Source: http://ddos.dnsnb8.net:799/cj//k3.rar | URL Reputation: Label: malware |
Source: http://ddos.dnsnb8.net:799/cj//k2.rar | URL Reputation: Label: malware |
Source: https://snuggleapplicationswo.fun/y | Avira URL Cloud: Label: malware |
Source: healthproline.pro | Avira URL Cloud: Label: malware |
Source: https://strainriskpropos.store/api | Avira URL Cloud: Label: malware |
Source: https://telephoneverdictyow.site/ | Avira URL Cloud: Label: malware |
Source: http://ddos.dnsnb8.net:799/cj//k1.rar | URL Reputation: Label: malware |
Source: telephoneverdictyow.site | Avira URL Cloud: Label: malware |
Source: https://strainriskpropos.store:443/api7 | Avira URL Cloud: Label: malware |
Source: https://strainriskpropos.store/apii9 | Avira URL Cloud: Label: malware |
Source: https://telephoneverdictyow.site/7 | Avira URL Cloud: Label: malware |
Source: https://telephoneverdictyow.site/8 | Avira URL Cloud: Label: malware |
Source: https://theoryapparatusjuko.fun/ | Avira URL Cloud: Label: malware |
Source: smallrabbitcrossing.site | Avira URL Cloud: Label: malware |
Source: http://ddos.dnsnb8.net:799/cj//k1.rarTq | Avira URL Cloud: Label: malware |
Source: https://theoryapparatusjuko.fun/api | Avira URL Cloud: Label: malware |
Source: http://ddos.dnsnb8.net:799/cj//k1.rarO | Avira URL Cloud: Label: malware |
Source: http://ddos.dnsnb8.net:799/cj//k1.rarDC: | Avira URL Cloud: Label: malware |
Source: http://ddos.dnsnb8.net:799/cj//k2.rarl | Avira URL Cloud: Label: malware |
Source: https://punchtelephoneverdi.store/ | Avira URL Cloud: Label: malware |
Source: https://strainriskpropos.store/ | Avira URL Cloud: Label: malware |
Source: http://ddos.dnsnb8.net:799/cj//k3.raroC: | Avira URL Cloud: Label: malware |
Source: https://strainriskpropos.store/apiG | Avira URL Cloud: Label: malware |
Source: theoryapparatusjuko.fun | Avira URL Cloud: Label: malware |
Source: https://smallrabbitcrossing.site/ | Avira URL Cloud: Label: malware |
Source: snuggleapplicationswo.fun | Avira URL Cloud: Label: malware |
Source: http://ddos.dnsnb8.net:799/cj//k3.rar4 | Avira URL Cloud: Label: phishing |
Source: http://ddos.dnsnb8.net:799/cj//k1.rarc | Avira URL Cloud: Label: phishing |
Source: https://smallrabbitcrossing.site/M | Avira URL Cloud: Label: malware |
Source: C:\Program Files\7-Zip\Uninstall.exe | Avira: detection malicious, Label: W32/Jadtre.B |
Source: C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Extras\MyProg.exe | Avira: detection malicious, Label: W32/Jadtre.B |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | Avira: detection malicious, Label: TR/Dldr.Small.Z.haljq |
Source: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe | Avira: detection malicious, Label: W32/Jadtre.B |
Source: Lisect_AVT_24003_G1A_70.exe.7464.0.memstrmin | Malware Configuration Extractor: LummaC {"C2 url": ["strainriskpropos.stor", "telephoneverdictyow.site", "punchtelephoneverdi.stor", "smallrabbitcrossing.site", "smallrabbitcrossing.site", "snuggleapplicationswo.fun", "theoryapparatusjuko.fun", "healthproline.pro", "strainriskpropos.stor", "telephoneverdictyow.site", "punchtelephoneverdi.stor", "smallrabbitcrossing.site", "smallrabbitcrossing.site", "snuggleapplicationswo.fun", "theoryapparatusjuko.fun", "healthproline.pro"], "Build id": "kPnM2L--LogsDillerCloud"} |
Source: ddos.dnsnb8.net | Virustotal: Detection: 12% | Perma Link |
Source: strainriskpropos.store | Virustotal: Detection: 21% | Perma Link |
Source: snuggleapplicationswo.fun | Virustotal: Detection: 21% | Perma Link |
Source: telephoneverdictyow.site | Virustotal: Detection: 21% | Perma Link |
Source: punchtelephoneverdi.store | Virustotal: Detection: 20% | Perma Link |
Source: smallrabbitcrossing.site | Virustotal: Detection: 21% | Perma Link |
Source: healthproline.pro | Virustotal: Detection: 10% | Perma Link |
Source: theoryapparatusjuko.fun | Virustotal: Detection: 20% | Perma Link |
Source: healthproline.pro | Virustotal: Detection: 10% | Perma Link |
Source: https://strainriskpropos.store/api | Virustotal: Detection: 18% | Perma Link |
Source: https://strainriskpropos.store:443/api7 | Virustotal: Detection: 7% | Perma Link |
Source: https://telephoneverdictyow.site/ | Virustotal: Detection: 19% | Perma Link |
Source: smallrabbitcrossing.site | Virustotal: Detection: 21% | Perma Link |
Source: telephoneverdictyow.site | Virustotal: Detection: 21% | Perma Link |
Source: https://theoryapparatusjuko.fun/ | Virustotal: Detection: 20% | Perma Link |
Source: https://theoryapparatusjuko.fun/api | Virustotal: Detection: 18% | Perma Link |
Source: http://ddos.dnsnb8.net:799/cj//k1.rarDC: | Virustotal: Detection: 9% | Perma Link |
Source: http://ddos.dnsnb8.net:799/cj//k2.rarl | Virustotal: Detection: 10% | Perma Link |
Source: https://strainriskpropos.store/apiG | Virustotal: Detection: 17% | Perma Link |
Source: http://ddos.dnsnb8.net:799/cj//k1.rarO | Virustotal: Detection: 12% | Perma Link |
Source: theoryapparatusjuko.fun | Virustotal: Detection: 20% | Perma Link |
Source: https://smallrabbitcrossing.site/ | Virustotal: Detection: 22% | Perma Link |
Source: https://strainriskpropos.store/ | Virustotal: Detection: 21% | Perma Link |
Source: http://ddos.dnsnb8.net:799/cj//k3.raroC: | Virustotal: Detection: 14% | Perma Link |
Source: http://ddos.dnsnb8.net:799/cj//k3.rar4 | Virustotal: Detection: 14% | Perma Link |
Source: https://punchtelephoneverdi.store/ | Virustotal: Detection: 20% | Perma Link |
Source: snuggleapplicationswo.fun | Virustotal: Detection: 21% | Perma Link |
Source: http://ddos.dnsnb8.net:799/cj//k1.rarc | Virustotal: Detection: 11% | Perma Link |
Source: 00000000.00000003.1326537394.00000000009F0000.00000004.00001000.00020000.00000000.sdmp | String decryptor: strainriskpropos.stor |
Source: 00000000.00000003.1326537394.00000000009F0000.00000004.00001000.00020000.00000000.sdmp | String decryptor: telephoneverdictyow.site |
Source: 00000000.00000003.1326537394.00000000009F0000.00000004.00001000.00020000.00000000.sdmp | String decryptor: punchtelephoneverdi.stor |
Source: 00000000.00000003.1326537394.00000000009F0000.00000004.00001000.00020000.00000000.sdmp | String decryptor: smallrabbitcrossing.site |
Source: 00000000.00000003.1326537394.00000000009F0000.00000004.00001000.00020000.00000000.sdmp | String decryptor: snuggleapplicationswo.fun |
Source: 00000000.00000003.1326537394.00000000009F0000.00000004.00001000.00020000.00000000.sdmp | String decryptor: theoryapparatusjuko.fun |
Source: 00000000.00000003.1326537394.00000000009F0000.00000004.00001000.00020000.00000000.sdmp | String decryptor: healthproline.pro |
Source: 00000000.00000003.1326537394.00000000009F0000.00000004.00001000.00020000.00000000.sdmp | String decryptor: lid=%s&j=%s&ver=4.0 |
Source: 00000000.00000003.1326537394.00000000009F0000.00000004.00001000.00020000.00000000.sdmp | String decryptor: TeslaBrowser/5.5 |
Source: 00000000.00000003.1326537394.00000000009F0000.00000004.00001000.00020000.00000000.sdmp | String decryptor: - Screen Resoluton: |
Source: 00000000.00000003.1326537394.00000000009F0000.00000004.00001000.00020000.00000000.sdmp | String decryptor: - Physical Installed Memory: |
Source: 00000000.00000003.1326537394.00000000009F0000.00000004.00001000.00020000.00000000.sdmp | String decryptor: Workgroup: - |
Source: 00000000.00000003.1326537394.00000000009F0000.00000004.00001000.00020000.00000000.sdmp | String decryptor: kPnM2L--LogsDillerCloud |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\ | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\UIThemes\ | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\ | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\ | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\ | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\ | Jump to behavior |
Source: Malware configuration extractor | URLs: strainriskpropos.stor |
Source: Malware configuration extractor | URLs: telephoneverdictyow.site |
Source: Malware configuration extractor | URLs: punchtelephoneverdi.stor |
Source: Malware configuration extractor | URLs: smallrabbitcrossing.site |
Source: Malware configuration extractor | URLs: smallrabbitcrossing.site |
Source: Malware configuration extractor | URLs: snuggleapplicationswo.fun |
Source: Malware configuration extractor | URLs: theoryapparatusjuko.fun |
Source: Malware configuration extractor | URLs: healthproline.pro |
Source: Malware configuration extractor | URLs: strainriskpropos.stor |
Source: Malware configuration extractor | URLs: telephoneverdictyow.site |
Source: Malware configuration extractor | URLs: punchtelephoneverdi.stor |
Source: Malware configuration extractor | URLs: smallrabbitcrossing.site |
Source: Malware configuration extractor | URLs: smallrabbitcrossing.site |
Source: Malware configuration extractor | URLs: snuggleapplicationswo.fun |
Source: Malware configuration extractor | URLs: theoryapparatusjuko.fun |
Source: Malware configuration extractor | URLs: healthproline.pro |
Source: oHOvZLBf.exe, 00000002.00000002.1539334035.0000000000DF3000.00000002.00000001.01000000.00000004.sdmp, oHOvZLBf.exe, 00000002.00000003.1289900252.00000000007F0000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://%s:%d/%s/%sZwQuerySystemInformationntdll.dllNtSystemDebugControlSeDebugPrivilege%s%.8x.bat:DE |
Source: oHOvZLBf.exe, 00000002.00000002.1538999460.0000000000C52000.00000004.00000020.00020000.00000000.sdmp, oHOvZLBf.exe, 00000002.00000003.1308206699.0000000000C6C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ddos.dnsnb8.net:799/cj//k1.rar |
Source: oHOvZLBf.exe, 00000002.00000003.1308206699.0000000000C6C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ddos.dnsnb8.net:799/cj//k1.rarDC: |
Source: oHOvZLBf.exe, 00000002.00000003.1308206699.0000000000C52000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ddos.dnsnb8.net:799/cj//k1.rarO |
Source: oHOvZLBf.exe, 00000002.00000002.1538999460.0000000000BCE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ddos.dnsnb8.net:799/cj//k1.rarTq |
Source: oHOvZLBf.exe, 00000002.00000003.1308206699.0000000000C52000.00000004.00000020.00020000.00000000.sdmp, oHOvZLBf.exe, 00000002.00000002.1538999460.0000000000C52000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ddos.dnsnb8.net:799/cj//k1.rarc |
Source: oHOvZLBf.exe, 00000002.00000002.1538999460.0000000000BF6000.00000004.00000020.00020000.00000000.sdmp, oHOvZLBf.exe, 00000002.00000002.1538999460.0000000000C52000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ddos.dnsnb8.net:799/cj//k2.rar |
Source: oHOvZLBf.exe, 00000002.00000002.1538999460.0000000000C52000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ddos.dnsnb8.net:799/cj//k2.rarl |
Source: oHOvZLBf.exe, 00000002.00000002.1539440567.000000000289A000.00000004.00000010.00020000.00000000.sdmp, oHOvZLBf.exe, 00000002.00000002.1538999460.0000000000C6C000.00000004.00000020.00020000.00000000.sdmp, oHOvZLBf.exe, 00000002.00000002.1538999460.0000000000C52000.00000004.00000020.00020000.00000000.sdmp, oHOvZLBf.exe, 00000002.00000002.1538999460.0000000000C7B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ddos.dnsnb8.net:799/cj//k3.rar |
Source: oHOvZLBf.exe, 00000002.00000002.1538999460.0000000000C52000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ddos.dnsnb8.net:799/cj//k3.rar4 |
Source: oHOvZLBf.exe, 00000002.00000002.1538999460.0000000000C6C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ddos.dnsnb8.net:799/cj//k3.raroC: |
Source: Amcache.hve.2.dr | String found in binary or memory: http://upx.sf.net |
Source: SciTE.exe.2.dr | String found in binary or memory: http://www.activestate.com |
Source: SciTE.exe.2.dr | String found in binary or memory: http://www.activestate.comHolger |
Source: SciTE.exe.2.dr | String found in binary or memory: http://www.baanboard.com |
Source: SciTE.exe.2.dr | String found in binary or memory: http://www.baanboard.comBrendon |
Source: SciTE.exe.2.dr | String found in binary or memory: http://www.develop.com |
Source: SciTE.exe.2.dr | String found in binary or memory: http://www.develop.comDeepak |
Source: SciTE.exe.2.dr | String found in binary or memory: http://www.lua.org |
Source: SciTE.exe.2.dr | String found in binary or memory: http://www.rftp.com |
Source: SciTE.exe.2.dr | String found in binary or memory: http://www.rftp.comJosiah |
Source: SciTE.exe.2.dr | String found in binary or memory: http://www.scintilla.org |
Source: SciTE.exe.2.dr | String found in binary or memory: http://www.scintilla.org/scite.rng |
Source: SciTE.exe.2.dr | String found in binary or memory: http://www.spaceblue.com |
Source: SciTE.exe.2.dr | String found in binary or memory: http://www.spaceblue.comMathias |
Source: oHOvZLBf.exe, 00000002.00000003.1308206699.0000000000C52000.00000004.00000020.00020000.00000000.sdmp, oHOvZLBf.exe, 00000002.00000002.1538999460.0000000000C52000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.comJq |
Source: Lisect_AVT_24003_G1A_70.exe, 00000000.00000003.1337936959.0000000001F12000.00000004.00000020.00020000.00000000.sdmp, Lisect_AVT_24003_G1A_70.exe, 00000000.00000002.1342700657.0000000001F15000.00000004.00000020.00020000.00000000.sdmp, Lisect_AVT_24003_G1A_70.exe, 00000000.00000003.1338255788.0000000001F14000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://punchtelephoneverdi.store/ |
Source: Lisect_AVT_24003_G1A_70.exe, 00000000.00000003.1337936959.0000000001F12000.00000004.00000020.00020000.00000000.sdmp, Lisect_AVT_24003_G1A_70.exe, 00000000.00000002.1342700657.0000000001F15000.00000004.00000020.00020000.00000000.sdmp, Lisect_AVT_24003_G1A_70.exe, 00000000.00000003.1338255788.0000000001F14000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://smallrabbitcrossing.site/ |
Source: Lisect_AVT_24003_G1A_70.exe, 00000000.00000003.1337936959.0000000001F12000.00000004.00000020.00020000.00000000.sdmp, Lisect_AVT_24003_G1A_70.exe, 00000000.00000002.1342700657.0000000001F15000.00000004.00000020.00020000.00000000.sdmp, Lisect_AVT_24003_G1A_70.exe, 00000000.00000003.1338255788.0000000001F14000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://smallrabbitcrossing.site/M |
Source: Lisect_AVT_24003_G1A_70.exe, 00000000.00000003.1337936959.0000000001F12000.00000004.00000020.00020000.00000000.sdmp, Lisect_AVT_24003_G1A_70.exe, 00000000.00000002.1342700657.0000000001F15000.00000004.00000020.00020000.00000000.sdmp, Lisect_AVT_24003_G1A_70.exe, 00000000.00000003.1338255788.0000000001F14000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://snuggleapplicationswo.fun/y |
Source: Lisect_AVT_24003_G1A_70.exe, 00000000.00000002.1342368005.0000000001EE3000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://strainriskpropos.store/ |
Source: Lisect_AVT_24003_G1A_70.exe, 00000000.00000003.1337504737.0000000001EFD000.00000004.00000020.00020000.00000000.sdmp, Lisect_AVT_24003_G1A_70.exe, 00000000.00000002.1342559578.0000000001EF9000.00000004.00000020.00020000.00000000.sdmp, Lisect_AVT_24003_G1A_70.exe, 00000000.00000003.1337936959.0000000001EF9000.00000004.00000020.00020000.00000000.sdmp, Lisect_AVT_24003_G1A_70.exe, 00000000.00000002.1342559578.0000000001EFD000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://strainriskpropos.store/api |
Source: Lisect_AVT_24003_G1A_70.exe, 00000000.00000003.1337936959.0000000001F12000.00000004.00000020.00020000.00000000.sdmp, Lisect_AVT_24003_G1A_70.exe, 00000000.00000002.1342700657.0000000001F15000.00000004.00000020.00020000.00000000.sdmp, Lisect_AVT_24003_G1A_70.exe, 00000000.00000003.1338255788.0000000001F14000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://strainriskpropos.store/apiG |
Source: Lisect_AVT_24003_G1A_70.exe, 00000000.00000003.1337504737.0000000001EFD000.00000004.00000020.00020000.00000000.sdmp, Lisect_AVT_24003_G1A_70.exe, 00000000.00000002.1342559578.0000000001EFD000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://strainriskpropos.store/apii9 |
Source: Lisect_AVT_24003_G1A_70.exe, 00000000.00000003.1337504737.0000000001EEB000.00000004.00000020.00020000.00000000.sdmp, Lisect_AVT_24003_G1A_70.exe, 00000000.00000002.1342368005.0000000001EF1000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://strainriskpropos.store:443/api7 |
Source: Lisect_AVT_24003_G1A_70.exe, 00000000.00000003.1337936959.0000000001F12000.00000004.00000020.00020000.00000000.sdmp, Lisect_AVT_24003_G1A_70.exe, 00000000.00000002.1342700657.0000000001F15000.00000004.00000020.00020000.00000000.sdmp, Lisect_AVT_24003_G1A_70.exe, 00000000.00000003.1338255788.0000000001F14000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://telephoneverdictyow.site/ |
Source: Lisect_AVT_24003_G1A_70.exe, 00000000.00000003.1337936959.0000000001F12000.00000004.00000020.00020000.00000000.sdmp, Lisect_AVT_24003_G1A_70.exe, 00000000.00000002.1342700657.0000000001F15000.00000004.00000020.00020000.00000000.sdmp, Lisect_AVT_24003_G1A_70.exe, 00000000.00000003.1338255788.0000000001F14000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://telephoneverdictyow.site/7 |
Source: Lisect_AVT_24003_G1A_70.exe, 00000000.00000003.1337936959.0000000001F12000.00000004.00000020.00020000.00000000.sdmp, Lisect_AVT_24003_G1A_70.exe, 00000000.00000002.1342700657.0000000001F15000.00000004.00000020.00020000.00000000.sdmp, Lisect_AVT_24003_G1A_70.exe, 00000000.00000003.1338255788.0000000001F14000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://telephoneverdictyow.site/8 |
Source: Lisect_AVT_24003_G1A_70.exe, 00000000.00000003.1337936959.0000000001F12000.00000004.00000020.00020000.00000000.sdmp, Lisect_AVT_24003_G1A_70.exe, 00000000.00000002.1342700657.0000000001F15000.00000004.00000020.00020000.00000000.sdmp, Lisect_AVT_24003_G1A_70.exe, 00000000.00000003.1338255788.0000000001F14000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://theoryapparatusjuko.fun/ |
Source: Lisect_AVT_24003_G1A_70.exe, 00000000.00000003.1337936959.0000000001F12000.00000004.00000020.00020000.00000000.sdmp, Lisect_AVT_24003_G1A_70.exe, 00000000.00000002.1342700657.0000000001F15000.00000004.00000020.00020000.00000000.sdmp, Lisect_AVT_24003_G1A_70.exe, 00000000.00000003.1338255788.0000000001F14000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://theoryapparatusjuko.fun/api |
Source: SciTE.exe.2.dr | String found in binary or memory: https://www.smartsharesystems.com/ |
Source: SciTE.exe.2.dr | String found in binary or memory: https://www.smartsharesystems.com/Morten |
Source: Lisect_AVT_24003_G1A_70.exe | Static PE information: section name: |
Source: Lisect_AVT_24003_G1A_70.exe | Static PE information: section name: |
Source: Lisect_AVT_24003_G1A_70.exe | Static PE information: section name: |
Source: Lisect_AVT_24003_G1A_70.exe | Static PE information: section name: |
Source: Lisect_AVT_24003_G1A_70.exe | Static PE information: section name: |
Source: Lisect_AVT_24003_G1A_70.exe | Static PE information: section name: ;Mu |
Source: MyProg.exe.2.dr | Static PE information: section name: Y|uR |
Source: C:\Users\user\Desktop\Lisect_AVT_24003_G1A_70.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Lisect_AVT_24003_G1A_70.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Lisect_AVT_24003_G1A_70.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Lisect_AVT_24003_G1A_70.exe | Section loaded: webio.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Lisect_AVT_24003_G1A_70.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Lisect_AVT_24003_G1A_70.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Lisect_AVT_24003_G1A_70.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Lisect_AVT_24003_G1A_70.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Lisect_AVT_24003_G1A_70.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Lisect_AVT_24003_G1A_70.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Lisect_AVT_24003_G1A_70.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Lisect_AVT_24003_G1A_70.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Lisect_AVT_24003_G1A_70.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Lisect_AVT_24003_G1A_70.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Lisect_AVT_24003_G1A_70.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Lisect_AVT_24003_G1A_70.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Lisect_AVT_24003_G1A_70.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | Section loaded: ntvdm64.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | Section loaded: textshaping.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | Section loaded: textinputframework.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | Section loaded: coreuicomponents.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | Section loaded: ntvdm64.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | Section loaded: ntvdm64.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | Section loaded: version.dll | Jump to behavior |
Source: Lisect_AVT_24003_G1A_70.exe | Static PE information: section name: |
Source: Lisect_AVT_24003_G1A_70.exe | Static PE information: section name: |
Source: Lisect_AVT_24003_G1A_70.exe | Static PE information: section name: |
Source: Lisect_AVT_24003_G1A_70.exe | Static PE information: section name: |
Source: Lisect_AVT_24003_G1A_70.exe | Static PE information: section name: |
Source: Lisect_AVT_24003_G1A_70.exe | Static PE information: section name: .imports |
Source: Lisect_AVT_24003_G1A_70.exe | Static PE information: section name: .themida |
Source: Lisect_AVT_24003_G1A_70.exe | Static PE information: section name: .boot |
Source: Lisect_AVT_24003_G1A_70.exe | Static PE information: section name: ;Mu |
Source: oHOvZLBf.exe.0.dr | Static PE information: section name: .aspack |
Source: oHOvZLBf.exe.0.dr | Static PE information: section name: .adata |
Source: SciTE.exe.2.dr | Static PE information: section name: u |
Source: Uninstall.exe.2.dr | Static PE information: section name: EpNuZ |
Source: MyProg.exe.2.dr | Static PE information: section name: PELIB |
Source: MyProg.exe.2.dr | Static PE information: section name: Y|uR |
Source: Lisect_AVT_24003_G1A_70.exe | Static PE information: section name: entropy: 7.961868081494972 |
Source: Lisect_AVT_24003_G1A_70.exe | Static PE information: section name: ;Mu entropy: 6.935039632025298 |
Source: oHOvZLBf.exe.0.dr | Static PE information: section name: .text entropy: 7.81169422100848 |
Source: SciTE.exe.2.dr | Static PE information: section name: u entropy: 6.933628777130411 |
Source: Uninstall.exe.2.dr | Static PE information: section name: EpNuZ entropy: 6.934522898773344 |
Source: MyProg.exe.2.dr | Static PE information: section name: Y|uR entropy: 6.934569393442332 |
Source: C:\Users\user\Desktop\Lisect_AVT_24003_G1A_70.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Lisect_AVT_24003_G1A_70.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Lisect_AVT_24003_G1A_70.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\ | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\UIThemes\ | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\ | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\ | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\ | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe | File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\ | Jump to behavior |
Source: Amcache.hve.2.dr | Binary or memory string: VMware |
Source: Amcache.hve.2.dr | Binary or memory string: VMware Virtual USB Mouse |
Source: Amcache.hve.2.dr | Binary or memory string: vmci.syshbin |
Source: Amcache.hve.2.dr | Binary or memory string: VMware, Inc. |
Source: Amcache.hve.2.dr | Binary or memory string: VMware20,1hbin@ |
Source: Amcache.hve.2.dr | Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
Source: Amcache.hve.2.dr | Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.2.dr | Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
Source: oHOvZLBf.exe, 00000002.00000003.1308206699.0000000000C43000.00000004.00000020.00020000.00000000.sdmp, oHOvZLBf.exe, 00000002.00000002.1538999460.0000000000C43000.00000004.00000020.00020000.00000000.sdmp, oHOvZLBf.exe, 00000002.00000002.1538999460.0000000000C6C000.00000004.00000020.00020000.00000000.sdmp, oHOvZLBf.exe, 00000002.00000003.1308206699.0000000000C6C000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW |
Source: Amcache.hve.2.dr | Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.2.dr | Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
Source: Amcache.hve.2.dr | Binary or memory string: c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.2.dr | Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Lisect_AVT_24003_G1A_70.exe, 00000000.00000002.1342368005.0000000001EE3000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: Amcache.hve.2.dr | Binary or memory string: vmci.sys |
Source: Amcache.hve.2.dr | Binary or memory string: vmci.syshbin` |
Source: Amcache.hve.2.dr | Binary or memory string: \driver\vmci,\driver\pci |
Source: Amcache.hve.2.dr | Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.2.dr | Binary or memory string: VMware20,1 |
Source: Amcache.hve.2.dr | Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.2.dr | Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.2.dr | Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: oHOvZLBf.exe, 00000002.00000002.1538999460.0000000000BF6000.00000004.00000020.00020000.00000000.sdmp, oHOvZLBf.exe, 00000002.00000003.1308206699.0000000000BF8000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAWG |
Source: Amcache.hve.2.dr | Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: Amcache.hve.2.dr | Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.2.dr | Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: Amcache.hve.2.dr | Binary or memory string: VMware PCI VMCI Bus Device |
Source: Amcache.hve.2.dr | Binary or memory string: VMware VMCI Bus Device |
Source: Amcache.hve.2.dr | Binary or memory string: VMware Virtual RAM |
Source: Amcache.hve.2.dr | Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: Amcache.hve.2.dr | Binary or memory string: VMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9d |
Source: Amcache.hve.2.dr | Binary or memory string: vmci.inf_amd64_68ed49469341f563 |
Source: C:\Users\user\Desktop\Lisect_AVT_24003_G1A_70.exe | Open window title or class name: regmonclass |
Source: C:\Users\user\Desktop\Lisect_AVT_24003_G1A_70.exe | Open window title or class name: process monitor - sysinternals: www.sysinternals.com |
Source: C:\Users\user\Desktop\Lisect_AVT_24003_G1A_70.exe | Open window title or class name: procmon_window_class |
Source: C:\Users\user\Desktop\Lisect_AVT_24003_G1A_70.exe | Open window title or class name: registry monitor - sysinternals: www.sysinternals.com |
Source: C:\Users\user\Desktop\Lisect_AVT_24003_G1A_70.exe | Open window title or class name: filemonclass |
Source: C:\Users\user\Desktop\Lisect_AVT_24003_G1A_70.exe | Open window title or class name: file monitor - sysinternals: www.sysinternals.com |
Source: Lisect_AVT_24003_G1A_70.exe, 00000000.00000003.1326537394.00000000009F0000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: strainriskpropos.stor |
Source: Lisect_AVT_24003_G1A_70.exe, 00000000.00000003.1326537394.00000000009F0000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: telephoneverdictyow.site |
Source: Lisect_AVT_24003_G1A_70.exe, 00000000.00000003.1326537394.00000000009F0000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: punchtelephoneverdi.stor |
Source: Lisect_AVT_24003_G1A_70.exe, 00000000.00000003.1326537394.00000000009F0000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: smallrabbitcrossing.site |
Source: Lisect_AVT_24003_G1A_70.exe, 00000000.00000003.1326537394.00000000009F0000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: snuggleapplicationswo.fun |
Source: Lisect_AVT_24003_G1A_70.exe, 00000000.00000003.1326537394.00000000009F0000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: theoryapparatusjuko.fun |
Source: Lisect_AVT_24003_G1A_70.exe, 00000000.00000003.1326537394.00000000009F0000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: healthproline.pro |