.exe.2a79a56.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 2.2.RegSvcs.exe.2a79a56.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 2.2.RegSvcs.exe.2a79a56.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 2.2.RegSvcs.exe.2b60ee8.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 2.2.RegSvcs.exe.2b60ee8.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 2.2.RegSvcs.exe.2b60ee8.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 2.2.RegSvcs.exe.2a7a93e.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 2.2.RegSvcs.exe.2a7a93e.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 2.2.RegSvcs.exe.2a7a93e.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 2.2.RegSvcs.exe.2b60000.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 2.2.RegSvcs.exe.2b60000.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 2.2.RegSvcs.exe.2b60000.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 2.2.RegSvcs.exe.2b60ee8.3.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 2.2.RegSvcs.exe.2b60ee8.3.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 2.2.RegSvcs.exe.2b60ee8.3.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 2.2.RegSvcs.exe.2b60000.4.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 2.2.RegSvcs.exe.2b60000.4.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 2.2.RegSvcs.exe.2b60000.4.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 2.2.RegSvcs.exe.2a7a93e.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 2.2.RegSvcs.exe.2a7a93e.1.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 2.2.RegSvcs.exe.2a7a93e.1.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 00000000.00000002.1319524168.00000000033B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects RedLine infostealer Author: ditekSHen |
Source: 00000002.00000002.3772038405.0000000002A39000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 00000002.00000002.3769801925.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detects RedLine infostealer Author: ditekSHen |
Source: 00000002.00000002.3772636346.0000000002E60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 00000002.00000002.3772636346.0000000002E60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 00000002.00000002.3772636346.0000000002E60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 00000002.00000002.3772208860.0000000002B60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 00000002.00000002.3772208860.0000000002B60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 00000002.00000002.3772208860.0000000002B60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: Process Memory Space: RegSvcs.exe PID: 7692, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_000FE800 |
0_2_000FE800 |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_0011DBB5 |
0_2_0011DBB5 |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_0017804A |
0_2_0017804A |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_000FE060 |
0_2_000FE060 |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_00104140 |
0_2_00104140 |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_00112405 |
0_2_00112405 |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_00126522 |
0_2_00126522 |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_0012267E |
0_2_0012267E |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_00170665 |
0_2_00170665 |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_0011283A |
0_2_0011283A |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_00106843 |
0_2_00106843 |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_001289DF |
0_2_001289DF |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_00108A0E |
0_2_00108A0E |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_00126A94 |
0_2_00126A94 |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_00170AE2 |
0_2_00170AE2 |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_00158B13 |
0_2_00158B13 |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_0014EB07 |
0_2_0014EB07 |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_0011CD61 |
0_2_0011CD61 |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_00127006 |
0_2_00127006 |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_0010710E |
0_2_0010710E |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_00103190 |
0_2_00103190 |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_000F1287 |
0_2_000F1287 |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_001133C7 |
0_2_001133C7 |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_0011F419 |
0_2_0011F419 |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_00105680 |
0_2_00105680 |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_001116C4 |
0_2_001116C4 |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_001178D3 |
0_2_001178D3 |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_001058C0 |
0_2_001058C0 |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_00111BB8 |
0_2_00111BB8 |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_00129D05 |
0_2_00129D05 |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_000FFE40 |
0_2_000FFE40 |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_00111FD0 |
0_2_00111FD0 |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_0011BFE6 |
0_2_0011BFE6 |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_016F35F0 |
0_2_016F35F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_00408C60 |
2_2_00408C60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_0040DC11 |
2_2_0040DC11 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_00407C3F |
2_2_00407C3F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_00418CCC |
2_2_00418CCC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_00406CA0 |
2_2_00406CA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_004028B0 |
2_2_004028B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_0041A4BE |
2_2_0041A4BE |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_00418244 |
2_2_00418244 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_00401650 |
2_2_00401650 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_00402F20 |
2_2_00402F20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_004193C4 |
2_2_004193C4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_00418788 |
2_2_00418788 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_00402F89 |
2_2_00402F89 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_00402B90 |
2_2_00402B90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_004073A0 |
2_2_004073A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_029112B0 |
2_2_029112B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_029112C0 |
2_2_029112C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_0291154F |
2_2_0291154F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_02911560 |
2_2_02911560 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_02EFB300 |
2_2_02EFB300 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_02EF9318 |
2_2_02EF9318 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_02EF41E2 |
2_2_02EF41E2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_02EFC160 |
2_2_02EFC160 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_02EFC43F |
2_2_02EFC43F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_02EFB5E0 |
2_2_02EFB5E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_02EFBBA1 |
2_2_02EFBBA1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_02EFB8C0 |
2_2_02EFB8C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_02EFD890 |
2_2_02EFD890 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_02EF5820 |
2_2_02EF5820 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_02EFBE7F |
2_2_02EFBE7F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_02EFAE58 |
2_2_02EFAE58 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_02EF5E58 |
2_2_02EF5E58 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_02EF3069 |
2_2_02EF3069 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_02EFB020 |
2_2_02EFB020 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_02EFF4C8 |
2_2_02EFF4C8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_02EFD881 |
2_2_02EFD881 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_02EFE9E8 |
2_2_02EFE9E8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_02EFE9D8 |
2_2_02EFE9D8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_02EFF92B |
2_2_02EFF92B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053B4150 |
2_2_053B4150 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053B9198 |
2_2_053B9198 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053B8450 |
2_2_053B8450 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053B0040 |
2_2_053B0040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053B0C90 |
2_2_053B0C90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053B1388 |
2_2_053B1388 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053B1A88 |
2_2_053B1A88 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053BED38 |
2_2_053BED38 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053BED28 |
2_2_053BED28 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053B4143 |
2_2_053B4143 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053BC1B8 |
2_2_053BC1B8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053BF190 |
2_2_053BF190 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053B9188 |
2_2_053B9188 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053BF181 |
2_2_053BF181 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053BF5E8 |
2_2_053BF5E8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053BF5D8 |
2_2_053BF5D8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053BC1C8 |
2_2_053BC1C8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053BE030 |
2_2_053BE030 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053BE020 |
2_2_053BE020 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053B0006 |
2_2_053B0006 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053BE478 |
2_2_053BE478 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053B7CB8 |
2_2_053B7CB8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053BE488 |
2_2_053BE488 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053B0C80 |
2_2_053B0C80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053BE8E0 |
2_2_053BE8E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053BE8D0 |
2_2_053BE8D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053B7CC8 |
2_2_053B7CC8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053BD328 |
2_2_053BD328 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053BD319 |
2_2_053BD319 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053B1378 |
2_2_053B1378 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053BD770 |
2_2_053BD770 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053BD780 |
2_2_053BD780 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053BDBD8 |
2_2_053BDBD8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053BDBC8 |
2_2_053BDBC8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053BFA30 |
2_2_053BFA30 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053BC620 |
2_2_053BC620 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053BC610 |
2_2_053BC610 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053BCA78 |
2_2_053BCA78 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053B1A78 |
2_2_053B1A78 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053B8670 |
2_2_053B8670 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053BCA68 |
2_2_053BCA68 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053BFA40 |
2_2_053BFA40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053BCED0 |
2_2_053BCED0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_053BCEC3 |
2_2_053BCEC3 |
Source: 2.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
Source: 2.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
Source: 0.2.rcrypt.exe.33b0000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
Source: 2.2.RegSvcs.exe.2a79a56.2.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 2.2.RegSvcs.exe.2a79a56.2.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 2.2.RegSvcs.exe.2a79a56.2.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 2.2.RegSvcs.exe.2e60000.5.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 2.2.RegSvcs.exe.2e60000.5.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 2.2.RegSvcs.exe.2e60000.5.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 2.2.RegSvcs.exe.2e60000.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 2.2.RegSvcs.exe.2e60000.5.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 2.2.RegSvcs.exe.2e60000.5.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 2.2.RegSvcs.exe.2a79a56.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 2.2.RegSvcs.exe.2a79a56.2.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 2.2.RegSvcs.exe.2a79a56.2.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 2.2.RegSvcs.exe.2b60ee8.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 2.2.RegSvcs.exe.2b60ee8.3.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 2.2.RegSvcs.exe.2b60ee8.3.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 2.2.RegSvcs.exe.2a7a93e.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 2.2.RegSvcs.exe.2a7a93e.1.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 2.2.RegSvcs.exe.2a7a93e.1.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 2.2.RegSvcs.exe.2b60000.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 2.2.RegSvcs.exe.2b60000.4.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 2.2.RegSvcs.exe.2b60000.4.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 2.2.RegSvcs.exe.2b60ee8.3.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 2.2.RegSvcs.exe.2b60ee8.3.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 2.2.RegSvcs.exe.2b60ee8.3.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 2.2.RegSvcs.exe.2b60000.4.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 2.2.RegSvcs.exe.2b60000.4.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 2.2.RegSvcs.exe.2b60000.4.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 2.2.RegSvcs.exe.2a7a93e.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 2.2.RegSvcs.exe.2a7a93e.1.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 2.2.RegSvcs.exe.2a7a93e.1.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 00000000.00000002.1319524168.00000000033B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
Source: 00000002.00000002.3772038405.0000000002A39000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000002.00000002.3769801925.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
Source: 00000002.00000002.3772636346.0000000002E60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000002.00000002.3772636346.0000000002E60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000002.00000002.3772636346.0000000002E60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 00000002.00000002.3772208860.0000000002B60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000002.00000002.3772208860.0000000002B60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000002.00000002.3772208860.0000000002B60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: Process Memory Space: RegSvcs.exe PID: 7692, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: C:\Users\user\Desktop\rcrypt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 600000 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599890 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599781 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599671 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599562 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599453 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599343 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599234 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599124 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598995 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598887 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598781 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598671 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598562 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598452 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598343 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598234 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598125 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598015 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597906 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597797 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597685 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597576 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597468 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597359 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597250 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597140 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597031 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596922 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596812 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596703 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596593 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596470 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596343 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596234 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596125 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596015 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595903 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595796 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595687 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595578 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595468 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595359 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595249 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595140 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595031 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594921 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594812 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594703 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594593 |
Jump to behavior |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_00154696 GetFileAttributesW,FindFirstFileW,FindClose, |
0_2_00154696 |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_0015C93C FindFirstFileW,FindClose, |
0_2_0015C93C |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_0015C9C7 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf, |
0_2_0015C9C7 |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_0015F200 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_0015F200 |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_0015F35D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_0015F35D |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_0015F65E FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose, |
0_2_0015F65E |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_00153A2B FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
0_2_00153A2B |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_00153D4E FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
0_2_00153D4E |
Source: C:\Users\user\Desktop\rcrypt.exe |
Code function: 0_2_0015BF27 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose, |
0_2_0015BF27 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 600000 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599890 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599781 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599671 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599562 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599453 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599343 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599234 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599124 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598995 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598887 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598781 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598671 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598562 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598452 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598343 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598234 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598125 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598015 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597906 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597797 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597685 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597576 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597468 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597359 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597250 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597140 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597031 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596922 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596812 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596703 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596593 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596470 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596343 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596234 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596125 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596015 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595903 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595796 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595687 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595578 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595468 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595359 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595249 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595140 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595031 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594921 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594812 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594703 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594593 |
Jump to behavior |
Source: RegSvcs.exe, 00000002.00000002.3774685263.00000000042C6000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: dev.azure.comVMware20,11696497155j |
Source: RegSvcs.exe, 00000002.00000002.3774685263.00000000042C6000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: global block list test formVMware20,11696497155 |
Source: RegSvcs.exe, 00000002.00000002.3774685263.00000000042C6000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: turbotax.intuit.comVMware20,11696497155t |
Source: RegSvcs.exe, 00000002.00000002.3774685263.00000000042C6000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - COM.HKVMware20,11696497155 |
Source: RegSvcs.exe, 00000002.00000002.3774685263.00000000042C6000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - HKVMware20,11696497155] |
Source: RegSvcs.exe, 00000002.00000002.3774685263.00000000042C6000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: secure.bankofamerica.comVMware20,11696497155|UE |
Source: RegSvcs.exe, 00000002.00000002.3774685263.00000000042C6000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: tasks.office.comVMware20,11696497155o |
Source: RegSvcs.exe, 00000002.00000002.3774685263.00000000042C6000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696497155 |
Source: RegSvcs.exe, 00000002.00000002.3774685263.00000000042C6000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696497155 |
Source: RegSvcs.exe, 00000002.00000002.3770897205.0000000000E45000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: RegSvcs.exe, 00000002.00000002.3774685263.00000000042C6000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: bankofamerica.comVMware20,11696497155x |
Source: RegSvcs.exe, 00000002.00000002.3774685263.00000000042C6000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: ms.portal.azure.comVMware20,11696497155 |
Source: RegSvcs.exe, 00000002.00000002.3774685263.00000000042C6000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: trackpan.utiitsl.comVMware20,11696497155h |
Source: RegSvcs.exe, 00000002.00000002.3774685263.00000000042C6000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696497155p |
Source: RegSvcs.exe, 00000002.00000002.3774685263.00000000042C6000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - EU WestVMware20,11696497155n |
Source: RegSvcs.exe, 00000002.00000002.3774685263.00000000042C6000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: interactivebrokers.co.inVMware20,11696497155d |
Source: RegSvcs.exe, 00000002.00000002.3774685263.00000000042C6000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Transaction PasswordVMware20,11696497155x |
Source: RegSvcs.exe, 00000002.00000002.3774685263.00000000042C6000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Test URL for global passwords blocklistVMware20,11696497155 |
Source: RegSvcs.exe, 00000002.00000002.3774685263.00000000042C6000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: interactivebrokers.comVMware20,11696497155 |
Source: RegSvcs.exe, 00000002.00000002.3774685263.00000000042C6000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: AMC password management pageVMware20,11696497155 |
Source: RegSvcs.exe, 00000002.00000002.3774685263.00000000042C6000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696497155 |
Source: RegSvcs.exe, 00000002.00000002.3774685263.00000000042C6000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Transaction PasswordVMware20,11696497155} |
Source: RegSvcs.exe, 00000002.00000002.3774685263.00000000042C6000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696497155^ |
Source: RegSvcs.exe, 00000002.00000002.3774685263.00000000042C6000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: account.microsoft.com/profileVMware20,11696497155u |
Source: RegSvcs.exe, 00000002.00000002.3774685263.00000000042C6000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: discord.comVMware20,11696497155f |
Source: RegSvcs.exe, 00000002.00000002.3774685263.00000000042C6000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: netportal.hdfcbank.comVMware20,11696497155 |
Source: RegSvcs.exe, 00000002.00000002.3774685263.00000000042C6000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696497155z |
Source: RegSvcs.exe, 00000002.00000002.3774685263.00000000042C6000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: outlook.office365.comVMware20,11696497155t |
Source: RegSvcs.exe, 00000002.00000002.3774685263.00000000042C6000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: outlook.office.comVMware20,11696497155s |
Source: RegSvcs.exe, 00000002.00000002.3774685263.00000000042C6000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: www.interactivebrokers.comVMware20,11696497155} |
Source: RegSvcs.exe, 00000002.00000002.3774685263.00000000042C6000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: www.interactivebrokers.co.inVMware20,11696497155~ |
Source: RegSvcs.exe, 00000002.00000002.3774685263.00000000042C6000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: microsoft.visualstudio.comVMware20,11696497155x |