Source: 0.2.LisectAVT_2403002A_35.exe.3944642.5.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 0.2.LisectAVT_2403002A_35.exe.3944642.5.unpack, type: UNPACKEDPE |
Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen |
Source: 0.2.LisectAVT_2403002A_35.exe.3a30972.3.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 0.2.LisectAVT_2403002A_35.exe.3a30972.3.unpack, type: UNPACKEDPE |
Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen |
Source: 0.2.LisectAVT_2403002A_35.exe.39ba7f2.4.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 0.2.LisectAVT_2403002A_35.exe.39ba7f2.4.unpack, type: UNPACKEDPE |
Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen |
Source: 6.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 6.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen |
Source: 0.2.LisectAVT_2403002A_35.exe.3a6ba30.2.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 0.2.LisectAVT_2403002A_35.exe.3a6ba30.2.unpack, type: UNPACKEDPE |
Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen |
Source: 0.2.LisectAVT_2403002A_35.exe.397f722.1.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 0.2.LisectAVT_2403002A_35.exe.397f722.1.unpack, type: UNPACKEDPE |
Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen |
Source: 0.2.LisectAVT_2403002A_35.exe.39ba7f2.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 0.2.LisectAVT_2403002A_35.exe.39ba7f2.4.raw.unpack, type: UNPACKEDPE |
Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen |
Source: 0.2.LisectAVT_2403002A_35.exe.397f722.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 0.2.LisectAVT_2403002A_35.exe.397f722.1.raw.unpack, type: UNPACKEDPE |
Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen |
Source: 0.2.LisectAVT_2403002A_35.exe.3944642.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 0.2.LisectAVT_2403002A_35.exe.3944642.5.raw.unpack, type: UNPACKEDPE |
Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen |
Source: 0.2.LisectAVT_2403002A_35.exe.3a6ba30.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 0.2.LisectAVT_2403002A_35.exe.3a6ba30.2.raw.unpack, type: UNPACKEDPE |
Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen |
Source: 0.2.LisectAVT_2403002A_35.exe.3a30972.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 0.2.LisectAVT_2403002A_35.exe.3a30972.3.raw.unpack, type: UNPACKEDPE |
Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen |
Source: Process Memory Space: LisectAVT_2403002A_35.exe PID: 7756, type: MEMORYSTR |
Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_00E67978 |
0_2_00E67978 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_00E69CD8 |
0_2_00E69CD8 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_0277A248 |
0_2_0277A248 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_02774AFB |
0_2_02774AFB |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_02774048 |
0_2_02774048 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_027728E0 |
0_2_027728E0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_02773210 |
0_2_02773210 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_02773200 |
0_2_02773200 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_02778378 |
0_2_02778378 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_02772B78 |
0_2_02772B78 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_02777BB9 |
0_2_02777BB9 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_0277E390 |
0_2_0277E390 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_02772B80 |
0_2_02772B80 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_02773878 |
0_2_02773878 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_02773869 |
0_2_02773869 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_02770040 |
0_2_02770040 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_02774038 |
0_2_02774038 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_02770007 |
0_2_02770007 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_02776800 |
0_2_02776800 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_027728D0 |
0_2_027728D0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_027779C0 |
0_2_027779C0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_027779B1 |
0_2_027779B1 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_0277EE10 |
0_2_0277EE10 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_027767F0 |
0_2_027767F0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_02776798 |
0_2_02776798 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_05A410AC |
0_2_05A410AC |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_05A4ADFC |
0_2_05A4ADFC |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_05A4CD20 |
0_2_05A4CD20 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_05A4CD10 |
0_2_05A4CD10 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_05CD22B8 |
0_2_05CD22B8 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_05CDD1FB |
0_2_05CDD1FB |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_05CDD200 |
0_2_05CDD200 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_05CE2488 |
0_2_05CE2488 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_05CE2483 |
0_2_05CE2483 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_05CEC3B0 |
0_2_05CEC3B0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_072F1C68 |
0_2_072F1C68 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_0730AF69 |
0_2_0730AF69 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_0730B938 |
0_2_0730B938 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_07308C31 |
0_2_07308C31 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_0730A840 |
0_2_0730A840 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_0730C848 |
0_2_0730C848 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_0730EFB3 |
0_2_0730EFB3 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_0730EB90 |
0_2_0730EB90 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_0730EB80 |
0_2_0730EB80 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_0730D6F0 |
0_2_0730D6F0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_0730D6E0 |
0_2_0730D6E0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_0730E2E8 |
0_2_0730E2E8 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_0730E2D8 |
0_2_0730E2D8 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_0730E958 |
0_2_0730E958 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_0730E95C |
0_2_0730E95C |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_0730B180 |
0_2_0730B180 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_0730E5DB |
0_2_0730E5DB |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_07309C00 |
0_2_07309C00 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_07300007 |
0_2_07300007 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_0730C80D |
0_2_0730C80D |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_0730A80F |
0_2_0730A80F |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_07300040 |
0_2_07300040 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_0730CC88 |
0_2_0730CC88 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_072F1C4F |
0_2_072F1C4F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_054D9400 |
6_2_054D9400 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_054DD060 |
6_2_054DD060 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_054D3E40 |
6_2_054D3E40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_054D9BB0 |
6_2_054D9BB0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_054D4A58 |
6_2_054D4A58 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_054D4188 |
6_2_054D4188 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_064156D8 |
6_2_064156D8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_06413F40 |
6_2_06413F40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_0641DC20 |
6_2_0641DC20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_0641BCF0 |
6_2_0641BCF0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_06412AF0 |
6_2_06412AF0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_06418B80 |
6_2_06418B80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_06410040 |
6_2_06410040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_06414FF8 |
6_2_06414FF8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 6_2_06413240 |
6_2_06413240 |
Source: 0.2.LisectAVT_2403002A_35.exe.3944642.5.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 0.2.LisectAVT_2403002A_35.exe.3944642.5.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload |
Source: 0.2.LisectAVT_2403002A_35.exe.3a30972.3.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 0.2.LisectAVT_2403002A_35.exe.3a30972.3.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload |
Source: 0.2.LisectAVT_2403002A_35.exe.39ba7f2.4.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 0.2.LisectAVT_2403002A_35.exe.39ba7f2.4.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload |
Source: 6.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 6.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload |
Source: 0.2.LisectAVT_2403002A_35.exe.3a6ba30.2.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 0.2.LisectAVT_2403002A_35.exe.3a6ba30.2.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload |
Source: 0.2.LisectAVT_2403002A_35.exe.397f722.1.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 0.2.LisectAVT_2403002A_35.exe.397f722.1.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload |
Source: 0.2.LisectAVT_2403002A_35.exe.39ba7f2.4.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 0.2.LisectAVT_2403002A_35.exe.39ba7f2.4.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload |
Source: 0.2.LisectAVT_2403002A_35.exe.397f722.1.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 0.2.LisectAVT_2403002A_35.exe.397f722.1.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload |
Source: 0.2.LisectAVT_2403002A_35.exe.3944642.5.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 0.2.LisectAVT_2403002A_35.exe.3944642.5.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload |
Source: 0.2.LisectAVT_2403002A_35.exe.3a6ba30.2.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 0.2.LisectAVT_2403002A_35.exe.3a6ba30.2.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload |
Source: 0.2.LisectAVT_2403002A_35.exe.3a30972.3.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 0.2.LisectAVT_2403002A_35.exe.3a30972.3.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload |
Source: Process Memory Space: LisectAVT_2403002A_35.exe PID: 7756, type: MEMORYSTR |
Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Section loaded: dwrite.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: aclayers.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sfc.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sfc_os.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: vaultcli.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: rasapi32.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: rasman.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: rtutils.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: LisectAVT_2403002A_35.exe, Zi62.cs |
.Net Code: NewLateBinding.LateCall(frmkolix, (Type)null, "InvokeAsync", obj, (string[])null, (Type[])null, array2 = new bool[4] { false, false, true, true }, true) |
Source: LisectAVT_2403002A_35.exe, Zi62.cs |
.Net Code: NewLateBinding.LateCall(frmkolix, (Type)null, "InvokeAsync", obj, (string[])null, (Type[])null, array2 = new bool[4] { false, false, true, true }, true) |
Source: LisectAVT_2403002A_35.exe, Zi62.cs |
.Net Code: NewLateBinding.LateCall(frmkolix, (Type)null, "InvokeAsync", obj, (string[])null, (Type[])null, array2 = new bool[4] { false, false, true, true }, true) |
Source: LisectAVT_2403002A_35.exe, Zi62.cs |
.Net Code: NewLateBinding.LateCall(frmkolix, (Type)null, "InvokeAsync", obj, (string[])null, (Type[])null, array2 = new bool[4] { false, false, true, true }, true) |
Source: LisectAVT_2403002A_35.exe, Zi62.cs |
.Net Code: NewLateBinding.LateCall(frmkolix, (Type)null, "InvokeAsync", obj, (string[])null, (Type[])null, array2 = new bool[4] { false, false, true, true }, true) |
Source: LisectAVT_2403002A_35.exe, Zi62.cs |
.Net Code: NewLateBinding.LateCall(frmkolix, (Type)null, "InvokeAsync", obj, (string[])null, (Type[])null, array2 = new bool[4] { false, false, true, true }, true) |
Source: LisectAVT_2403002A_35.exe, Zi62.cs |
.Net Code: NewLateBinding.LateCall(frmkolix, (Type)null, "InvokeAsync", obj, (string[])null, (Type[])null, array2 = new bool[4] { false, false, true, true }, true) |
Source: LisectAVT_2403002A_35.exe, Zi62.cs |
.Net Code: NewLateBinding.LateCall(frmkolix, (Type)null, "InvokeAsync", obj, (string[])null, (Type[])null, array2 = new bool[4] { false, false, true, true }, true) |
Source: LisectAVT_2403002A_35.exe, Zi62.cs |
.Net Code: NewLateBinding.LateCall(frmkolix, (Type)null, "InvokeAsync", obj, (string[])null, (Type[])null, array2 = new bool[4] { false, false, true, true }, true) |
Source: LisectAVT_2403002A_35.exe, Zi62.cs |
.Net Code: NewLateBinding.LateCall(frmkolix, (Type)null, "InvokeAsync", obj, (string[])null, (Type[])null, array2 = new bool[4] { false, false, true, true }, true) |
Source: LisectAVT_2403002A_35.exe, Zi62.cs |
.Net Code: NewLateBinding.LateCall(frmkolix, (Type)null, "InvokeAsync", obj, (string[])null, (Type[])null, array2 = new bool[4] { false, false, true, true }, true) |
Source: LisectAVT_2403002A_35.exe, Zi62.cs |
.Net Code: NewLateBinding.LateCall(frmkolix, (Type)null, "InvokeAsync", obj, (string[])null, (Type[])null, array2 = new bool[4] { false, false, true, true }, true) |
Source: LisectAVT_2403002A_35.exe, Zi62.cs |
.Net Code: NewLateBinding.LateCall(frmkolix, (Type)null, "InvokeAsync", obj, (string[])null, (Type[])null, array2 = new bool[4] { false, false, true, true }, true) |
Source: LisectAVT_2403002A_35.exe, Zi62.cs |
.Net Code: NewLateBinding.LateCall(frmkolix, (Type)null, "InvokeAsync", obj, (string[])null, (Type[])null, array2 = new bool[4] { false, false, true, true }, true) |
Source: LisectAVT_2403002A_35.exe, Zi62.cs |
.Net Code: NewLateBinding.LateCall(frmkolix, (Type)null, "InvokeAsync", obj, (string[])null, (Type[])null, array2 = new bool[4] { false, false, true, true }, true) |
Source: LisectAVT_2403002A_35.exe, Zi62.cs |
.Net Code: NewLateBinding.LateCall(frmkolix, (Type)null, "InvokeAsync", obj, (string[])null, (Type[])null, array2 = new bool[4] { false, false, true, true }, true) |
Source: LisectAVT_2403002A_35.exe, Zi62.cs |
.Net Code: NewLateBinding.LateCall(frmkolix, (Type)null, "InvokeAsync", obj, (string[])null, (Type[])null, array2 = new bool[4] { false, false, true, true }, true) |
Source: LisectAVT_2403002A_35.exe, Zi62.cs |
.Net Code: NewLateBinding.LateCall(frmkolix, (Type)null, "InvokeAsync", obj, (string[])null, (Type[])null, array2 = new bool[4] { false, false, true, true }, true) |
Source: LisectAVT_2403002A_35.exe, Zi62.cs |
.Net Code: NewLateBinding.LateCall(frmkolix, (Type)null, "InvokeAsync", obj, (string[])null, (Type[])null, array2 = new bool[4] { false, false, true, true }, true) |
Source: LisectAVT_2403002A_35.exe, Zi62.cs |
.Net Code: NewLateBinding.LateCall(frmkolix, (Type)null, "InvokeAsync", obj, (string[])null, (Type[])null, array2 = new bool[4] { false, false, true, true }, true) |
Source: LisectAVT_2403002A_35.exe, Zi62.cs |
.Net Code: NewLateBinding.LateCall(frmkolix, (Type)null, "InvokeAsync", obj, (string[])null, (Type[])null, array2 = new bool[4] { false, false, true, true }, true) |
Source: LisectAVT_2403002A_35.exe, Zi62.cs |
.Net Code: NewLateBinding.LateCall(frmkolix, (Type)null, "InvokeAsync", obj, (string[])null, (Type[])null, array2 = new bool[4] { false, false, true, true }, true) |
Source: LisectAVT_2403002A_35.exe, Zi62.cs |
.Net Code: NewLateBinding.LateCall(frmkolix, (Type)null, "InvokeAsync", obj, (string[])null, (Type[])null, array2 = new bool[4] { false, false, true, true }, true) |
Source: LisectAVT_2403002A_35.exe, Zi62.cs |
.Net Code: NewLateBinding.LateCall(frmkolix, (Type)null, "InvokeAsync", obj, (string[])null, (Type[])null, array2 = new bool[4] { false, false, true, true }, true) |
Source: LisectAVT_2403002A_35.exe, Zi62.cs |
.Net Code: NewLateBinding.LateCall(frmkolix, (Type)null, "InvokeAsync", obj, (string[])null, (Type[])null, array2 = new bool[4] { false, false, true, true }, true) |
Source: LisectAVT_2403002A_35.exe, Zi62.cs |
.Net Code: NewLateBinding.LateCall(frmkolix, (Type)null, "InvokeAsync", obj, (string[])null, (Type[])null, array2 = new bool[4] { false, false, true, true }, true) |
Source: LisectAVT_2403002A_35.exe, Zi62.cs |
.Net Code: NewLateBinding.LateCall(frmkolix, (Type)null, "InvokeAsync", obj, (string[])null, (Type[])null, array2 = new bool[4] { false, false, true, true }, true) |
Source: LisectAVT_2403002A_35.exe, Zi62.cs |
.Net Code: NewLateBinding.LateCall(frmkolix, (Type)null, "InvokeAsync", obj, (string[])null, (Type[])null, array2 = new bool[4] { false, false, true, true }, true) |
Source: LisectAVT_2403002A_35.exe, Zi62.cs |
.Net Code: NewLateBinding.LateCall(frmkolix, (Type)null, "InvokeAsync", obj, (string[])null, (Type[])null, array2 = new bool[4] { false, false, true, true }, true) |
Source: LisectAVT_2403002A_35.exe, Zi62.cs |
.Net Code: NewLateBinding.LateCall(frmkolix, (Type)null, "InvokeAsync", obj, (string[])null, (Type[])null, array2 = new bool[4] { false, false, true, true }, true) |
Source: LisectAVT_2403002A_35.exe, Zi62.cs |
.Net Code: NewLateBinding.LateCall(frmkolix, (Type)null, "InvokeAsync", obj, (string[])null, (Type[])null, array2 = new bool[4] { false, false, true, true }, true) |
Source: LisectAVT_2403002A_35.exe, Eg0b.cs |
.Net Code: NewLateBinding.LateCall(obj, (Type)null, "invoke", new object[2]{null,new object[0]}, (string[])null, (Type[])null, (bool[])null, true) |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_00E6D99F push 5D0C50FFh; ret |
0_2_00E6D99C |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_02777414 push edi; retf |
0_2_02777415 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_05A37798 push eax; retf |
0_2_05A37799 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_05CD88CB push eax; iretd |
0_2_05CD8919 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_05CEE5EB pushfd ; retf |
0_2_05CEE5F2 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_05CE140B push es; retf |
0_2_05CE1412 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_05CE1407 push es; retf |
0_2_05CE140A |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_05CE979B push edi; retf |
0_2_05CE97A2 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_05CE9799 push edi; retf |
0_2_05CE979A |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_05CEA773 pushad ; retf |
0_2_05CEA77A |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_05CEA771 pushad ; retf |
0_2_05CEA772 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_05CE9718 push edi; retf |
0_2_05CE971A |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_05CE96E9 push esi; retf |
0_2_05CE96EA |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_05CE96B3 push esi; retf |
0_2_05CE96BA |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_05CE96B0 push esi; retf |
0_2_05CE96B2 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_05CE9621 push esi; retf |
0_2_05CE9622 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_05CEE1DB pushfd ; retf |
0_2_05CEE392 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_05CE91E9 push edx; retf |
0_2_05CE91EA |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_05CE9123 push ecx; retf |
0_2_05CE912A |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_05CEE39B pushfd ; retf |
0_2_05CEE5EA |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_05CE1351 push es; retf |
0_2_05CE1352 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_05CE2364 push eax; retf |
0_2_05CE3911 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_05CE1373 push es; retf |
0_2_05CE137A |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_05CE1370 push es; retf |
0_2_05CE1372 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_05CE8DBF push eax; retf |
0_2_05CE8E12 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_05CE8F23 push eax; retf |
0_2_05CE8F2A |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_05CE8F20 push eax; retf |
0_2_05CE8F22 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_05CE8EF0 push eax; retf |
0_2_05CE8EF2 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_05CEA913 pushad ; retf |
0_2_05CEA91A |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_05CE9809 push edi; retf |
0_2_05CE980A |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Code function: 0_2_05CEE813 push 9805CB9Dh; iretd |
0_2_05CEE81D |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_35.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: Yara match |
File source: dump.pcap, type: PCAP |
Source: Yara match |
File source: 0.2.LisectAVT_2403002A_35.exe.3944642.5.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.LisectAVT_2403002A_35.exe.3a30972.3.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.LisectAVT_2403002A_35.exe.39ba7f2.4.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 6.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.LisectAVT_2403002A_35.exe.3a6ba30.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.LisectAVT_2403002A_35.exe.397f722.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.LisectAVT_2403002A_35.exe.39ba7f2.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.LisectAVT_2403002A_35.exe.397f722.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.LisectAVT_2403002A_35.exe.3944642.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.LisectAVT_2403002A_35.exe.3a6ba30.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.LisectAVT_2403002A_35.exe.3a30972.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000006.00000002.2660172800.000000000309E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000006.00000002.2657339981.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000006.00000002.2660172800.0000000003051000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.2119612704.0000000003909000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.2119612704.0000000003A30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: LisectAVT_2403002A_35.exe PID: 7756, type: MEMORYSTR |
Source: Yara match |
File source: Process Memory Space: RegAsm.exe PID: 756, type: MEMORYSTR |
Source: Yara match |
File source: dump.pcap, type: PCAP |
Source: Yara match |
File source: 0.2.LisectAVT_2403002A_35.exe.3944642.5.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.LisectAVT_2403002A_35.exe.3a30972.3.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.LisectAVT_2403002A_35.exe.39ba7f2.4.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 6.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.LisectAVT_2403002A_35.exe.3a6ba30.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.LisectAVT_2403002A_35.exe.397f722.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.LisectAVT_2403002A_35.exe.39ba7f2.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.LisectAVT_2403002A_35.exe.397f722.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.LisectAVT_2403002A_35.exe.3944642.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.LisectAVT_2403002A_35.exe.3a6ba30.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.LisectAVT_2403002A_35.exe.3a30972.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000006.00000002.2660172800.000000000309E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000006.00000002.2657339981.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000006.00000002.2660172800.0000000003051000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.2119612704.0000000003909000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.2119612704.0000000003A30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: LisectAVT_2403002A_35.exe PID: 7756, type: MEMORYSTR |
Source: Yara match |
File source: Process Memory Space: RegAsm.exe PID: 756, type: MEMORYSTR |