Source: LisectAVT_2403002A_19.exe, 00000003.00000002.4558492296.0000000003331000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: LisectAVT_2403002A_19.exe, 00000003.00000002.4558492296.0000000003331000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://DynDns.comDynDNS |
Source: LisectAVT_2403002A_19.exe, 00000003.00000002.4558492296.0000000003331000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://KMcLhe.com |
Source: LisectAVT_2403002A_19.exe, 00000003.00000002.4558492296.0000000003718000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://b6QQBzu4tg.com |
Source: LisectAVT_2403002A_19.exe, 00000003.00000002.4558492296.0000000003331000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://b6QQBzu4tg.comt- |
Source: LisectAVT_2403002A_19.exe, 00000000.00000002.2134202692.00000000025B1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: LisectAVT_2403002A_19.exe | String found in binary or memory: http://www.phapsoftware.hotgoo.net |
Source: LisectAVT_2403002A_19.exe | String found in binary or memory: http://www.phapsoftware.hotgoo.net)C |
Source: LisectAVT_2403002A_19.exe | String found in binary or memory: http://www.phapsoftware.hotgoo.net: |
Source: LisectAVT_2403002A_19.exe, 00000003.00000002.4558492296.0000000003331000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://api.ipify.org%4 |
Source: LisectAVT_2403002A_19.exe, 00000003.00000002.4558492296.0000000003331000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://api.ipify.org%GETMozilla/5.0 |
Source: LisectAVT_2403002A_19.exe, 00000000.00000002.2135032484.00000000035B1000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002A_19.exe, 00000003.00000002.4555380450.0000000000402000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip |
Source: LisectAVT_2403002A_19.exe, 00000003.00000002.4558492296.0000000003331000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown |
Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.unpack, type: UNPACKEDPE | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 3.2.LisectAVT_2403002A_19.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown |
Source: 3.2.LisectAVT_2403002A_19.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown |
Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack, type: UNPACKEDPE | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 00000003.00000002.4555380450.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown |
Source: 00000000.00000002.2135032484.00000000035B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown |
Source: 00000003.00000002.4558492296.0000000003331000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: Process Memory Space: LisectAVT_2403002A_19.exe PID: 3924, type: MEMORYSTR | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown |
Source: Process Memory Space: LisectAVT_2403002A_19.exe PID: 2708, type: MEMORYSTR | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown |
Source: Process Memory Space: LisectAVT_2403002A_19.exe PID: 2708, type: MEMORYSTR | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_0244E2E8 | 0_2_0244E2E8 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_0244C8F4 | 0_2_0244C8F4 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_0244196C | 0_2_0244196C |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_059C5650 | 0_2_059C5650 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_059C5DB8 | 0_2_059C5DB8 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_059C88C8 | 0_2_059C88C8 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_05B3C4F8 | 0_2_05B3C4F8 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_05B3D580 | 0_2_05B3D580 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_05B30006 | 0_2_05B30006 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_05B30040 | 0_2_05B30040 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_0706F700 | 0_2_0706F700 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_07062CBC | 0_2_07062CBC |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_07067870 | 0_2_07067870 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_070EA608 | 0_2_070EA608 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_070E92B6 | 0_2_070E92B6 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_070EB021 | 0_2_070EB021 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_070E9E60 | 0_2_070E9E60 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_070E2E88 | 0_2_070E2E88 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_070EE6CE | 0_2_070EE6CE |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_070EE4BA | 0_2_070EE4BA |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_070EE4C0 | 0_2_070EE4C0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_070EE228 | 0_2_070EE228 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_070EE222 | 0_2_070EE222 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_070EE012 | 0_2_070EE012 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_070EE020 | 0_2_070EE020 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_070ECE40 | 0_2_070ECE40 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_070E9E5E | 0_2_070E9E5E |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_070ECE50 | 0_2_070ECE50 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_070EDCA0 | 0_2_070EDCA0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_070ED981 | 0_2_070ED981 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_070ED990 | 0_2_070ED990 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_077C1D68 | 0_2_077C1D68 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_077C99C0 | 0_2_077C99C0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_077C884A | 0_2_077C884A |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_077C0FE0 | 0_2_077C0FE0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_077C0FDD | 0_2_077C0FDD |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_077C3270 | 0_2_077C3270 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_077C3240 | 0_2_077C3240 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_077C6AE8 | 0_2_077C6AE8 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_077C6EC8 | 0_2_077C6EC8 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_077C7132 | 0_2_077C7132 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_077C7104 | 0_2_077C7104 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_077C2C48 | 0_2_077C2C48 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_077C2C38 | 0_2_077C2C38 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_077C64D8 | 0_2_077C64D8 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_077C70D3 | 0_2_077C70D3 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_077C18A0 | 0_2_077C18A0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_077C1890 | 0_2_077C1890 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 3_2_016CA918 | 3_2_016CA918 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 3_2_016CD32D | 3_2_016CD32D |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 3_2_016C8338 | 3_2_016C8338 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 3_2_016CC338 | 3_2_016CC338 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 3_2_016C4EB0 | 3_2_016C4EB0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 3_2_016C7F60 | 3_2_016C7F60 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 3_2_016C3330 | 3_2_016C3330 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 3_2_0175E500 | 3_2_0175E500 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 3_2_017528C8 | 3_2_017528C8 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 3_2_01757E5E | 3_2_01757E5E |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 3_2_0175B2E0 | 3_2_0175B2E0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 3_2_01754055 | 3_2_01754055 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 3_2_017540A8 | 3_2_017540A8 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 3_2_01757710 | 3_2_01757710 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 3_2_018447B4 | 3_2_018447B4 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 3_2_01845D08 | 3_2_01845D08 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 3_2_018469F1 | 3_2_018469F1 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 3_2_01845CC3 | 3_2_01845CC3 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 3_2_01911548 | 3_2_01911548 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 3_2_01913420 | 3_2_01913420 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 3_2_01919140 | 3_2_01919140 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 3_2_0666C330 | 3_2_0666C330 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 3_2_06664018 | 3_2_06664018 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 3_2_066648E8 | 3_2_066648E8 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 3_2_06663CD0 | 3_2_06663CD0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 3_2_0666D090 | 3_2_0666D090 |
Source: LisectAVT_2403002A_19.exe, 00000000.00000002.2135032484.0000000003877000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameStoreElement.dllB vs LisectAVT_2403002A_19.exe |
Source: LisectAVT_2403002A_19.exe, 00000000.00000000.2095078039.000000000031C000.00000002.00000001.01000000.00000003.sdmp | Binary or memory string: OriginalFilenameTransform.exe> vs LisectAVT_2403002A_19.exe |
Source: LisectAVT_2403002A_19.exe, 00000000.00000002.2133894157.000000000087E000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameclr.dllT vs LisectAVT_2403002A_19.exe |
Source: LisectAVT_2403002A_19.exe, 00000000.00000002.2139898296.0000000007980000.00000004.08000000.00040000.00000000.sdmp | Binary or memory string: OriginalFilenameStoreElement.dllB vs LisectAVT_2403002A_19.exe |
Source: LisectAVT_2403002A_19.exe, 00000000.00000002.2134202692.00000000025B1000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameConfigNodeType.dll> vs LisectAVT_2403002A_19.exe |
Source: LisectAVT_2403002A_19.exe, 00000000.00000002.2134202692.00000000025B1000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilenamemelMAmtZMwaCsjWTKCJLFbgvBrBIVp.exe4 vs LisectAVT_2403002A_19.exe |
Source: LisectAVT_2403002A_19.exe, 00000000.00000002.2135032484.00000000035B1000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilenamemelMAmtZMwaCsjWTKCJLFbgvBrBIVp.exe4 vs LisectAVT_2403002A_19.exe |
Source: LisectAVT_2403002A_19.exe, 00000000.00000002.2139548814.00000000070C0000.00000004.08000000.00040000.00000000.sdmp | Binary or memory string: OriginalFilenameConfigNodeType.dll> vs LisectAVT_2403002A_19.exe |
Source: LisectAVT_2403002A_19.exe, 00000003.00000002.4555380450.0000000000402000.00000040.00000400.00020000.00000000.sdmp | Binary or memory string: OriginalFilenamemelMAmtZMwaCsjWTKCJLFbgvBrBIVp.exe4 vs LisectAVT_2403002A_19.exe |
Source: LisectAVT_2403002A_19.exe, 00000003.00000002.4555594381.0000000001337000.00000004.00000010.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameUNKNOWN_FILET vs LisectAVT_2403002A_19.exe |
Source: LisectAVT_2403002A_19.exe | Binary or memory string: OriginalFilenameTransform.exe> vs LisectAVT_2403002A_19.exe |
Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 3.2.LisectAVT_2403002A_19.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: 3.2.LisectAVT_2403002A_19.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 00000003.00000002.4555380450.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: 00000000.00000002.2135032484.00000000035B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: 00000003.00000002.4558492296.0000000003331000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: Process Memory Space: LisectAVT_2403002A_19.exe PID: 3924, type: MEMORYSTR | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: Process Memory Space: LisectAVT_2403002A_19.exe PID: 2708, type: MEMORYSTR | Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20 |
Source: Process Memory Space: LisectAVT_2403002A_19.exe PID: 2708, type: MEMORYSTR | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: LisectAVT_2403002A_19.exe, cH059DXZwiwMSJ2G47.cs | Cryptographic APIs: 'CreateDecryptor' |
Source: LisectAVT_2403002A_19.exe, cH059DXZwiwMSJ2G47.cs | Cryptographic APIs: 'CreateDecryptor' |
Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack, B.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack, B.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack, B.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack, B.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack, B.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack, B.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack, B.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack, B.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack, B.cs | Cryptographic APIs: 'CreateDecryptor', 'TransformBlock' |
Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack, B.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack, B.cs | Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack, B.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack, B.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: dwrite.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: windowscodecs.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: textshaping.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: wbemcomn.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: sxs.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: scrrun.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: dpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: vaultcli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: dhcpcsvc6.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_0244196C pushfd ; iretd | 0_2_0244189A |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_059CB7BA push ss; retf | 0_2_059CB7C6 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_059CB7F7 push ss; retf | 0_2_059CB7C6 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_059CB3DA push ss; retf | 0_2_059CB3E6 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_059CBC48 push ss; retf | 0_2_059CBC56 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_059CAFA2 push ss; retf | 0_2_059CAFAE |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_059C3E5F push ss; retf | 0_2_059C3E6E |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_05B361B2 push esp; ret | 0_2_05B361B9 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_05B333BF push cs; retf | 0_2_05B333CE |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_05B33978 push cs; retf | 0_2_05B33986 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_05B35B48 push esp; retf | 0_2_05B35B57 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_05B53DB9 push cs; retf | 0_2_05B53DBB |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_05B4FDA7 push 0C8D8BFFh; iretd | 0_2_05B4FDAC |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_05B4EDAD push cs; retf | 0_2_05B4EDAE |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_05B53D8D push cs; retf | 0_2_05B53D8E |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_05B525FE push cs; retf | 0_2_05B525FF |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_05B4EDE4 push cs; retf | 0_2_05B4EDE5 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_05B4FDE5 push cs; retf | 0_2_05B4FDE7 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_05B53D3E push ss; retf | 0_2_05B53D40 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_05B53538 push cs; retf | 0_2_05B5353A |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_05B5452D push cs; retf | 0_2_05B5452F |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_05B5052C push ss; retf | 0_2_05B5052D |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_05B5351B push cs; retf | 0_2_05B5351D |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_05B54D01 push cs; retf | 0_2_05B54D02 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_05B5650C push cs; retf | 0_2_05B5650D |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_05B50575 push cs; retf | 0_2_05B50576 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_05B4FD56 push cs; retf | 0_2_05B4FD58 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_05B53D56 push ss; retf | 0_2_05B53D57 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_05B5454A push cs; retf | 0_2_05B5454C |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_05B55CBD push cs; retf | 0_2_05B55CBF |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Code function: 0_2_05B51CBB push cs; retf | 0_2_05B51CBC |
Source: LisectAVT_2403002A_19.exe, cH059DXZwiwMSJ2G47.cs | High entropy of concatenated method names: 'K6vBdJtEV9CtgiF4530', 'K43VbotkfxV3XGKTbI2', 'vA9qhjtrhDfhrGAGNQu', 'WuwJyZtC1yqYHqUdBJ4', 'xq44yGOdCs', 'EW59yAtLmGT2wOOw1yN', 'uDdCeAt1LxmphtCFHEf', 'uBoCq5tKrPeyXBcT0ST', 'd2Lk9XtmmG3ibUrqPNF', 'uvk6dDtOgEDxmtOQENJ' |
Source: LisectAVT_2403002A_19.exe, mbgRn93H9fOEwNi84F.cs | High entropy of concatenated method names: 'gpavuIes11', 'U7lvv7DE81', 'AlLvbEqqnF', 'q9RvJVabDm', 'RUdvdbmNa9', 'Vn9vDqVgXt', 'sVavSlFFFN', 'mfNvcM1Kev', 'EMKvsfn7hL', 'n2tv90WckO' |
Source: LisectAVT_2403002A_19.exe, B0GaMFGWZVBKutsWoi.cs | High entropy of concatenated method names: 'Y9M9nHSAgP', 'xCt9Yd93Hv', 'huh9HTvT4i', 'Pkm9lvRg9D', 'KIx92dUS3y', 'YUn9alya5E', 'Iea9L9MdKh', 'Oq5975mm0u', 'nCD9AeotIa', 'jVR9UfdQwE' |
Source: LisectAVT_2403002A_19.exe, MySettings.cs | High entropy of concatenated method names: 'AutoSaveSettings', 'PDspSdbGhXBl10f8eY', 'AwnGEFaOVq0AkHQfSj', 'sLpmOY2GZ73XIvN2MA', 'BSiQ1MQ7G7XGStQjTT', 'eJGd23BT1FU0NQutVJ', 'kXDDTIXfIy8gxsTheG', 'MByA9v887YvTBi88Os', 'QPO2JKWB2xgwsiRDDj', 'HM56sMVwPXTyLqKrKO' |
Source: LisectAVT_2403002A_19.exe, kYSGbrwSsqJeCXa50u.cs | High entropy of concatenated method names: 'yf4rbAM77', 'yW19v2yW1kyNTtI0of', 'qUuQrCd0BfbOCPuxgh', 'UsoLoB4JTp9mY53r8y', 'VaVkJ7mvBPnr9mTUYV', 'oF5bbMOFAISsIyHf8N', 'KkQSWrj9nvSnt5UHqm', 'Q6r6RvA3bTLEMVMBAH', 'rTyiif6lW5QnQaucP9' |
Source: LisectAVT_2403002A_19.exe, EnybaQYZHUfl0AY4Kv.cs | High entropy of concatenated method names: 'j0T9Zvjh2Z', 'QvB9m0ES8W', 'lH69X6Yix6', 'FolderExists', 'Vpg9VO8sPD', 'k99oHQ79wrylD9ywf3j', 'FB0WGK7RTqU5YvSZkn8', 'b4w8WY7GS9gJV7lrPoX', 'EkGqDA7lMB6yQPyVobi', 'UhMg0V7w5S5RqlcfOLD' |
Source: LisectAVT_2403002A_19.exe, Iwar6LTVyLJIYNFeKq.cs | High entropy of concatenated method names: 'eL1tej6pr', 'fwspAepvF', 'rmgzThSAa', 'mSjMNrJgQMa2rphhJy', 'nBJTWUIASttG8EpEJI', 'bXa0Bpq1igHJaxqtV7', 'm9e93nD2bFQMK7jDX6', 'qkiWGesOhosyoEWLEC', 'oUW6UyMcnU6tIicRkG', 'EqvJVrzdvkjRhZdkIf' |
Source: LisectAVT_2403002A_19.exe, kkvskdfeYkTCGH4QCu.cs | High entropy of concatenated method names: 'Dispose', 'WKb9uQT9Vb', 'knh9vMZOq7', 'MCd9bAwiqf', 'qkJ9JeZUgM', 'Fs1p3whAl2aAmiZ1nFd', 'ni6hJRh6oyorB6koGtN', 'sPHh6Jh2JWifSRRO1Zu', 'kDsPWIh4XbqxHn9bLCe', 'QfJjPBhjAQCpvGGub9J' |
Source: LisectAVT_2403002A_19.exe, diRugZnHpoqLNbmiVS.cs | High entropy of concatenated method names: 'uhXv6vMe8', 'OnCreateMainForm', 'crui29wf2R4wViCnQg', 'XoN2PrSJ2ptNOnXNtm', 'p61SJkTHwiDhooM9x9', 'RZFAhdgGTg4eqsRl9H', 'nldMgJHh78E71nWILm', 'Y8VhyvYEFadPh1NiEA', 'VBUWY5hOb20oKxnpc8', 'Vap7rqeCGNPD9VwiuV' |
Source: LisectAVT_2403002A_19.exe, NCnVCRCOcqiIrEJ2Pu.cs | High entropy of concatenated method names: 'Ho4hJYjReZ', 'XIIhDvpdRA', 'Equals', 'GetHashCode', 'u0chSCE64S', 'ToString', 'jSPGx87qHNGxeNr0bRB', 'hsBSf27Da93MQqJcApx', 'cHoEsg7vbNj9qB2rsCU', 'q9lfZ973o6DKKycg7hC' |
Source: LisectAVT_2403002A_19.exe, epnHaRKKxYFXWgnn30.cs | High entropy of concatenated method names: 'uxorhQaaj2S0j', 'cWVlx3cLBAC11E66TTw', 'TwHSvkc1tSnA3Ux0k0m', 'zxg0aicKmlkDakParkg', 'ytuRQpcpdEsx1WQBBFy', 'BGQOICcip7jN2oYhu5r', 'kWp4o2cmJ8YS0qv1fUN', 'K28E3scOK1PkS8yBc3h', 'c2Qkqbcyk8q5p2UxBDX', 'ydcG86cdEZ6S2hL708E' |
Source: LisectAVT_2403002A_19.exe, mM8S6l48iXbmSiYJgF.cs | High entropy of concatenated method names: 'bnS91NwTwQ', 'okE9wFLDU2', 'nBV9CtJvOk', 'e6M9r8DjQn', 'Pr79MlhNYn', 'A73ERP5iYp7bOlIKnAf', 'r26RP05LColFKafXCNQ', 'UIlr3251LytAd9CXBlb', 'SNgxYP5kCqhk1AVwHU9', 'w5LvtQ5puZmi7lUet0c' |
Source: LisectAVT_2403002A_19.exe, dddyjkdWYYf4iuTMYB.cs | High entropy of concatenated method names: 'WM1vgwflps', 'nsevPVyR9F', 'gyyvefoJ5v', 'joxvR74bBR', 'zWPvqNs3dI', 'g1rv5lh995', 'phEvN7dYyC', 'gGMvKr6xKV', 'FCJvfHHtow', 'C3Nv0jDerh' |
Source: LisectAVT_2403002A_19.exe, OOBG4wMoWIMqqZ8j4I.cs | High entropy of concatenated method names: 'Dispose', 'r8599q7Gpf', 'afReff5GGx', 'Drde0kA1yy', 'orA9hD0HDm', 'jXu944alXg', 'kIX9Ff9qEo', 'O3fuuNeCRe9SoYu4Xd8', 'IxTCnNeEdFBeJilE7Jj', 'apQWIwekOPgqfiFs1a2' |
Source: LisectAVT_2403002A_19.exe, hhPE52P5kOn4XIqs61.cs | High entropy of concatenated method names: 'eL49PwmL4U', 'nUv9eJrsr6', 'KXj9RVlmr7', 'a8k9qk0jd9', 'Its95EqrHY', 'hj6CQ2ftqdG7DWwdM6X', 'CpH5sTfrSlcvCVhbeck', 'RKwB3rfCy5Qm23Pa2CK', 'sMLInkf7mmIH3HBk76P', 'UF9DbafcPoobT4SidWl' |
Source: LisectAVT_2403002A_19.exe, jXoxD01lmspGfxigSN.cs | High entropy of concatenated method names: 'zjMK5baIf', 'fQj0AMJfs', 'dBvLupEuBZMksOmtHB', 'VGk2BSkI8TLYIcaENj', 'dqWHTmrKvZSVV8WHgF', 'RewEALCGk25BUxg8HA', 'fbKEAvp48RvKEnuMYH', 'x4eEoeipORC09bVMxD', 'Rro7YOLr0GDgTeYjkB', 'Aj71He1UXOoG44HYF6' |
Source: LisectAVT_2403002A_19.exe, i1mSeP8ShkOZGmKpbT.cs | High entropy of concatenated method names: 'LDA9NfaBm8', 'FO89KUEfEa', 'xA29fmILCR', 'RKj90bwgF0', 'qa79oLyEWL', 'wGM9Q0gXh3', 'O5Q9ECJc2Y', 'emx9IGk2rv', 'eBp9yfkd9D', 'Ac5eSI55BrD4JMp0a1o' |
Source: LisectAVT_2403002A_19.exe, VJYh0y0os2gJpvgGSw.cs | High entropy of concatenated method names: 'uhM9BOFA2d', 't5N9TrnjmT', 'sij9WETnjQ', 'CXZ9iRIlFV', 'F2Y98S7rph', 'UVwAWynLuYnEv8B09lO', 'NkUYYEn111lsEsbG5ji', 'LVwSocnKiWhw8Nj8Neo', 'BP57RHnmm2ahfLss318', 'puA8JInOuW8tyADTde9' |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: LisectAVT_2403002A_19.exe | Binary or memory string: WvlkX0nHXu9RNOwHGFS |
Source: LisectAVT_2403002A_19.exe, 00000000.00000002.2134202692.00000000025B1000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: vmware |
Source: LisectAVT_2403002A_19.exe, 00000000.00000002.2134202692.00000000025B1000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: LisectAVT_2403002A_19.exe, 00000000.00000002.2134202692.00000000025B1000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools |
Source: LisectAVT_2403002A_19.exe, 00000000.00000002.2134202692.00000000025B1000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMWARE |
Source: LisectAVT_2403002A_19.exe, 00000000.00000002.2134202692.00000000025B1000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: LisectAVT_2403002A_19.exe, 00000000.00000002.2134202692.00000000025B1000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum |
Source: LisectAVT_2403002A_19.exe, 00000000.00000002.2134202692.00000000025B1000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMware SVGA II |
Source: LisectAVT_2403002A_19.exe, 00000000.00000002.2134202692.00000000025B1000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 |
Source: LisectAVT_2403002A_19.exe, 00000000.00000002.2133894157.00000000008B5000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_19.exe, 00000003.00000002.4556026872.0000000001648000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Queries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Queries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | Jump to behavior |