Windows Analysis Report
mluxGOTw1e.exe

Overview

General Information

Sample name: mluxGOTw1e.exe
renamed because original name is a hash value
Original sample name: 26e5c31684960235c5ca7963770edc5488533b3fd58de9ffc46f3d297228ec3b.exe
Analysis ID: 1542727
MD5: e516d0f273821697860cb7e606aa531e
SHA1: 28eda2de9a7acaad4fe4abc5ee927948e94d07de
SHA256: 26e5c31684960235c5ca7963770edc5488533b3fd58de9ffc46f3d297228ec3b
Tags: CloudflareTunnelsRATexeuser-JAMESWT_MHT
Infos:

Detection

XWorm
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Early bird code injection technique detected
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected XWorm
Yara detected generic Shellcode Injector
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Contains functionality to log keystrokes (.Net Source)
Found direct / indirect Syscall (likely to bypass EDR)
Hijacks the control flow in another process
Machine Learning detection for sample
Queues an APC in another process (thread injection)
Sample uses string decryption to hide its real strings
Writes to foreign memory regions
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Yara signature match

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: mluxGOTw1e.exe Avira: detected
Found malware configuration
Source: 00000003.00000002.1912343597.000002DE317A1000.00000004.00000800.00020000.00000000.sdmp Malware Configuration Extractor: Xworm {"C2 url": ["https://pastebin.com/raw/zcGavZvr"], "Aes key": "<123456789>", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.1"}
Multi AV Scanner detection for submitted file
Source: mluxGOTw1e.exe ReversingLabs: Detection: 63%
Source: mluxGOTw1e.exe Virustotal: Detection: 68% Perma Link
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: mluxGOTw1e.exe Joe Sandbox ML: detected
Sample uses string decryption to hide its real strings
Source: 3.2.notepad.exe.2de317ace78.1.raw.unpack String decryptor: https://pastebin.com/raw/zcGavZvr
Source: 3.2.notepad.exe.2de317ace78.1.raw.unpack String decryptor: <123456789>
Source: 3.2.notepad.exe.2de317ace78.1.raw.unpack String decryptor: <Xwormmm>
Source: 3.2.notepad.exe.2de317ace78.1.raw.unpack String decryptor: XWorm V5.1
Source: 3.2.notepad.exe.2de317ace78.1.raw.unpack String decryptor: USB.exe
Source: mluxGOTw1e.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Networking
barindex
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: https://pastebin.com/raw/zcGavZvr
Yara detected Generic Downloader
Source: Yara match File source: 3.2.notepad.exe.2de317ace78.1.raw.unpack, type: UNPACKEDPE
Source: notepad.exe, 00000003.00000002.1912343597.000002DE317A1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://pastebin.com/raw/zcGavZvr

Key, Mouse, Clipboard, Microphone and Screen Capturing
barindex
Contains functionality to log keystrokes (.Net Source)
Source: 3.2.notepad.exe.2de317ace78.1.raw.unpack, XLogger.cs .Net Code: KeyboardLayout
Source: 3.2.notepad.exe.2de31470000.0.raw.unpack, XLogger.cs .Net Code: KeyboardLayout

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: 3.2.notepad.exe.2de31470000.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 3.2.notepad.exe.2de31470000.0.unpack, type: UNPACKEDPE Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 3.2.notepad.exe.2de317ace78.1.unpack, type: UNPACKEDPE Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 3.2.notepad.exe.2de317ace78.1.raw.unpack, type: UNPACKEDPE Matched rule: Detects unknown malware sample with pastebin RAW URL Author: Florian Roth
Source: 3.2.notepad.exe.2de317ace78.1.raw.unpack, type: UNPACKEDPE Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 00000003.00000002.1912189653.000002DE31470000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 00000003.00000002.1912343597.000002DE317A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 00000003.00000002.1911703858.000002DE2F9C0000.00000020.00000001.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 00000003.00000002.1911703858.000002DE2F9C0000.00000020.00000001.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Donutloader_5c38878d Author: unknown
Contains functionality to call native functions
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Code function: 0_2_00007FF7494F8490 NtProtectVirtualMemory, 0_2_00007FF7494F8490
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Code function: 0_2_00007FF7494F3A90 NtAllocateVirtualMemory, 0_2_00007FF7494F3A90
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Code function: 0_2_00007FF7494F3B90 NtQuerySystemInformation, 0_2_00007FF7494F3B90
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Code function: 0_2_00007FF7494F8580 NtResumeThread, 0_2_00007FF7494F8580
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Code function: 0_2_00007FF7494F3340 NtWriteVirtualMemory, 0_2_00007FF7494F3340
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Code function: 0_2_00007FF7494F8600 NtClose, 0_2_00007FF7494F8600
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Code function: 0_2_00007FF7494F34A0 NtDelayExecution, 0_2_00007FF7494F34A0
Detected potential crypto function
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Code function: 0_2_00007FF7494F5350 0_2_00007FF7494F5350
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Code function: 0_2_00007FF7494F3D00 0_2_00007FF7494F3D00
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Code function: 0_2_00007FF7494F8670 0_2_00007FF7494F8670
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Code function: 0_2_00007FF749515590 0_2_00007FF749515590
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Code function: 0_2_00007FF74950AA70 0_2_00007FF74950AA70
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Code function: 0_2_00007FF749511C50 0_2_00007FF749511C50
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Code function: 0_2_00007FF7494F18B0 0_2_00007FF7494F18B0
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Code function: 0_2_00007FF7495013A0 0_2_00007FF7495013A0
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Code function: 0_2_00007FF74950EFD0 0_2_00007FF74950EFD0
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Code function: 0_2_00007FF7495061D0 0_2_00007FF7495061D0
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Code function: 0_2_00007FF7494FBBC0 0_2_00007FF7494FBBC0
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Code function: 0_2_00007FF74950D1B0 0_2_00007FF74950D1B0
Source: C:\Windows\System32\notepad.exe Code function: 3_2_000002DE2F9CB503 3_2_000002DE2F9CB503
Source: C:\Windows\System32\notepad.exe Code function: 3_2_000002DE2F9CB923 3_2_000002DE2F9CB923
Source: C:\Windows\System32\notepad.exe Code function: 3_2_000002DE2F9CA8DB 3_2_000002DE2F9CA8DB
Source: C:\Windows\System32\notepad.exe Code function: 3_2_000002DE2F9CC1E3 3_2_000002DE2F9CC1E3
Source: C:\Windows\System32\notepad.exe Code function: 3_2_000002DE2F9CBD5B 3_2_000002DE2F9CBD5B
Sample file is different than original file name gathered from version info
Source: mluxGOTw1e.exe, 00000000.00000002.1874364407.00007FF749533000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenamemmc.exej% vs mluxGOTw1e.exe
Source: mluxGOTw1e.exe Binary or memory string: OriginalFilenamemmc.exej% vs mluxGOTw1e.exe
Yara signature match
Source: 3.2.notepad.exe.2de31470000.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 3.2.notepad.exe.2de31470000.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 3.2.notepad.exe.2de317ace78.1.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 3.2.notepad.exe.2de317ace78.1.raw.unpack, type: UNPACKEDPE Matched rule: Unknown_Malware_Sample_Jul17_2 date = 2017-08-01, hash1 = 3530d480db082af1823a7eb236203aca24dc3685f08c301466909f0794508a52, author = Florian Roth, description = Detects unknown malware sample with pastebin RAW URL, reference = https://goo.gl/iqH8CK, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 3.2.notepad.exe.2de317ace78.1.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 00000003.00000002.1912189653.000002DE31470000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 00000003.00000002.1912343597.000002DE317A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 00000003.00000002.1911703858.000002DE2F9C0000.00000020.00000001.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 00000003.00000002.1911703858.000002DE2F9C0000.00000020.00000001.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Donutloader_5c38878d os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 3b55ec6c37891880b53633b936d10f94d2b806db1723875e4ac95f8a34d97150, id = 5c38878d-ca94-4fd9-a36e-1ae5fe713ca2, last_modified = 2021-01-13
Source: mluxGOTw1e.exe Static PE information: Section: .data ZLIB complexity 0.9976306352459017
Source: 3.2.notepad.exe.2de317ace78.1.raw.unpack, Helper.cs Cryptographic APIs: 'TransformFinalBlock'
Source: 3.2.notepad.exe.2de317ace78.1.raw.unpack, Helper.cs Cryptographic APIs: 'TransformFinalBlock'
Source: 3.2.notepad.exe.2de317ace78.1.raw.unpack, AlgorithmAES.cs Cryptographic APIs: 'TransformFinalBlock'
Source: 3.2.notepad.exe.2de31470000.0.raw.unpack, Helper.cs Cryptographic APIs: 'TransformFinalBlock'
Source: 3.2.notepad.exe.2de31470000.0.raw.unpack, Helper.cs Cryptographic APIs: 'TransformFinalBlock'
Source: 3.2.notepad.exe.2de31470000.0.raw.unpack, AlgorithmAES.cs Cryptographic APIs: 'TransformFinalBlock'
Source: 3.2.notepad.exe.2de317ace78.1.raw.unpack, Settings.cs Base64 encoded string: 'xwoqsSmrUzNo5gXIWHk79SqXppaxaV51Jr6tg9sSxhqHJR0pvzkVEFZjcWn2KGIH'
Source: 3.2.notepad.exe.2de31470000.0.raw.unpack, Settings.cs Base64 encoded string: 'xwoqsSmrUzNo5gXIWHk79SqXppaxaV51Jr6tg9sSxhqHJR0pvzkVEFZjcWn2KGIH'
Source: 3.2.notepad.exe.2de317ace78.1.raw.unpack, ClientSocket.cs Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 3.2.notepad.exe.2de317ace78.1.raw.unpack, ClientSocket.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 3.2.notepad.exe.2de31470000.0.raw.unpack, ClientSocket.cs Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 3.2.notepad.exe.2de31470000.0.raw.unpack, ClientSocket.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@4/2@0/0
Source: C:\Windows\System32\notepad.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\notepad.exe.log Jump to behavior
Source: C:\Windows\System32\notepad.exe Mutant created: \Sessions\1\BaseNamedObjects\re6wnw6XNd8YRfiR
Source: C:\Windows\System32\notepad.exe Mutant created: NULL
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2724:120:WilError_03
Source: mluxGOTw1e.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: mluxGOTw1e.exe ReversingLabs: Detection: 63%
Source: mluxGOTw1e.exe Virustotal: Detection: 68%
Source: unknown Process created: C:\Users\user\Desktop\mluxGOTw1e.exe "C:\Users\user\Desktop\mluxGOTw1e.exe"
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Process created: C:\Windows\System32\notepad.exe C:\Windows\System32\notepad.exe
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Process created: C:\Windows\System32\notepad.exe C:\Windows\System32\notepad.exe Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32 Jump to behavior
Source: mluxGOTw1e.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: mluxGOTw1e.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: mluxGOTw1e.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: mluxGOTw1e.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: mluxGOTw1e.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: mluxGOTw1e.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: mluxGOTw1e.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation
barindex
.NET source code contains method to dynamically call methods (often used by packers)
Source: 3.2.notepad.exe.2de317ace78.1.raw.unpack, Messages.cs .Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{Settings.Host,Settings.Port,Settings.SPL,Settings.KEY,Helper.ID()}}, (string[])null, (Type[])null, (bool[])null, true)
Source: 3.2.notepad.exe.2de317ace78.1.raw.unpack, Messages.cs .Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{Pack[2],Helper.Decompress(Convert.FromBase64String(Pack[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
Source: 3.2.notepad.exe.2de31470000.0.raw.unpack, Messages.cs .Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{Settings.Host,Settings.Port,Settings.SPL,Settings.KEY,Helper.ID()}}, (string[])null, (Type[])null, (bool[])null, true)
Source: 3.2.notepad.exe.2de31470000.0.raw.unpack, Messages.cs .Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{Pack[2],Helper.Decompress(Convert.FromBase64String(Pack[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
.NET source code contains potential unpacker
Source: 3.2.notepad.exe.2de317ace78.1.raw.unpack, Messages.cs .Net Code: Plugin System.AppDomain.Load(byte[])
Source: 3.2.notepad.exe.2de317ace78.1.raw.unpack, Messages.cs .Net Code: Memory System.AppDomain.Load(byte[])
Source: 3.2.notepad.exe.2de317ace78.1.raw.unpack, Messages.cs .Net Code: Memory
Source: 3.2.notepad.exe.2de31470000.0.raw.unpack, Messages.cs .Net Code: Plugin System.AppDomain.Load(byte[])
Source: 3.2.notepad.exe.2de31470000.0.raw.unpack, Messages.cs .Net Code: Memory System.AppDomain.Load(byte[])
Source: 3.2.notepad.exe.2de31470000.0.raw.unpack, Messages.cs .Net Code: Memory
PE file contains sections with non-standard names
Source: mluxGOTw1e.exe Static PE information: section name: .00cfg
Source: mluxGOTw1e.exe Static PE information: section name: .retplne
Source: mluxGOTw1e.exe Static PE information: section name: _sysc
Source: C:\Windows\System32\notepad.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\notepad.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\notepad.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\notepad.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\notepad.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\notepad.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\notepad.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\notepad.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\notepad.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\notepad.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\notepad.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\notepad.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\notepad.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\notepad.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\notepad.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\notepad.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\notepad.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\notepad.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\notepad.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\notepad.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\notepad.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\notepad.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\notepad.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\notepad.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\notepad.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\notepad.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\notepad.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\notepad.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\notepad.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\notepad.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Yara detected generic Shellcode Injector
Source: Yara match File source: mluxGOTw1e.exe, type: SAMPLE
Source: Yara match File source: 0.2.mluxGOTw1e.exe.7ff7494f0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.0.mluxGOTw1e.exe.7ff7494f0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.1874303894.00007FF74951D000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000000.1259736705.00007FF74951D000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: mluxGOTw1e.exe PID: 2140, type: MEMORYSTR
Source: Yara match File source: \Device\ConDrv, type: DROPPED
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Windows\System32\notepad.exe Memory allocated: 2DE31450000 memory reserve | memory write watch Jump to behavior
Source: C:\Windows\System32\notepad.exe Memory allocated: 2DE497A0000 memory reserve | memory write watch Jump to behavior
Contains long sleeps (>= 3 min)
Source: C:\Windows\System32\notepad.exe Thread delayed: delay time: 922337203685477 Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Windows\System32\notepad.exe TID: 1988 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Windows\System32\notepad.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\notepad.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Process information queried: ProcessInformation Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Code function: 0_2_00007FF74951CEF8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_00007FF74951CEF8
Source: C:\Windows\System32\notepad.exe Memory allocated: page read and write | page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion
barindex
Early bird code injection technique detected
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Process created / APC Queued / Resumed: C:\Windows\System32\notepad.exe Jump to behavior
Allocates memory in foreign processes
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory allocated: C:\Windows\System32\notepad.exe base: 2DE2F9C0000 protect: page read and write Jump to behavior
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Users\user\Desktop\mluxGOTw1e.exe NtQuerySystemInformation: Direct from: 0x7FF7494F3C15 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe NtAllocateVirtualMemory: Direct from: 0x7FF7494F3B59 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe NtDelayExecution: Direct from: 0x7FF7494F34E5 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe NtWriteVirtualMemory: Direct from: 0x7FF7494F33F2 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe NtProtectVirtualMemory: Direct from: 0x7FF7494F853F Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe NtClose: Direct from: 0x7FF7494F8636
Source: C:\Users\user\Desktop\mluxGOTw1e.exe NtResumeThread: Direct from: 0x7FF7494F85CA Jump to behavior
Hijacks the control flow in another process
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: PID: 6544 base: 2DE2F9C0052 value: E9 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: PID: 6544 base: 2DE2F9C0189 value: E9 Jump to behavior
Queues an APC in another process (thread injection)
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Thread APC queued: target process: C:\Windows\System32\notepad.exe Jump to behavior
Writes to foreign memory regions
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0000 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0001 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0002 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0003 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0004 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0005 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0006 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0007 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0008 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0009 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C000A Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C000B Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C000C Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C000D Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C000E Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C000F Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0010 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0011 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0012 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0013 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0014 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0015 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0016 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0017 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0018 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0019 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C001A Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C001B Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C001C Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C001D Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C001E Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C001F Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0020 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0021 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0022 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0023 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0024 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0025 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0026 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0027 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0028 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0029 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C002A Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C002B Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C002C Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C002D Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C002E Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C002F Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0030 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0031 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0032 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0033 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0034 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0035 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0036 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0037 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0038 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0039 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C003A Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C003B Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C003C Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C003D Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C003E Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C003F Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0040 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0041 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0042 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0043 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0044 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0045 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0046 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0047 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0048 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0049 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C004A Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C004B Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C004C Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C004D Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C004E Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C004F Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0050 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0051 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0052 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0053 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0054 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0055 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0056 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0057 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0058 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0059 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C005A Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C005B Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C005C Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C005D Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C005E Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C005F Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0060 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0061 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0062 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0063 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0064 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0065 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0066 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0067 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0068 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0069 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C006A Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C006B Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C006C Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C006D Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C006E Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C006F Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0070 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0071 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0072 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0073 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0074 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0075 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0076 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0077 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0078 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0079 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C007A Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C007B Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C007C Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C007D Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C007E Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C007F Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0080 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0081 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0082 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0083 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0084 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0085 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0086 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0087 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0088 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0089 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C008A Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C008B Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C008C Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C008D Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C008E Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C008F Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0090 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0091 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0092 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0093 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0094 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0095 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0096 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0097 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0098 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0099 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C009A Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C009B Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C009C Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C009D Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C009E Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C009F Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00A0 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00A1 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00A2 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00A3 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00A4 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00A5 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00A6 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00A7 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00A8 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00A9 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00AA Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00AB Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00AC Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00AD Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00AE Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00AF Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00B0 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00B1 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00B2 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00B3 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00B4 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00B5 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00B6 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00B7 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00B8 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00B9 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00BA Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00BB Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00BC Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00BD Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00BE Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00BF Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00C0 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00C1 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00C2 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00C3 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00C4 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00C5 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00C6 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00C7 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00C8 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00C9 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00CA Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00CB Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00CC Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00CD Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00CE Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00CF Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00D0 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00D1 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00D2 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00D3 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00D4 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00D5 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00D6 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00D7 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00D8 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00D9 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00DA Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00DB Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00DC Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00DD Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00DE Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00DF Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00E0 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00E1 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00E2 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00E3 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00E4 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00E5 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00E6 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00E7 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00E8 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00E9 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00EA Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00EB Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00EC Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00ED Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00EE Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00EF Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00F0 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00F1 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00F2 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00F3 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00F4 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00F5 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00F6 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00F7 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00F8 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00F9 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00FA Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00FB Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00FC Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00FD Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00FE Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C00FF Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0100 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0101 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0102 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0103 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0104 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0105 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0106 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0107 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0108 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0109 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C010A Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C010B Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C010C Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C010D Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C010E Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C010F Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0110 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0111 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0112 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0113 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0114 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0115 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0116 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0117 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0118 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0119 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C011A Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C011B Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C011C Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C011D Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C011E Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C011F Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0120 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0121 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0122 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0123 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0124 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0125 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0126 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0127 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0128 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0129 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C012A Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C012B Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C012C Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C012D Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C012E Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C012F Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0130 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0131 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0132 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0133 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0134 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0135 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0136 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0137 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0138 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0139 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C013A Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C013B Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C013C Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C013D Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C013E Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C013F Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0140 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0141 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0142 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0143 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0144 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0145 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0146 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0147 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0148 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0149 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C014A Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C014B Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C014C Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C014D Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C014E Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C014F Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0150 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0151 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0152 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0153 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0154 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0155 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0156 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0157 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0158 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0159 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C015A Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C015B Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C015C Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C015D Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C015E Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C015F Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0160 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0161 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0162 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0163 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0164 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0165 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0166 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0167 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0168 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0169 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C016A Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C016B Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C016C Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C016D Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C016E Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C016F Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0170 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0171 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0172 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0173 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0174 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0175 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0176 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0177 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0178 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0179 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C017A Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C017B Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C017C Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C017D Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C017E Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C017F Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0180 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0181 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0182 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0183 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0184 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0185 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0186 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0187 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0188 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0189 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C018A Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C018B Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C018C Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C018D Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C018E Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C018F Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0190 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0191 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0192 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0193 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0194 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0195 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0196 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0197 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0198 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C0199 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C019A Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C019B Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C019C Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C019D Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C019E Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C019F Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01A0 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01A1 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01A2 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01A3 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01A4 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01A5 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01A6 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01A7 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01A8 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01A9 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01AA Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01AB Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01AC Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01AD Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01AE Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01AF Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01B0 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01B1 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01B2 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01B3 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01B4 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01B5 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01B6 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01B7 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01B8 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01B9 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01BA Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01BB Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01BC Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01BD Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01BE Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01BF Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01C0 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01C1 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01C2 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01C3 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01C4 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01C5 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01C6 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01C7 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01C8 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01C9 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01CA Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01CB Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01CC Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01CD Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01CE Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01CF Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01D0 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01D1 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01D2 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01D3 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01D4 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01D5 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01D6 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01D7 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01D8 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01D9 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01DA Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01DB Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01DC Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01DD Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01DE Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01DF Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01E0 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01E1 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01E2 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01E3 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01E4 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01E5 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01E6 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01E7 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01E8 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01E9 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01EA Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01EB Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01EC Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01ED Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01EE Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01EF Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01F0 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01F1 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01F2 Jump to behavior
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Memory written: C:\Windows\System32\notepad.exe base: 2DE2F9C01F3 Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\mluxGOTw1e.exe Process created: C:\Windows\System32\notepad.exe C:\Windows\System32\notepad.exe Jump to behavior
Source: C:\Windows\System32\notepad.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Stealing of Sensitive Information
barindex
Yara detected XWorm
Source: Yara match File source: 3.2.notepad.exe.2de31470000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.2.notepad.exe.2de31470000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.2.notepad.exe.2de317ace78.1.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.2.notepad.exe.2de317ace78.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000003.00000002.1912189653.000002DE31470000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.1912343597.000002DE317A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: notepad.exe PID: 6544, type: MEMORYSTR

Remote Access Functionality
barindex
Yara detected XWorm
Source: Yara match File source: 3.2.notepad.exe.2de31470000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.2.notepad.exe.2de31470000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.2.notepad.exe.2de317ace78.1.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.2.notepad.exe.2de317ace78.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000003.00000002.1912189653.000002DE31470000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.1912343597.000002DE317A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: notepad.exe PID: 6544, type: MEMORYSTR
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1542727 Sample: mluxGOTw1e.exe Startdate: 26/10/2024 Architecture: WINDOWS Score: 100 16 Found malware configuration 2->16 18 Malicious sample detected (through community Yara rule) 2->18 20 Antivirus / Scanner detection for submitted sample 2->20 22 11 other signatures 2->22 6 mluxGOTw1e.exe 1 2->6         started        process3 file4 14 \Device\ConDrv, ASCII 6->14 dropped 24 Early bird code injection technique detected 6->24 26 Hijacks the control flow in another process 6->26 28 Writes to foreign memory regions 6->28 30 3 other signatures 6->30 10 notepad.exe 1 6->10         started        12 conhost.exe 6->12         started        signatures5 process6
No contacted IP infos

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://pastebin.com/raw/zcGavZvr true
    		unknown