Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_0010DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose, |
0_2_0010DBBE |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_000DC2A2 FindFirstFileExW, |
0_2_000DC2A2 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_001168EE FindFirstFileW,FindClose, |
0_2_001168EE |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_0011698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime, |
0_2_0011698F |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_0010D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
0_2_0010D076 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_0010D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
0_2_0010D3A9 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_00119642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_00119642 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_0011979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_0011979D |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_00119B2B FindFirstFileW,Sleep,FindNextFileW,FindClose, |
0_2_00119B2B |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_00115C97 FindFirstFileW,FindNextFileW,FindClose, |
0_2_00115C97 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_0030DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose, |
9_2_0030DBBE |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_002DC2A2 FindFirstFileExW, |
9_2_002DC2A2 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_003168EE FindFirstFileW,FindClose, |
9_2_003168EE |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_0031698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime, |
9_2_0031698F |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_0030D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
9_2_0030D076 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_0030D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
9_2_0030D3A9 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_00319642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
9_2_00319642 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_0031979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
9_2_0031979D |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_00319B2B FindFirstFileW,Sleep,FindNextFileW,FindClose, |
9_2_00319B2B |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_00315C97 FindFirstFileW,FindNextFileW,FindClose, |
9_2_00315C97 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_00409253 __EH_prolog,__CxxThrowException@8,FindFirstFileW,FindNextFileW,FindClose,FindClose, |
10_2_00409253 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_0041C291 FindFirstFileW,FindNextFileW,RemoveDirectoryW,SetFileAttributesW,DeleteFileW,GetLastError,FindClose,RemoveDirectoryW,FindClose, |
10_2_0041C291 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_0040C34D FindFirstFileW,PathFileExistsW,FindNextFileW,FindClose,FindClose, |
10_2_0040C34D |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_00409665 __EH_prolog,FindFirstFileW,FindNextFileW,FindClose,FindClose, |
10_2_00409665 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_0044E879 FindFirstFileExA, |
10_2_0044E879 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_0040880C __EH_prolog,FindFirstFileW,__CxxThrowException@8,FindNextFileW,FindClose, |
10_2_0040880C |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_0040783C FindFirstFileW,FindNextFileW, |
10_2_0040783C |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_00419AF5 FindFirstFileW,FindNextFileW,FindNextFileW, |
10_2_00419AF5 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_0040BB30 FindFirstFileA,FindClose,DeleteFileA,GetLastError,DeleteFileA,GetLastError,FindNextFileA,FindClose, |
10_2_0040BB30 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_0040BD37 FindFirstFileA,FindClose,DeleteFileA,GetLastError,FindNextFileA,FindClose,FindClose, |
10_2_0040BD37 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_100010F1 lstrlenW,lstrlenW,lstrcatW,lstrlenW,lstrlenW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, |
10_2_100010F1 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_10006580 FindFirstFileExA, |
10_2_10006580 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_002DC2A2 FindFirstFileExW, |
11_2_002DC2A2 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_003168EE FindFirstFileW,FindClose, |
11_2_003168EE |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_0031698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime, |
11_2_0031698F |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_0030D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
11_2_0030D076 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_0030D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
11_2_0030D3A9 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_00319642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
11_2_00319642 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_0031979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
11_2_0031979D |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_00319B2B FindFirstFileW,Sleep,FindNextFileW,FindClose, |
11_2_00319B2B |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_0030DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose, |
11_2_0030DBBE |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_00315C97 FindFirstFileW,FindNextFileW,FindClose, |
11_2_00315C97 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_0040AE51 FindFirstFileW,FindNextFileW, |
11_2_0040AE51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 107.175.229.139 |
Source: unnervously.exe, 0000000A.00000003.2748718391.0000000000F79000.00000004.00000020.00020000.00000000.sdmp, unnervously.exe, 0000000A.00000003.2745450049.0000000000F79000.00000004.00000020.00020000.00000000.sdmp, unnervously.exe, 0000000A.00000003.2749423959.0000000000F79000.00000004.00000020.00020000.00000000.sdmp, unnervously.exe, 0000000A.00000002.3770114936.00000000010EE000.00000004.00000020.00020000.00000000.sdmp, unnervously.exe, 0000000A.00000003.2746780049.0000000000F79000.00000004.00000020.00020000.00000000.sdmp, unnervously.exe, 0000000A.00000003.2745236773.0000000000F79000.00000004.00000020.00020000.00000000.sdmp, unnervously.exe, 0000000A.00000003.2748522331.0000000000F79000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://geoplugin.net/ |
Source: unnervously.exe, 0000000A.00000002.3770114936.000000000108F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://geoplugin.net/json.gp |
Source: unnervously.exe, 0000000A.00000002.3768379154.0000000000F28000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://geoplugin.net/json.gp#0lV |
Source: unnervously.exe, 00000009.00000002.2703381537.0000000003560000.00000004.00001000.00020000.00000000.sdmp, unnervously.exe, 0000000A.00000002.3770517218.00000000032C0000.00000004.00001000.00020000.00000000.sdmp, unnervously.exe, 0000000A.00000002.3766719987.0000000000400000.00000040.00001000.00020000.00000000.sdmp, unnervously.exe, 0000000F.00000002.2849527453.0000000003AE0000.00000004.00001000.00020000.00000000.sdmp, unnervously.exe, 0000000F.00000002.2848851973.0000000000400000.00000040.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://geoplugin.net/json.gp/C |
Source: unnervously.exe, 0000000A.00000002.3770114936.00000000010BA000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://geoplugin.net/json.gpL |
Source: unnervously.exe, 0000000A.00000003.2745236773.0000000000F6B000.00000004.00000020.00020000.00000000.sdmp, unnervously.exe, 0000000A.00000003.2745450049.0000000000F6B000.00000004.00000020.00020000.00000000.sdmp, unnervously.exe, 0000000A.00000003.2749423959.0000000000F6B000.00000004.00000020.00020000.00000000.sdmp, unnervously.exe, 0000000A.00000002.3768379154.0000000000F6B000.00000004.00000020.00020000.00000000.sdmp, unnervously.exe, 0000000A.00000003.2748522331.0000000000F6B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://geoplugin.net/json.gpSystem32 |
Source: unnervously.exe, 0000000A.00000002.3771869384.0000000004AB0000.00000040.10000000.00040000.00000000.sdmp, unnervously.exe, 0000000D.00000002.2768944403.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: http://www.ebuddy.com |
Source: unnervously.exe, 0000000A.00000002.3771869384.0000000004AB0000.00000040.10000000.00040000.00000000.sdmp, unnervously.exe, 0000000D.00000002.2769382612.000000000153D000.00000004.00000020.00020000.00000000.sdmp, unnervously.exe, 0000000D.00000002.2768944403.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: http://www.imvu.com |
Source: unnervously.exe, 0000000D.00000002.2769382612.000000000153D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.imvu.coma |
Source: unnervously.exe, 0000000A.00000002.3771869384.0000000004AB0000.00000040.10000000.00040000.00000000.sdmp, unnervously.exe, 0000000D.00000002.2768944403.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com |
Source: unnervously.exe, 0000000A.00000002.3771869384.0000000004AB0000.00000040.10000000.00040000.00000000.sdmp, unnervously.exe, 0000000D.00000002.2768944403.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: http://www.imvu.comr |
Source: unnervously.exe, 0000000B.00000002.2777627610.0000000000BEF000.00000004.00000010.00020000.00000000.sdmp |
String found in binary or memory: http://www.nirsoft.net |
Source: unnervously.exe, 0000000D.00000002.2768944403.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: http://www.nirsoft.net/ |
Source: unnervously.exe, 0000000B.00000003.2763169956.0000000002884000.00000004.00000020.00020000.00000000.sdmp, unnervously.exe, 0000000B.00000003.2762943053.0000000002881000.00000004.00000020.00020000.00000000.sdmp, unnervously.exe, 0000000B.00000003.2775508960.00000000010BD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com: |
Source: unnervously.exe, 0000000B.00000003.2763169956.0000000002884000.00000004.00000020.00020000.00000000.sdmp, unnervously.exe, 0000000B.00000003.2762943053.0000000002881000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033 |
Source: unnervously.exe, 0000000B.00000003.2763169956.0000000002884000.00000004.00000020.00020000.00000000.sdmp, unnervously.exe, 0000000B.00000003.2762943053.0000000002881000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live |
Source: unnervously.exe, 0000000B.00000003.2775442282.000000000287C000.00000004.00000020.00020000.00000000.sdmp, unnervously.exe, 0000000B.00000003.2775383892.000000000287C000.00000004.00000020.00020000.00000000.sdmp, unnervously.exe, 0000000B.00000003.2775996310.000000000287C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/oauth20_logout.srfclient_i__q |
Source: unnervously.exe |
String found in binary or memory: https://login.yahoo.com/config/login |
Source: unnervously.exe, 0000000A.00000002.3771869384.0000000004AB0000.00000040.10000000.00040000.00000000.sdmp, unnervously.exe, 0000000D.00000002.2768944403.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: https://www.google.com |
Source: unnervously.exe |
String found in binary or memory: https://www.google.com/accounts/servicelogin |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_00139576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW, |
0_2_00139576 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_00339576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW, |
9_2_00339576 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_00339576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW, |
11_2_00339576 |
Source: 10.2.unnervously.exe.32c0000.2.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 10.2.unnervously.exe.32c0000.2.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 10.2.unnervously.exe.32c0000.2.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 10.2.unnervously.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 10.2.unnervously.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 10.2.unnervously.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 10.2.unnervously.exe.400000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 10.2.unnervously.exe.400000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 10.2.unnervously.exe.400000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 9.2.unnervously.exe.3560000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 9.2.unnervously.exe.3560000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 9.2.unnervously.exe.3560000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 15.2.unnervously.exe.400000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 15.2.unnervously.exe.400000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 15.2.unnervously.exe.400000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 10.2.unnervously.exe.32c0000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 10.2.unnervously.exe.32c0000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 10.2.unnervously.exe.32c0000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 15.2.unnervously.exe.3ae0000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 15.2.unnervously.exe.3ae0000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 15.2.unnervously.exe.3ae0000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 9.2.unnervously.exe.3560000.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 9.2.unnervously.exe.3560000.1.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 9.2.unnervously.exe.3560000.1.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 15.2.unnervously.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 15.2.unnervously.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 15.2.unnervously.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 15.2.unnervously.exe.3ae0000.2.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 15.2.unnervously.exe.3ae0000.2.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 15.2.unnervously.exe.3ae0000.2.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 0000000F.00000002.2849527453.0000000003AE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 0000000F.00000002.2849527453.0000000003AE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 0000000F.00000002.2849527453.0000000003AE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 0000000A.00000002.3770517218.00000000032C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 0000000A.00000002.3770517218.00000000032C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 0000000A.00000002.3770517218.00000000032C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 0000000A.00000002.3766719987.0000000000400000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 0000000A.00000002.3766719987.0000000000400000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 0000000A.00000002.3766719987.0000000000400000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 0000000F.00000002.2848851973.0000000000400000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 0000000F.00000002.2848851973.0000000000400000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 0000000F.00000002.2848851973.0000000000400000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 00000009.00000002.2703381537.0000000003560000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 00000009.00000002.2703381537.0000000003560000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 00000009.00000002.2703381537.0000000003560000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: Process Memory Space: unnervously.exe PID: 7272, type: MEMORYSTR |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: Process Memory Space: unnervously.exe PID: 7432, type: MEMORYSTR |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: Process Memory Space: unnervously.exe PID: 4712, type: MEMORYSTR |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: LisectAVT_2403002A_101.exe |
String found in binary or memory: This is a third-party compiled AutoIt script. |
|
Source: LisectAVT_2403002A_101.exe, 00000000.00000003.2659342224.0000000003881000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: This is a third-party compiled AutoIt script. |
memstr_9f91cf56-a |
Source: LisectAVT_2403002A_101.exe, 00000000.00000003.2659342224.0000000003881000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer |
memstr_69d6448c-7 |
Source: LisectAVT_2403002A_101.exe, 00000000.00000000.1306003099.0000000000162000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: This is a third-party compiled AutoIt script. |
memstr_f44c028a-e |
Source: LisectAVT_2403002A_101.exe, 00000000.00000000.1306003099.0000000000162000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer |
memstr_b0b96847-0 |
Source: unnervously.exe |
String found in binary or memory: This is a third-party compiled AutoIt script. |
|
Source: unnervously.exe, 00000009.00000000.2671586663.0000000000362000.00000002.00000001.01000000.00000005.sdmp |
String found in binary or memory: This is a third-party compiled AutoIt script. |
memstr_da948699-6 |
Source: unnervously.exe, 00000009.00000000.2671586663.0000000000362000.00000002.00000001.01000000.00000005.sdmp |
String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer |
memstr_963b5010-5 |
Source: unnervously.exe, 0000000A.00000002.3766241558.0000000000362000.00000002.00000001.01000000.00000005.sdmp |
String found in binary or memory: This is a third-party compiled AutoIt script. |
memstr_59a8609a-a |
Source: unnervously.exe, 0000000A.00000002.3766241558.0000000000362000.00000002.00000001.01000000.00000005.sdmp |
String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer |
memstr_f8b3c3a4-4 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: This is a third-party compiled AutoIt script. |
11_2_002A2A32 |
Source: unnervously.exe |
String found in binary or memory: This is a third-party compiled AutoIt script. |
|
Source: unnervously.exe, 0000000B.00000002.2776632635.0000000000362000.00000002.00000001.01000000.00000005.sdmp |
String found in binary or memory: This is a third-party compiled AutoIt script. |
memstr_906caa72-9 |
Source: unnervously.exe, 0000000B.00000002.2776632635.0000000000362000.00000002.00000001.01000000.00000005.sdmp |
String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer |
memstr_baa75ad0-b |
Source: unnervously.exe, 0000000C.00000000.2761199777.0000000000362000.00000002.00000001.01000000.00000005.sdmp |
String found in binary or memory: This is a third-party compiled AutoIt script. |
memstr_df6847e8-1 |
Source: unnervously.exe, 0000000C.00000000.2761199777.0000000000362000.00000002.00000001.01000000.00000005.sdmp |
String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer |
memstr_a41e0f83-5 |
Source: unnervously.exe, 0000000D.00000000.2766871036.0000000000362000.00000002.00000001.01000000.00000005.sdmp |
String found in binary or memory: This is a third-party compiled AutoIt script. |
memstr_4af46346-f |
Source: unnervously.exe, 0000000D.00000000.2766871036.0000000000362000.00000002.00000001.01000000.00000005.sdmp |
String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer |
memstr_bbea4a01-2 |
Source: unnervously.exe, 0000000F.00000002.2848724306.0000000000362000.00000002.00000001.01000000.00000005.sdmp |
String found in binary or memory: This is a third-party compiled AutoIt script. |
memstr_9809d32c-7 |
Source: unnervously.exe, 0000000F.00000002.2848724306.0000000000362000.00000002.00000001.01000000.00000005.sdmp |
String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer |
memstr_aeeb6e9e-b |
Source: LisectAVT_2403002A_101.exe |
String found in binary or memory: This is a third-party compiled AutoIt script. |
memstr_dab532ca-1 |
Source: LisectAVT_2403002A_101.exe |
String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer |
memstr_44ff335c-5 |
Source: unnervously.exe.0.dr |
String found in binary or memory: This is a third-party compiled AutoIt script. |
memstr_0c5a28cd-d |
Source: unnervously.exe.0.dr |
String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer |
memstr_cc3ba537-c |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_004180EF GetProcAddress,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,CreateProcessW,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,NtCreateSection,NtUnmapViewOfSection,NtMapViewOfSection,VirtualFree,NtClose,TerminateProcess,GetModuleHandleA,GetProcAddress,GetCurrentProcess,NtMapViewOfSection,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,VirtualFree,GetCurrentProcess,NtUnmapViewOfSection,NtClose,TerminateProcess,GetLastError, |
10_2_004180EF |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_004132D2 OpenProcess,NtQueryInformationProcess,GetCurrentProcess,DuplicateHandle,GetFinalPathNameByHandleW,CloseHandle,CreateFileMappingW,MapViewOfFile,GetFileSize,UnmapViewOfFile,CloseHandle,CloseHandle,CloseHandle, |
10_2_004132D2 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_0041D58F NtdllDefWindowProc_A,GetCursorPos,SetForegroundWindow,TrackPopupMenu,IsWindowVisible,ShowWindow,ShowWindow,SetForegroundWindow,Shell_NotifyIcon,ExitProcess,CreatePopupMenu,AppendMenuA, |
10_2_0041D58F |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_0041BB09 OpenProcess,NtSuspendProcess,CloseHandle, |
10_2_0041BB09 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_0041BB35 OpenProcess,NtResumeProcess,CloseHandle, |
10_2_0041BB35 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_0040DD85 memset,CreateFileW,NtQuerySystemInformation,FindCloseChangeNotification,GetCurrentProcessId,_wcsicmp,_wcsicmp,_wcsicmp,OpenProcess,GetCurrentProcess,DuplicateHandle,memset,CloseHandle,_wcsicmp,CloseHandle, |
11_2_0040DD85 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_00401806 NtdllDefWindowProc_W, |
11_2_00401806 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_004018C0 NtdllDefWindowProc_W, |
11_2_004018C0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_00112046 |
0_2_00112046 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_000A8060 |
0_2_000A8060 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_00108298 |
0_2_00108298 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_000DE4FF |
0_2_000DE4FF |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_000D676B |
0_2_000D676B |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_00134873 |
0_2_00134873 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_000CCAA0 |
0_2_000CCAA0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_000ACAF0 |
0_2_000ACAF0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_000BCC39 |
0_2_000BCC39 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_000D6DD9 |
0_2_000D6DD9 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_000BB119 |
0_2_000BB119 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_000A91C0 |
0_2_000A91C0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_000C1394 |
0_2_000C1394 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_000C1706 |
0_2_000C1706 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_000C781B |
0_2_000C781B |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_000A7920 |
0_2_000A7920 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_000B997D |
0_2_000B997D |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_000C19B0 |
0_2_000C19B0 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_000C7A4A |
0_2_000C7A4A |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_000C1C77 |
0_2_000C1C77 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_000C7CA7 |
0_2_000C7CA7 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_0012BE44 |
0_2_0012BE44 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_000D9EEE |
0_2_000D9EEE |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_000C1F32 |
0_2_000C1F32 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_00E437A0 |
0_2_00E437A0 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_002A8060 |
9_2_002A8060 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_00312046 |
9_2_00312046 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_00308298 |
9_2_00308298 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_002DE4FF |
9_2_002DE4FF |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_002D676B |
9_2_002D676B |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_00334873 |
9_2_00334873 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_002CCAA0 |
9_2_002CCAA0 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_002ACAF0 |
9_2_002ACAF0 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_002BCC39 |
9_2_002BCC39 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_002D6DD9 |
9_2_002D6DD9 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_002BD064 |
9_2_002BD064 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_002BB119 |
9_2_002BB119 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_002A91C0 |
9_2_002A91C0 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_002C1394 |
9_2_002C1394 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_002C1706 |
9_2_002C1706 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_002C781B |
9_2_002C781B |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_002A7920 |
9_2_002A7920 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_002B997D |
9_2_002B997D |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_002C19B0 |
9_2_002C19B0 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_002C7A4A |
9_2_002C7A4A |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_002C1C77 |
9_2_002C1C77 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_002C7CA7 |
9_2_002C7CA7 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_0032BE44 |
9_2_0032BE44 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_002D9EEE |
9_2_002D9EEE |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_002C1F32 |
9_2_002C1F32 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_002ABF40 |
9_2_002ABF40 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_030337A0 |
9_2_030337A0 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_0043E0CC |
10_2_0043E0CC |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_0041F0FA |
10_2_0041F0FA |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_00454159 |
10_2_00454159 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_00438168 |
10_2_00438168 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_004461F0 |
10_2_004461F0 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_0043E2FB |
10_2_0043E2FB |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_0045332B |
10_2_0045332B |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_0042739D |
10_2_0042739D |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_004374E6 |
10_2_004374E6 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_0043E558 |
10_2_0043E558 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_00438770 |
10_2_00438770 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_004378FE |
10_2_004378FE |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_00433946 |
10_2_00433946 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_0044D9C9 |
10_2_0044D9C9 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_00427A46 |
10_2_00427A46 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_0041DB62 |
10_2_0041DB62 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_00427BAF |
10_2_00427BAF |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_00437D33 |
10_2_00437D33 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_00435E5E |
10_2_00435E5E |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_00426E0E |
10_2_00426E0E |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_0043DE9D |
10_2_0043DE9D |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_00413FCA |
10_2_00413FCA |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_00436FEA |
10_2_00436FEA |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_10017194 |
10_2_10017194 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_1000B5C1 |
10_2_1000B5C1 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_00EF37A0 |
10_2_00EF37A0 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_002A8060 |
11_2_002A8060 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_00312046 |
11_2_00312046 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_00308298 |
11_2_00308298 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_002DE4FF |
11_2_002DE4FF |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_002D676B |
11_2_002D676B |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_00334873 |
11_2_00334873 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_002CCAA0 |
11_2_002CCAA0 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_002ACAF0 |
11_2_002ACAF0 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_002BCC39 |
11_2_002BCC39 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_002D6DD9 |
11_2_002D6DD9 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_002BAFAC |
11_2_002BAFAC |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_002BD064 |
11_2_002BD064 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_002A91C0 |
11_2_002A91C0 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_002C1394 |
11_2_002C1394 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_002C1706 |
11_2_002C1706 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_002C781B |
11_2_002C781B |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_002A7920 |
11_2_002A7920 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_002B997D |
11_2_002B997D |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_002C19B0 |
11_2_002C19B0 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_002C7A4A |
11_2_002C7A4A |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_002C1C77 |
11_2_002C1C77 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_002C7CA7 |
11_2_002C7CA7 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_0032BE44 |
11_2_0032BE44 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_002D9EEE |
11_2_002D9EEE |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_002C1F32 |
11_2_002C1F32 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_002ABF40 |
11_2_002ABF40 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_0043610D |
11_2_0043610D |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_0044A490 |
11_2_0044A490 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_0043C560 |
11_2_0043C560 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_0044081D |
11_2_0044081D |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_00414957 |
11_2_00414957 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_0044AA80 |
11_2_0044AA80 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_00412AA9 |
11_2_00412AA9 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_00404B74 |
11_2_00404B74 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_00404B03 |
11_2_00404B03 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_00404BE5 |
11_2_00404BE5 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_00404C76 |
11_2_00404C76 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_00416D72 |
11_2_00416D72 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_00446D30 |
11_2_00446D30 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_00446D8B |
11_2_00446D8B |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_00406E8F |
11_2_00406E8F |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_0044B040 |
11_2_0044B040 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_00447310 |
11_2_00447310 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_0040755A |
11_2_0040755A |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_0044B610 |
11_2_0044B610 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_0044D6C0 |
11_2_0044D6C0 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_004476F0 |
11_2_004476F0 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_0044B870 |
11_2_0044B870 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_004079EE |
11_2_004079EE |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_00407AEB |
11_2_00407AEB |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_0044BBD8 |
11_2_0044BBD8 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_00415CFE |
11_2_00415CFE |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: String function: 000A9CB3 appears 31 times |
|
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: String function: 000BF9F2 appears 40 times |
|
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: String function: 000C4963 appears 31 times |
|
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: String function: 000C0A30 appears 46 times |
|
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: String function: 00434E10 appears 54 times |
|
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: String function: 00402093 appears 50 times |
|
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: String function: 00434770 appears 41 times |
|
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: String function: 002E1F50 appears 53 times |
|
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: String function: 004169A7 appears 87 times |
|
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: String function: 0044DB70 appears 41 times |
|
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: String function: 004165FF appears 35 times |
|
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: String function: 002A988F appears 33 times |
|
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: String function: 002A600E appears 34 times |
|
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: String function: 002C0A30 appears 92 times |
|
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: String function: 002C4963 appears 64 times |
|
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: String function: 002D2FA6 appears 48 times |
|
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: String function: 002BF9F2 appears 81 times |
|
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: String function: 00401E65 appears 34 times |
|
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: String function: 002C4A28 appears 42 times |
|
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: String function: 002C8E0B appears 36 times |
|
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: String function: 002A9CB3 appears 62 times |
|
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: String function: 00416760 appears 69 times |
|
Source: 10.2.unnervously.exe.32c0000.2.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: 10.2.unnervously.exe.32c0000.2.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 10.2.unnervously.exe.32c0000.2.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 10.2.unnervously.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: 10.2.unnervously.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 10.2.unnervously.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 10.2.unnervously.exe.400000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: 10.2.unnervously.exe.400000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 10.2.unnervously.exe.400000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 9.2.unnervously.exe.3560000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: 9.2.unnervously.exe.3560000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 9.2.unnervously.exe.3560000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 15.2.unnervously.exe.400000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: 15.2.unnervously.exe.400000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 15.2.unnervously.exe.400000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 10.2.unnervously.exe.32c0000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: 10.2.unnervously.exe.32c0000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 10.2.unnervously.exe.32c0000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 15.2.unnervously.exe.3ae0000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: 15.2.unnervously.exe.3ae0000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 15.2.unnervously.exe.3ae0000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 9.2.unnervously.exe.3560000.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: 9.2.unnervously.exe.3560000.1.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 9.2.unnervously.exe.3560000.1.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 15.2.unnervously.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: 15.2.unnervously.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 15.2.unnervously.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 15.2.unnervously.exe.3ae0000.2.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: 15.2.unnervously.exe.3ae0000.2.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 15.2.unnervously.exe.3ae0000.2.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 0000000F.00000002.2849527453.0000000003AE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: 0000000F.00000002.2849527453.0000000003AE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 0000000F.00000002.2849527453.0000000003AE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 0000000A.00000002.3770517218.00000000032C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: 0000000A.00000002.3770517218.00000000032C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 0000000A.00000002.3770517218.00000000032C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 0000000A.00000002.3766719987.0000000000400000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: 0000000A.00000002.3766719987.0000000000400000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 0000000A.00000002.3766719987.0000000000400000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 0000000F.00000002.2848851973.0000000000400000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: 0000000F.00000002.2848851973.0000000000400000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 0000000F.00000002.2848851973.0000000000400000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 00000009.00000002.2703381537.0000000003560000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: 00000009.00000002.2703381537.0000000003560000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 00000009.00000002.2703381537.0000000003560000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: Process Memory Space: unnervously.exe PID: 7272, type: MEMORYSTR |
Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: Process Memory Space: unnervously.exe PID: 7432, type: MEMORYSTR |
Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: Process Memory Space: unnervously.exe PID: 4712, type: MEMORYSTR |
Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: rstrtmgr.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: pstorec.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: vaultcli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: pstorec.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: sxs.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: vbscript.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: msisip.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: wshext.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: scrobj.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: mlang.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: scrrun.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: appresolver.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: rstrtmgr.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_000BF98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput, |
0_2_000BF98E |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_00131C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed, |
0_2_00131C41 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_002BF98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput, |
9_2_002BF98E |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_00331C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed, |
9_2_00331C41 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_002BF98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput, |
11_2_002BF98E |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_00331C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed, |
11_2_00331C41 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_0010DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose, |
0_2_0010DBBE |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_000DC2A2 FindFirstFileExW, |
0_2_000DC2A2 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_001168EE FindFirstFileW,FindClose, |
0_2_001168EE |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_0011698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime, |
0_2_0011698F |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_0010D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
0_2_0010D076 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_0010D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
0_2_0010D3A9 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_00119642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_00119642 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_0011979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_0011979D |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_00119B2B FindFirstFileW,Sleep,FindNextFileW,FindClose, |
0_2_00119B2B |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_00115C97 FindFirstFileW,FindNextFileW,FindClose, |
0_2_00115C97 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_0030DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose, |
9_2_0030DBBE |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_002DC2A2 FindFirstFileExW, |
9_2_002DC2A2 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_003168EE FindFirstFileW,FindClose, |
9_2_003168EE |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_0031698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime, |
9_2_0031698F |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_0030D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
9_2_0030D076 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_0030D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
9_2_0030D3A9 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_00319642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
9_2_00319642 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_0031979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
9_2_0031979D |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_00319B2B FindFirstFileW,Sleep,FindNextFileW,FindClose, |
9_2_00319B2B |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_00315C97 FindFirstFileW,FindNextFileW,FindClose, |
9_2_00315C97 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_00409253 __EH_prolog,__CxxThrowException@8,FindFirstFileW,FindNextFileW,FindClose,FindClose, |
10_2_00409253 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_0041C291 FindFirstFileW,FindNextFileW,RemoveDirectoryW,SetFileAttributesW,DeleteFileW,GetLastError,FindClose,RemoveDirectoryW,FindClose, |
10_2_0041C291 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_0040C34D FindFirstFileW,PathFileExistsW,FindNextFileW,FindClose,FindClose, |
10_2_0040C34D |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_00409665 __EH_prolog,FindFirstFileW,FindNextFileW,FindClose,FindClose, |
10_2_00409665 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_0044E879 FindFirstFileExA, |
10_2_0044E879 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_0040880C __EH_prolog,FindFirstFileW,__CxxThrowException@8,FindNextFileW,FindClose, |
10_2_0040880C |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_0040783C FindFirstFileW,FindNextFileW, |
10_2_0040783C |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_00419AF5 FindFirstFileW,FindNextFileW,FindNextFileW, |
10_2_00419AF5 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_0040BB30 FindFirstFileA,FindClose,DeleteFileA,GetLastError,DeleteFileA,GetLastError,FindNextFileA,FindClose, |
10_2_0040BB30 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_0040BD37 FindFirstFileA,FindClose,DeleteFileA,GetLastError,FindNextFileA,FindClose,FindClose, |
10_2_0040BD37 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_100010F1 lstrlenW,lstrlenW,lstrcatW,lstrlenW,lstrlenW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, |
10_2_100010F1 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_10006580 FindFirstFileExA, |
10_2_10006580 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_002DC2A2 FindFirstFileExW, |
11_2_002DC2A2 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_003168EE FindFirstFileW,FindClose, |
11_2_003168EE |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_0031698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime, |
11_2_0031698F |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_0030D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
11_2_0030D076 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_0030D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
11_2_0030D3A9 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_00319642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
11_2_00319642 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_0031979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
11_2_0031979D |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_00319B2B FindFirstFileW,Sleep,FindNextFileW,FindClose, |
11_2_00319B2B |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_0030DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose, |
11_2_0030DBBE |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_00315C97 FindFirstFileW,FindNextFileW,FindClose, |
11_2_00315C97 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_0040AE51 FindFirstFileW,FindNextFileW, |
11_2_0040AE51 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_000D2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_000D2622 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_000C083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_000C083F |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_000C09D5 SetUnhandledExceptionFilter, |
0_2_000C09D5 |
Source: C:\Users\user\Desktop\LisectAVT_2403002A_101.exe |
Code function: 0_2_000C0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_000C0C21 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_002D2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
9_2_002D2622 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_002C083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
9_2_002C083F |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_002C09D5 SetUnhandledExceptionFilter, |
9_2_002C09D5 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 9_2_002C0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
9_2_002C0C21 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_004349F9 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
10_2_004349F9 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_00434B47 SetUnhandledExceptionFilter, |
10_2_00434B47 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_0043BB22 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
10_2_0043BB22 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_00434FDC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
10_2_00434FDC |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_100060E2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
10_2_100060E2 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_10002639 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
10_2_10002639 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 10_2_10002B1C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
10_2_10002B1C |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_002D2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
11_2_002D2622 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_002C083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
11_2_002C083F |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_002C09D5 SetUnhandledExceptionFilter, |
11_2_002C09D5 |
Source: C:\Users\user\AppData\Local\Wausaukee\unnervously.exe |
Code function: 11_2_002C0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
11_2_002C0C21 |