Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49720 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49720 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49723 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49723 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 192.229.221.95 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 192.229.221.95 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 192.229.221.95 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.109.8.45 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 192.229.221.95 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.109.76.141 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 192.229.221.95 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.109.76.141 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.109.8.45 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 192.229.221.95 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 192.229.221.95 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 192.229.221.95 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 192.229.221.95 |
Source: C:\Program Files\7-Zip\7zG.exe |
Process Stats: CPU usage > 98% |
Source: C:\Windows\System32\OpenWith.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Source: classification engine |
Classification label: clean1.winRAR@2/3@0/25 |
Source: unknown |
Process created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding |
Source: unknown |
Process created: C:\Program Files\7-Zip\7zG.exe "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\alfredo\Desktop\" -an -ai#7zMap27855:86:7zEvent12360 |
Source: C:\Windows\System32\OpenWith.exe |
File read: C:\Users\desktop.ini |
Source: C:\Windows\System32\OpenWith.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32 |
Source: C:\Windows\System32\OpenWith.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6576:120:WilError_02 |
Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE |
File created: C:\Users\alfredo\AppData\Local\Microsoft\Office\16.0\Feedback |
Source: Window Recorder |
Window detected: More than 3 window changes detected |
Source: pdf_novichki.rar |
Static file information: File size 6238622 > 1048576 |
Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\OpenWith.exe TID: 6580 |
Thread sleep count: 83 > 30 |
Source: C:\Windows\System32\OpenWith.exe |
Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation |
Source: C:\Windows\System32\OpenWith.exe |
Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation |
Source: C:\Windows\System32\OpenWith.exe |
Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation |
Source: C:\Windows\System32\OpenWith.exe |
Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation |
Source: C:\Windows\System32\OpenWith.exe |
Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation |
Source: C:\Windows\System32\OpenWith.exe |
Queries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation |
Source: C:\Windows\System32\OpenWith.exe |
Queries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation |