Source: 12.2.system.exe.40dcdf0.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 12.2.system.exe.40dcdf0.0.unpack, type: UNPACKEDPE |
Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 12.2.system.exe.40dcdf0.0.unpack, type: UNPACKEDPE |
Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 12.2.system.exe.40dcdf0.0.unpack, type: UNPACKEDPE |
Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 12.2.system.exe.40dcdf0.0.unpack, type: UNPACKEDPE |
Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 4.2.Tempdll.exe.371cde0.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 5.2.system.exe.40822e0.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 4.2.Tempdll.exe.371cde0.1.unpack, type: UNPACKEDPE |
Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 5.2.system.exe.40822e0.0.unpack, type: UNPACKEDPE |
Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 4.2.Tempdll.exe.1bc40000.3.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 5.2.system.exe.40822e0.0.unpack, type: UNPACKEDPE |
Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 5.2.system.exe.40822e0.0.unpack, type: UNPACKEDPE |
Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 5.2.system.exe.40822e0.0.unpack, type: UNPACKEDPE |
Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 4.2.Tempdll.exe.371cde0.1.unpack, type: UNPACKEDPE |
Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 4.2.Tempdll.exe.371cde0.1.unpack, type: UNPACKEDPE |
Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 4.2.Tempdll.exe.371cde0.1.unpack, type: UNPACKEDPE |
Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 4.2.Tempdll.exe.1bc40000.3.unpack, type: UNPACKEDPE |
Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 4.2.Tempdll.exe.1bc40000.3.unpack, type: UNPACKEDPE |
Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 4.2.Tempdll.exe.1bc40000.3.unpack, type: UNPACKEDPE |
Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 4.2.Tempdll.exe.1bc40000.3.unpack, type: UNPACKEDPE |
Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 4.2.Tempdll.exe.1bc40000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 4.2.Tempdll.exe.1bc40000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 4.2.Tempdll.exe.1bc40000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 4.2.Tempdll.exe.1bc40000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 4.2.Tempdll.exe.1bc40000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 12.2.system.exe.40dcdf0.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 12.2.system.exe.40dcdf0.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 12.2.system.exe.40dcdf0.0.raw.unpack, type: UNPACKEDPE |
Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 12.2.system.exe.40dcdf0.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 4.2.Tempdll.exe.371cde0.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 4.2.Tempdll.exe.371cde0.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 4.2.Tempdll.exe.371cde0.1.raw.unpack, type: UNPACKEDPE |
Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 4.2.Tempdll.exe.371cde0.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 5.2.system.exe.40822e0.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 5.2.system.exe.40822e0.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 5.2.system.exe.40822e0.0.raw.unpack, type: UNPACKEDPE |
Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 5.2.system.exe.40822e0.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 00000004.00000002.2282788158.000000001BC40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 00000004.00000002.2282788158.000000001BC40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 00000004.00000002.2282788158.000000001BC40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000004.00000002.2282788158.000000001BC40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 00000004.00000002.2282788158.000000001BC40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen |
Source: 0000000C.00000002.2506154802.0000000003FC2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 0000000C.00000002.2506154802.0000000003FC2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 0000000C.00000002.2506154802.0000000003FC2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 00000004.00000002.2243309082.0000000003565000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 00000004.00000002.2243309082.0000000003565000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000004.00000002.2243309082.0000000003565000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: 00000005.00000002.4598988067.0000000004082000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown |
Source: 00000005.00000002.4598988067.0000000004082000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter |
Source: 00000005.00000002.4598988067.0000000004082000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_05092C98 |
3_2_05092C98 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_05090860 |
3_2_05090860 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_05091880 |
3_2_05091880 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_050973F0 |
3_2_050973F0 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_050942E3 |
3_2_050942E3 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_05094577 |
3_2_05094577 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_050946D3 |
3_2_050946D3 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_05090956 |
3_2_05090956 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_05090968 |
3_2_05090968 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_05094048 |
3_2_05094048 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_05094042 |
3_2_05094042 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0509187A |
3_2_0509187A |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_05092B6D |
3_2_05092B6D |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_05094372 |
3_2_05094372 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_05092BB9 |
3_2_05092BB9 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_051A7A68 |
3_2_051A7A68 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_051A44F4 |
3_2_051A44F4 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_051A5C90 |
3_2_051A5C90 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_051A7E91 |
3_2_051A7E91 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_05C58870 |
3_2_05C58870 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_05C55800 |
3_2_05C55800 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_05C5E2E0 |
3_2_05C5E2E0 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0B7ACEA8 |
3_2_0B7ACEA8 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0B7AF5F8 |
3_2_0B7AF5F8 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0B7A07F0 |
3_2_0B7A07F0 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0B7A07E0 |
3_2_0B7A07E0 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0B7B0040 |
3_2_0B7B0040 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0B7B0030 |
3_2_0B7B0030 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0B7B5F78 |
3_2_0B7B5F78 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0B7B5F70 |
3_2_0B7B5F70 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0B7B3F10 |
3_2_0B7B3F10 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0B7B3F00 |
3_2_0B7B3F00 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0D25F6B0 |
3_2_0D25F6B0 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0D256C70 |
3_2_0D256C70 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0D256CC0 |
3_2_0D256CC0 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0D259581 |
3_2_0D259581 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0D25F6A8 |
3_2_0D25F6A8 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0D2542CF |
3_2_0D2542CF |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0D2991B8 |
3_2_0D2991B8 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0D29D1BC |
3_2_0D29D1BC |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0D299B3C |
3_2_0D299B3C |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0D29D3D4 |
3_2_0D29D3D4 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0D2981A8 |
3_2_0D2981A8 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0D29F1F0 |
3_2_0D29F1F0 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0D293B20 |
3_2_0D293B20 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0D420040 |
3_2_0D420040 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0D428D41 |
3_2_0D428D41 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0D428D50 |
3_2_0D428D50 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0D42AEB8 |
3_2_0D42AEB8 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0D42B3A0 |
3_2_0D42B3A0 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0E972748 |
3_2_0E972748 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0E970040 |
3_2_0E970040 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0E97CDA8 |
3_2_0E97CDA8 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0E97E8D0 |
3_2_0E97E8D0 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0E97CD99 |
3_2_0E97CD99 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0E971141 |
3_2_0E971141 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0ED83A7C |
3_2_0ED83A7C |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0ED8EF28 |
3_2_0ED8EF28 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0EDC9FC4 |
3_2_0EDC9FC4 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0EDC0FB8 |
3_2_0EDC0FB8 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0EDC5788 |
3_2_0EDC5788 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0EDC44B4 |
3_2_0EDC44B4 |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Code function: 3_2_0EDC3360 |
3_2_0EDC3360 |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Code function: 4_2_00007FF848F61A4D |
4_2_00007FF848F61A4D |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Code function: 5_2_00007FF848F71A4D |
5_2_00007FF848F71A4D |
Source: 12.2.system.exe.40dcdf0.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 12.2.system.exe.40dcdf0.0.unpack, type: UNPACKEDPE |
Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 12.2.system.exe.40dcdf0.0.unpack, type: UNPACKEDPE |
Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 12.2.system.exe.40dcdf0.0.unpack, type: UNPACKEDPE |
Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 12.2.system.exe.40dcdf0.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 4.2.Tempdll.exe.371cde0.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 5.2.system.exe.40822e0.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 4.2.Tempdll.exe.371cde0.1.unpack, type: UNPACKEDPE |
Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 5.2.system.exe.40822e0.0.unpack, type: UNPACKEDPE |
Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 4.2.Tempdll.exe.1bc40000.3.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 5.2.system.exe.40822e0.0.unpack, type: UNPACKEDPE |
Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 5.2.system.exe.40822e0.0.unpack, type: UNPACKEDPE |
Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 5.2.system.exe.40822e0.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 4.2.Tempdll.exe.371cde0.1.unpack, type: UNPACKEDPE |
Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 4.2.Tempdll.exe.371cde0.1.unpack, type: UNPACKEDPE |
Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 4.2.Tempdll.exe.371cde0.1.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 4.2.Tempdll.exe.1bc40000.3.unpack, type: UNPACKEDPE |
Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 4.2.Tempdll.exe.1bc40000.3.unpack, type: UNPACKEDPE |
Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 4.2.Tempdll.exe.1bc40000.3.unpack, type: UNPACKEDPE |
Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 4.2.Tempdll.exe.1bc40000.3.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 4.2.Tempdll.exe.1bc40000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 4.2.Tempdll.exe.1bc40000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 4.2.Tempdll.exe.1bc40000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 4.2.Tempdll.exe.1bc40000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 4.2.Tempdll.exe.1bc40000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 12.2.system.exe.40dcdf0.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 12.2.system.exe.40dcdf0.0.raw.unpack, type: UNPACKEDPE |
Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 12.2.system.exe.40dcdf0.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 12.2.system.exe.40dcdf0.0.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 4.2.Tempdll.exe.371cde0.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 4.2.Tempdll.exe.371cde0.1.raw.unpack, type: UNPACKEDPE |
Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 4.2.Tempdll.exe.371cde0.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 4.2.Tempdll.exe.371cde0.1.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 5.2.system.exe.40822e0.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 5.2.system.exe.40822e0.0.raw.unpack, type: UNPACKEDPE |
Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 5.2.system.exe.40822e0.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 5.2.system.exe.40822e0.0.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 00000004.00000002.2282788158.000000001BC40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 00000004.00000002.2282788158.000000001BC40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000004.00000002.2282788158.000000001BC40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000004.00000002.2282788158.000000001BC40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 00000004.00000002.2282788158.000000001BC40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi |
Source: 0000000C.00000002.2506154802.0000000003FC2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 0000000C.00000002.2506154802.0000000003FC2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 0000000C.00000002.2506154802.0000000003FC2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 00000004.00000002.2243309082.0000000003565000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 00000004.00000002.2243309082.0000000003565000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000004.00000002.2243309082.0000000003565000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: 00000005.00000002.4598988067.0000000004082000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04 |
Source: 00000005.00000002.4598988067.0000000004082000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net |
Source: 00000005.00000002.4598988067.0000000004082000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Section loaded: dwrite.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Section loaded: appresolver.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Section loaded: dwrite.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Section loaded: riched20.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Section loaded: usp10.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Section loaded: msls31.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Section loaded: sxs.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Section loaded: appresolver.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: shfolder.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: avicap32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: msvfw32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: ifmon.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: mprapi.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: rasmontr.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: rasapi32.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: rasman.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: mfc42u.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: authfwcfg.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: fwpolicyiomgr.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: firewallapi.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: fwbase.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: dhcpcmonitor.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: dot3cfg.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: dot3api.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: onex.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: eappcfg.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: eappprxy.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: fwcfg.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: hnetmon.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: netshell.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: nlaapi.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: netsetupapi.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: netiohlp.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: nettrace.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: nshhttp.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: httpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: nshipsec.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: activeds.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: polstore.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: winipsec.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: adsldpc.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: nshwfp.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: cabinet.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: p2pnetsh.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: p2p.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: rpcnsh.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: wcnnetsh.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: wlanapi.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: whhelper.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: wlancfg.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: wshelper.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: wevtapi.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: wwancfg.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: wwapi.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: wcmapi.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: rmclient.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: mobilenetworking.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: peerdistsh.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: ktmw32.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: mprmsg.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: mscoree.dll |
|
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: version.dll |
|
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: windows.storage.dll |
|
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: wldp.dll |
|
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: profapi.dll |
|
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\imX19sLDxY.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\TempWaircut.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Tempdll.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\netsh.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Users\user\AppData\Local\Temp\system.exe |
Process information set: NOOPENFILEERRORBOX |
|