Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_0103445A GetFileAttributesW,FindFirstFileW,FindClose, | 0_2_0103445A |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_0103C75C FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf, | 0_2_0103C75C |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_0103C6D1 FindFirstFileW,FindClose, | 0_2_0103C6D1 |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_0103EF95 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, | 0_2_0103EF95 |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_0103F0F2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, | 0_2_0103F0F2 |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_0103F3F3 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose, | 0_2_0103F3F3 |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_010337EF FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, | 0_2_010337EF |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_01033B12 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, | 0_2_01033B12 |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_0103BCBC FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose, | 0_2_0103BCBC |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_0065445A GetFileAttributesW,FindFirstFileW,FindClose, | 2_2_0065445A |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_0065C6D1 FindFirstFileW,FindClose, | 2_2_0065C6D1 |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_0065C75C FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf, | 2_2_0065C75C |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_0065EF95 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, | 2_2_0065EF95 |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_0065F0F2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, | 2_2_0065F0F2 |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_0065F3F3 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose, | 2_2_0065F3F3 |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_006537EF FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, | 2_2_006537EF |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_00653B12 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, | 2_2_00653B12 |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_0065BCBC FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose, | 2_2_0065BCBC |
Source: RegSvcs.exe, 00000003.00000002.3296052584.0000000002E6C000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.3296227369.0000000002AEC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://checkip.dyndns.com |
Source: RegSvcs.exe, 00000003.00000002.3296052584.0000000002E60000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.3296052584.0000000002E6C000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.3296227369.0000000002AE0000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.3296227369.0000000002AEC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://checkip.dyndns.org |
Source: RegSvcs.exe, 00000003.00000002.3296052584.0000000002DE9000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.3296227369.0000000002A69000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://checkip.dyndns.org/ |
Source: RegSvcs.exe, 00000003.00000002.3297525367.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.3298333959.00000000053A0000.00000004.08000000.00040000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.3295937256.0000000002AE0000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.3296129712.0000000002970000.00000004.08000000.00040000.00000000.sdmp | String found in binary or memory: http://checkip.dyndns.org/q |
Source: RegSvcs.exe, 00000003.00000002.3296052584.0000000002E88000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.3296227369.0000000002B08000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://reallyfreegeoip.org |
Source: RegSvcs.exe, 00000003.00000002.3296052584.0000000002DE9000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.3296227369.0000000002AA8000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: RegSvcs.exe, 00000003.00000002.3297525367.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.3298333959.00000000053A0000.00000004.08000000.00040000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.3295937256.0000000002AE0000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.3296129712.0000000002970000.00000004.08000000.00040000.00000000.sdmp | String found in binary or memory: https://api.telegram.org/bot-/sendDocument?chat_id= |
Source: RegSvcs.exe, 00000003.00000002.3296052584.0000000002E6C000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.3296227369.0000000002AEC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://reallyfreegeoip.org |
Source: RegSvcs.exe, 00000003.00000002.3297525367.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.3298333959.00000000053A0000.00000004.08000000.00040000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.3296052584.0000000002E6C000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.3295937256.0000000002AE0000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.3296227369.0000000002AEC000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.3296129712.0000000002970000.00000004.08000000.00040000.00000000.sdmp | String found in binary or memory: https://reallyfreegeoip.org/xml/ |
Source: RegSvcs.exe, 00000003.00000002.3296052584.0000000002E6C000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.3296227369.0000000002AEC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189l |
Source: 5.2.nonplacental.exe.3c60000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects RedLine infostealer Author: ditekSHen |
Source: 6.2.RegSvcs.exe.2970000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 6.2.RegSvcs.exe.2970000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 3.2.RegSvcs.exe.3dae190.5.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 3.2.RegSvcs.exe.3dae190.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 6.2.RegSvcs.exe.2970000.2.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 6.2.RegSvcs.exe.2970000.2.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 3.2.RegSvcs.exe.53a0000.6.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 3.2.RegSvcs.exe.53a0000.6.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 3.2.RegSvcs.exe.3d86458.3.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 3.2.RegSvcs.exe.3d86458.3.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 3.2.RegSvcs.exe.3d85570.4.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 3.2.RegSvcs.exe.3d85570.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 3.2.RegSvcs.exe.53a0000.6.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 3.2.RegSvcs.exe.53a0000.6.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 3.2.RegSvcs.exe.2b2097e.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 3.2.RegSvcs.exe.2b2097e.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 2.2.nonplacental.exe.3b30000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects RedLine infostealer Author: ditekSHen |
Source: 3.2.RegSvcs.exe.3dae190.5.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 3.2.RegSvcs.exe.3dae190.5.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 3.2.RegSvcs.exe.3d86458.3.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 3.2.RegSvcs.exe.3d86458.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 3.2.RegSvcs.exe.2b21866.2.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 3.2.RegSvcs.exe.2b21866.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 3.2.RegSvcs.exe.2b2097e.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 3.2.RegSvcs.exe.2b2097e.1.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 6.2.RegSvcs.exe.2970ee8.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 6.2.RegSvcs.exe.2970ee8.1.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 6.2.RegSvcs.exe.2970ee8.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 6.2.RegSvcs.exe.2970ee8.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 3.2.RegSvcs.exe.2b21866.2.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 3.2.RegSvcs.exe.2b21866.2.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 3.2.RegSvcs.exe.3d85570.4.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 3.2.RegSvcs.exe.3d85570.4.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 00000005.00000002.2197923866.0000000003C60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects RedLine infostealer Author: ditekSHen |
Source: 00000003.00000002.3297525367.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 00000003.00000002.3298333959.00000000053A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 00000003.00000002.3298333959.00000000053A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 00000002.00000002.2081325248.0000000003B30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects RedLine infostealer Author: ditekSHen |
Source: 00000003.00000002.3295937256.0000000002AE0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 00000006.00000002.3296129712.0000000002970000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 00000006.00000002.3296129712.0000000002970000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: Process Memory Space: RegSvcs.exe PID: 6660, type: MEMORYSTR | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: Process Memory Space: RegSvcs.exe PID: 3128, type: MEMORYSTR | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_00FFD975 | 0_2_00FFD975 |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_00FF21C5 | 0_2_00FF21C5 |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_010503DA | 0_2_010503DA |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_010062D2 | 0_2_010062D2 |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_00FF25FA | 0_2_00FF25FA |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_0100242E | 0_2_0100242E |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_00FE66E1 | 0_2_00FE66E1 |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_00FDE6A0 | 0_2_00FDE6A0 |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_0100878F | 0_2_0100878F |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_0102E616 | 0_2_0102E616 |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_00FE8808 | 0_2_00FE8808 |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_01006844 | 0_2_01006844 |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_01050857 | 0_2_01050857 |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_01038889 | 0_2_01038889 |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_00FFCB21 | 0_2_00FFCB21 |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_01006DB6 | 0_2_01006DB6 |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_00FE6F9E | 0_2_00FE6F9E |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_00FE3030 | 0_2_00FE3030 |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_00FFF1D9 | 0_2_00FFF1D9 |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_00FF3187 | 0_2_00FF3187 |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_00FD1287 | 0_2_00FD1287 |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_00FF1484 | 0_2_00FF1484 |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_00FE5520 | 0_2_00FE5520 |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_00FF7696 | 0_2_00FF7696 |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_00FE5760 | 0_2_00FE5760 |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_00FF1978 | 0_2_00FF1978 |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_01009AB5 | 0_2_01009AB5 |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_00FDFCE0 | 0_2_00FDFCE0 |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_01057DDB | 0_2_01057DDB |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_00FFBDA6 | 0_2_00FFBDA6 |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_00FF1D90 | 0_2_00FF1D90 |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_00FE3FE0 | 0_2_00FE3FE0 |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_00FDDF00 | 0_2_00FDDF00 |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_015847D8 | 0_2_015847D8 |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_005FE6A0 | 2_2_005FE6A0 |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_0061D975 | 2_2_0061D975 |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_005FFCE0 | 2_2_005FFCE0 |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_006121C5 | 2_2_006121C5 |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_006262D2 | 2_2_006262D2 |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_006703DA | 2_2_006703DA |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_0062242E | 2_2_0062242E |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_006125FA | 2_2_006125FA |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_0064E616 | 2_2_0064E616 |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_006066E1 | 2_2_006066E1 |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_0062878F | 2_2_0062878F |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_00626844 | 2_2_00626844 |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_00670857 | 2_2_00670857 |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_00608808 | 2_2_00608808 |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_00658889 | 2_2_00658889 |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_0061CB21 | 2_2_0061CB21 |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_00626DB6 | 2_2_00626DB6 |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_00606F9E | 2_2_00606F9E |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_00603030 | 2_2_00603030 |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_0061F1D9 | 2_2_0061F1D9 |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_00613187 | 2_2_00613187 |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_005F1287 | 2_2_005F1287 |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_00611484 | 2_2_00611484 |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_00605520 | 2_2_00605520 |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_00617696 | 2_2_00617696 |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_00605760 | 2_2_00605760 |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_00611978 | 2_2_00611978 |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_00629AB5 | 2_2_00629AB5 |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_00677DDB | 2_2_00677DDB |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_0061BDA6 | 2_2_0061BDA6 |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_00611D90 | 2_2_00611D90 |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_005FDF00 | 2_2_005FDF00 |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_00603FE0 | 2_2_00603FE0 |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_017942E0 | 2_2_017942E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 3_2_00408C60 | 3_2_00408C60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 3_2_0040DC11 | 3_2_0040DC11 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 3_2_00407C3F | 3_2_00407C3F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 3_2_00418CCC | 3_2_00418CCC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 3_2_00406CA0 | 3_2_00406CA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 3_2_004028B0 | 3_2_004028B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 3_2_0041A4BE | 3_2_0041A4BE |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 3_2_00418244 | 3_2_00418244 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 3_2_00402F20 | 3_2_00402F20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 3_2_004193C4 | 3_2_004193C4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 3_2_00418788 | 3_2_00418788 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 3_2_00402F89 | 3_2_00402F89 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 3_2_00402B90 | 3_2_00402B90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 3_2_004073A0 | 3_2_004073A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 3_2_00F81448 | 3_2_00F81448 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 3_2_00F81439 | 3_2_00F81439 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 3_2_00F811A8 | 3_2_00F811A8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 3_2_00F81199 | 3_2_00F81199 |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 5_2_01948338 | 5_2_01948338 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_00401650 | 6_2_00401650 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_02501443 | 6_2_02501443 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_02501448 | 6_2_02501448 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_025011A7 | 6_2_025011A7 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_025011A8 | 6_2_025011A8 |
Source: 5.2.nonplacental.exe.3c60000.1.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
Source: 6.2.RegSvcs.exe.2970000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 6.2.RegSvcs.exe.2970000.2.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 3.2.RegSvcs.exe.3dae190.5.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 3.2.RegSvcs.exe.3dae190.5.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 6.2.RegSvcs.exe.2970000.2.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 6.2.RegSvcs.exe.2970000.2.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 3.2.RegSvcs.exe.53a0000.6.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 3.2.RegSvcs.exe.53a0000.6.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 3.2.RegSvcs.exe.3d86458.3.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 3.2.RegSvcs.exe.3d86458.3.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 3.2.RegSvcs.exe.3d85570.4.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 3.2.RegSvcs.exe.3d85570.4.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 3.2.RegSvcs.exe.53a0000.6.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 3.2.RegSvcs.exe.53a0000.6.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 3.2.RegSvcs.exe.2b2097e.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 3.2.RegSvcs.exe.2b2097e.1.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 2.2.nonplacental.exe.3b30000.1.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
Source: 3.2.RegSvcs.exe.3dae190.5.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 3.2.RegSvcs.exe.3dae190.5.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 3.2.RegSvcs.exe.3d86458.3.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 3.2.RegSvcs.exe.3d86458.3.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 3.2.RegSvcs.exe.2b21866.2.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 3.2.RegSvcs.exe.2b21866.2.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 3.2.RegSvcs.exe.2b2097e.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 3.2.RegSvcs.exe.2b2097e.1.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 6.2.RegSvcs.exe.2970ee8.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 6.2.RegSvcs.exe.2970ee8.1.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 6.2.RegSvcs.exe.2970ee8.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 6.2.RegSvcs.exe.2970ee8.1.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 3.2.RegSvcs.exe.2b21866.2.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 3.2.RegSvcs.exe.2b21866.2.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 3.2.RegSvcs.exe.3d85570.4.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 3.2.RegSvcs.exe.3d85570.4.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000005.00000002.2197923866.0000000003C60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
Source: 00000003.00000002.3297525367.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000003.00000002.3298333959.00000000053A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000003.00000002.3298333959.00000000053A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000002.00000002.2081325248.0000000003B30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
Source: 00000003.00000002.3295937256.0000000002AE0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000006.00000002.3296129712.0000000002970000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000006.00000002.3296129712.0000000002970000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: Process Memory Space: RegSvcs.exe PID: 6660, type: MEMORYSTR | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: Process Memory Space: RegSvcs.exe PID: 3128, type: MEMORYSTR | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Section loaded: wsock32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Section loaded: wsock32.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: sxs.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: vbscript.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: msisip.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: wshext.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: scrobj.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: mlang.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: scrrun.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: edputil.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: appresolver.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: bcp47langs.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Section loaded: wsock32.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_0103445A GetFileAttributesW,FindFirstFileW,FindClose, | 0_2_0103445A |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_0103C75C FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf, | 0_2_0103C75C |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_0103C6D1 FindFirstFileW,FindClose, | 0_2_0103C6D1 |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_0103EF95 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, | 0_2_0103EF95 |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_0103F0F2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, | 0_2_0103F0F2 |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_0103F3F3 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose, | 0_2_0103F3F3 |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_010337EF FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, | 0_2_010337EF |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_01033B12 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, | 0_2_01033B12 |
Source: C:\Users\user\Desktop\ref_97024130865.exe | Code function: 0_2_0103BCBC FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose, | 0_2_0103BCBC |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_0065445A GetFileAttributesW,FindFirstFileW,FindClose, | 2_2_0065445A |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_0065C6D1 FindFirstFileW,FindClose, | 2_2_0065C6D1 |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_0065C75C FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf, | 2_2_0065C75C |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_0065EF95 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, | 2_2_0065EF95 |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_0065F0F2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, | 2_2_0065F0F2 |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_0065F3F3 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose, | 2_2_0065F3F3 |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_006537EF FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, | 2_2_006537EF |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_00653B12 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, | 2_2_00653B12 |
Source: C:\Users\user\AppData\Local\juvenile\nonplacental.exe | Code function: 2_2_0065BCBC FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose, | 2_2_0065BCBC |