| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Code function: 0_2_02C55908 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA, |
0_2_02C55908 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_29138847 __EH_prolog,FindFirstFileW,__CxxThrowException@8,FindNextFileW,FindClose, |
8_2_29138847 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_29137877 FindFirstFileW,FindNextFileW, |
8_2_29137877 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_2917E8F9 FindFirstFileExA, |
8_2_2917E8F9 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_2913BB6B FindFirstFileA,FindClose,DeleteFileA,GetLastError,DeleteFileA,GetLastError,FindNextFileA,FindClose, |
8_2_2913BB6B |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_29149B86 FindFirstFileW,FindNextFileW,FindNextFileW, |
8_2_29149B86 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_2913BD72 FindFirstFileA,FindClose,DeleteFileA,GetLastError,FindNextFileA,FindClose,FindClose, |
8_2_2913BD72 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_2914C322 FindFirstFileW,FindNextFileW,RemoveDirectoryW,SetFileAttributesW,DeleteFileW,GetLastError,FindClose,RemoveDirectoryW,FindClose, |
8_2_2914C322 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_2913C388 FindFirstFileW,PathFileExistsW,FindNextFileW,FindClose,FindClose, |
8_2_2913C388 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_2913928E __EH_prolog,__CxxThrowException@8,FindFirstFileW,FindNextFileW,FindClose,FindClose, |
8_2_2913928E |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_291396A0 __EH_prolog,FindFirstFileW,FindNextFileW,FindClose,FindClose, |
8_2_291396A0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_0040928E __EH_prolog,__CxxThrowException@8,FindFirstFileW,FindNextFileW,FindClose,FindClose, |
15_2_0040928E |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_0041C322 FindFirstFileW,FindNextFileW,RemoveDirectoryW,SetFileAttributesW,DeleteFileW,GetLastError,FindClose,RemoveDirectoryW,FindClose, |
15_2_0041C322 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_0040C388 FindFirstFileW,PathFileExistsW,FindNextFileW,FindClose,FindClose, |
15_2_0040C388 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_004096A0 __EH_prolog,FindFirstFileW,FindNextFileW,FindClose,FindClose, |
15_2_004096A0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_00408847 __EH_prolog,FindFirstFileW,__CxxThrowException@8,FindNextFileW,FindClose, |
15_2_00408847 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_00407877 FindFirstFileW,FindNextFileW, |
15_2_00407877 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_0044E8F9 FindFirstFileExA, |
15_2_0044E8F9 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_0040BB6B FindFirstFileA,FindClose,DeleteFileA,GetLastError,DeleteFileA,GetLastError,FindNextFileA,FindClose, |
15_2_0040BB6B |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_00419B86 FindFirstFileW,FindNextFileW,FindNextFileW, |
15_2_00419B86 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_0040BD72 FindFirstFileA,FindClose,DeleteFileA,GetLastError,FindNextFileA,FindClose,FindClose, |
15_2_0040BD72 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_0781F616 FindFirstFileExA, |
15_2_0781F616 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_077D9564 __EH_prolog,FindFirstFileW,__CxxThrowException@8,FindNextFileW,FindClose, |
15_2_077D9564 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_077D8594 FindFirstFileW,FindNextFileW, |
15_2_077D8594 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_077DA3BD __EH_prolog,FindFirstFileW,FindNextFileW,FindClose,FindClose, |
15_2_077DA3BD |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_077ED03F FindFirstFileW,FindNextFileW,RemoveDirectoryW,SetFileAttributesW,DeleteFileW,GetLastError,FindClose,RemoveDirectoryW,FindClose, |
15_2_077ED03F |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_077DD0A5 FindFirstFileW,PathFileExistsW,FindNextFileW,FindClose,FindClose, |
15_2_077DD0A5 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_077D9FAB __EH_prolog,__CxxThrowException@8,FindFirstFileW,FindNextFileW,FindClose,FindClose, |
15_2_077D9FAB |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_077DCA8F FindFirstFileA,FindClose,DeleteFileA,GetLastError,FindNextFileA,FindClose,FindClose, |
15_2_077DCA8F |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_077EA8A3 FindFirstFileW, |
15_2_077EA8A3 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_077DC888 FindFirstFileA,FindClose,DeleteFileA,GetLastError,DeleteFileA,GetLastError,FindNextFileA,FindClose, |
15_2_077DC888 |
| Source: jlPBMMQbXC.exe, 00000000.00000003.1534458535.000000007EB20000.00000004.00001000.00020000.00000000.sdmp, jlPBMMQbXC.exe, 00000000.00000002.1627250031.000000007F2B0000.00000004.00001000.00020000.00000000.sdmp, jlPBMMQbXC.exe, 00000000.00000003.1534140532.000000007EBF0000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
| Source: jlPBMMQbXC.exe, 00000000.00000003.1534458535.000000007EB20000.00000004.00001000.00020000.00000000.sdmp, jlPBMMQbXC.exe, 00000000.00000002.1627250031.000000007F2B0000.00000004.00001000.00020000.00000000.sdmp, jlPBMMQbXC.exe, 00000000.00000003.1534140532.000000007EBF0000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
| Source: jlPBMMQbXC.exe, 00000000.00000003.1534458535.000000007EB20000.00000004.00001000.00020000.00000000.sdmp, jlPBMMQbXC.exe, 00000000.00000002.1627250031.000000007F2B0000.00000004.00001000.00020000.00000000.sdmp, jlPBMMQbXC.exe, 00000000.00000003.1534140532.000000007EBF0000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
| Source: jlPBMMQbXC.exe, 00000000.00000003.1534458535.000000007EB20000.00000004.00001000.00020000.00000000.sdmp, jlPBMMQbXC.exe, 00000000.00000002.1627250031.000000007F2B0000.00000004.00001000.00020000.00000000.sdmp, jlPBMMQbXC.exe, 00000000.00000003.1534140532.000000007EBF0000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04 |
| Source: jlPBMMQbXC.exe, 00000000.00000003.1534458535.000000007EB20000.00000004.00001000.00020000.00000000.sdmp, jlPBMMQbXC.exe, 00000000.00000002.1627250031.000000007F2B0000.00000004.00001000.00020000.00000000.sdmp, jlPBMMQbXC.exe, 00000000.00000003.1534140532.000000007EBF0000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0 |
| Source: jlPBMMQbXC.exe, 00000000.00000003.1534458535.000000007EB20000.00000004.00001000.00020000.00000000.sdmp, jlPBMMQbXC.exe, 00000000.00000002.1627250031.000000007F2B0000.00000004.00001000.00020000.00000000.sdmp, jlPBMMQbXC.exe, 00000000.00000003.1534140532.000000007EBF0000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0 |
| Source: jlPBMMQbXC.exe, 00000000.00000003.1534458535.000000007EB20000.00000004.00001000.00020000.00000000.sdmp, jlPBMMQbXC.exe, 00000000.00000002.1627250031.000000007F2B0000.00000004.00001000.00020000.00000000.sdmp, jlPBMMQbXC.exe, 00000000.00000003.1534140532.000000007EBF0000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
| Source: jlPBMMQbXC.exe, 00000000.00000003.1534458535.000000007EB20000.00000004.00001000.00020000.00000000.sdmp, jlPBMMQbXC.exe, 00000000.00000002.1627250031.000000007F2B0000.00000004.00001000.00020000.00000000.sdmp, jlPBMMQbXC.exe, 00000000.00000003.1534140532.000000007EBF0000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
| Source: jlPBMMQbXC.exe, 00000000.00000003.1534458535.000000007EB20000.00000004.00001000.00020000.00000000.sdmp, jlPBMMQbXC.exe, 00000000.00000002.1627250031.000000007F2B0000.00000004.00001000.00020000.00000000.sdmp, jlPBMMQbXC.exe, 00000000.00000003.1534140532.000000007EBF0000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
| Source: jlPBMMQbXC.exe, 00000000.00000003.1534458535.000000007EB20000.00000004.00001000.00020000.00000000.sdmp, jlPBMMQbXC.exe, 00000000.00000002.1627250031.000000007F2B0000.00000004.00001000.00020000.00000000.sdmp, jlPBMMQbXC.exe, 00000000.00000003.1534140532.000000007EBF0000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0# |
| Source: jlPBMMQbXC.exe, 00000000.00000003.1534458535.000000007EB20000.00000004.00001000.00020000.00000000.sdmp, jlPBMMQbXC.exe, 00000000.00000002.1627250031.000000007F2B0000.00000004.00001000.00020000.00000000.sdmp, jlPBMMQbXC.exe, 00000000.00000003.1534140532.000000007EBF0000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0# |
| Source: SndVol.exe, colorcpl.exe |
String found in binary or memory: http://geoplugin.net/json.gp |
| Source: SndVol.exe, 00000008.00000002.3862154789.0000000004420000.00000040.00000400.00020000.00000000.sdmp, SndVol.exe, 00000008.00000002.3877541973.0000000029130000.00000040.00001000.00020000.00000000.sdmp, colorcpl.exe, 0000000F.00000002.1792665550.0000000000400000.00000040.00001000.00020000.00000000.sdmp, colorcpl.exe, 0000000F.00000002.1794055073.00000000077D0000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: http://geoplugin.net/json.gp/C |
| Source: jlPBMMQbXC.exe, Selebzih.PIF.7.dr |
String found in binary or memory: http://hydros.8k.com |
| Source: jlPBMMQbXC.exe, 00000000.00000003.1534458535.000000007EB20000.00000004.00001000.00020000.00000000.sdmp, jlPBMMQbXC.exe, 00000000.00000002.1627250031.000000007F2B0000.00000004.00001000.00020000.00000000.sdmp, jlPBMMQbXC.exe, 00000000.00000003.1534140532.000000007EBF0000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.comodoca.com0 |
| Source: jlPBMMQbXC.exe, 00000000.00000003.1534458535.000000007EB20000.00000004.00001000.00020000.00000000.sdmp, jlPBMMQbXC.exe, 00000000.00000002.1627250031.000000007F2B0000.00000004.00001000.00020000.00000000.sdmp, jlPBMMQbXC.exe, 00000000.00000003.1534140532.000000007EBF0000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0A |
| Source: jlPBMMQbXC.exe, 00000000.00000003.1534458535.000000007EB20000.00000004.00001000.00020000.00000000.sdmp, jlPBMMQbXC.exe, 00000000.00000002.1627250031.000000007F2B0000.00000004.00001000.00020000.00000000.sdmp, jlPBMMQbXC.exe, 00000000.00000003.1534140532.000000007EBF0000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0C |
| Source: jlPBMMQbXC.exe, 00000000.00000003.1534458535.000000007EB20000.00000004.00001000.00020000.00000000.sdmp, jlPBMMQbXC.exe, 00000000.00000002.1627250031.000000007F2B0000.00000004.00001000.00020000.00000000.sdmp, jlPBMMQbXC.exe, 00000000.00000003.1534140532.000000007EBF0000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0X |
| Source: jlPBMMQbXC.exe, 00000000.00000003.1534458535.000000007EB20000.00000004.00001000.00020000.00000000.sdmp, jlPBMMQbXC.exe, 00000000.00000002.1627250031.000000007F2B0000.00000004.00001000.00020000.00000000.sdmp, jlPBMMQbXC.exe, 00000000.00000003.1534140532.000000007EBF0000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.sectigo.com0 |
| Source: jlPBMMQbXC.exe, 00000000.00000003.1534458535.000000007EB20000.00000004.00001000.00020000.00000000.sdmp, jlPBMMQbXC.exe, 00000000.00000002.1627250031.000000007F2B0000.00000004.00001000.00020000.00000000.sdmp, jlPBMMQbXC.exe, 00000000.00000003.1534140532.000000007EBF0000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.sectigo.com0C |
| Source: jlPBMMQbXC.exe, jlPBMMQbXC.exe, 00000000.00000002.1578952321.0000000002C7E000.00000004.00001000.00020000.00000000.sdmp, jlPBMMQbXC.exe, 00000000.00000002.1638986421.000000007FB20000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://www.pmail.com |
| Source: jlPBMMQbXC.exe, 00000000.00000003.1491122017.00000000007FF000.00000004.00000020.00020000.00000000.sdmp, jlPBMMQbXC.exe, 00000000.00000002.1575706420.00000000007CB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://alfanar01-my.sharepoint.com/ |
| Source: jlPBMMQbXC.exe, 00000000.00000002.1586422166.000000000D9F7000.00000004.00001000.00020000.00000000.sdmp, jlPBMMQbXC.exe, 00000000.00000002.1586422166.000000000DA69000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://alfanar01-my.sharepoint.com/:u:/g/personal/huzaifa_alfanargas_com/EbcBi98Fae9PrYH7LpmiSQMBlK |
| Source: jlPBMMQbXC.exe, 00000000.00000003.1491122017.00000000007E7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://alfanar01-my.sharepoint.com/personal/huzaifa_alfanargas_com/Documents/233_Selebzihtih?ga=1Z |
| Source: jlPBMMQbXC.exe, 00000000.00000002.1575706420.00000000007EC000.00000004.00000020.00020000.00000000.sdmp, jlPBMMQbXC.exe, 00000000.00000003.1491122017.00000000007E7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://alfanar01-my.sharepoint.com:443/:u:/g/personal/huzaifa_alfanargas_com/EbcBi98Fae9PrYH7LpmiSQ |
| Source: jlPBMMQbXC.exe, 00000000.00000002.1575706420.0000000000834000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://lightstone.ae/ |
| Source: jlPBMMQbXC.exe, 00000000.00000002.1586422166.000000000DAA3000.00000004.00001000.00020000.00000000.sdmp, jlPBMMQbXC.exe, 00000000.00000002.1586422166.000000000DA69000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://lightstone.ae/image/233_Selebzihtih |
| Source: jlPBMMQbXC.exe, 00000000.00000002.1575706420.000000000077E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://lightstone.ae/image/233_Selebzihtihv |
| Source: jlPBMMQbXC.exe, 00000000.00000002.1575706420.0000000000802000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://lightstone.ae:443/image/233_SelebzihtihzOEROSitPOExnUGlYeGtYV2hLMGY0YTNpZXRqOUJNTWJTWXJiYXBJ |
| Source: jlPBMMQbXC.exe, 00000000.00000003.1534458535.000000007EB20000.00000004.00001000.00020000.00000000.sdmp, jlPBMMQbXC.exe, 00000000.00000002.1627250031.000000007F2B0000.00000004.00001000.00020000.00000000.sdmp, jlPBMMQbXC.exe, 00000000.00000003.1534140532.000000007EBF0000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://sectigo.com/CPS0 |
| Source: jlPBMMQbXC.exe, 00000000.00000003.1491083792.000000000083E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://spo.nel.measure.office.net/api/report?tenantId=91742063-fccc-4cba-b34b-69be54e484e8&desusert |
| Source: 15.2.colorcpl.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
| Source: 15.2.colorcpl.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Author: unknown |
| Source: 15.2.colorcpl.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
| Source: 8.2.SndVol.exe.442191d.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
| Source: 8.2.SndVol.exe.442191d.0.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Author: unknown |
| Source: 8.2.SndVol.exe.442191d.0.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
| Source: 15.2.colorcpl.exe.77d0000.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
| Source: 15.2.colorcpl.exe.77d0000.1.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Author: unknown |
| Source: 15.2.colorcpl.exe.77d0000.1.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
| Source: 15.2.colorcpl.exe.77d191d.2.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
| Source: 15.2.colorcpl.exe.77d191d.2.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Author: unknown |
| Source: 15.2.colorcpl.exe.77d191d.2.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
| Source: 8.2.SndVol.exe.4420000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
| Source: 8.2.SndVol.exe.4420000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Author: unknown |
| Source: 8.2.SndVol.exe.4420000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
| Source: 8.2.SndVol.exe.29130000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
| Source: 8.2.SndVol.exe.29130000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Author: unknown |
| Source: 8.2.SndVol.exe.29130000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
| Source: 8.2.SndVol.exe.4420000.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
| Source: 8.2.SndVol.exe.4420000.1.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Author: unknown |
| Source: 8.2.SndVol.exe.4420000.1.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
| Source: 15.2.colorcpl.exe.77d191d.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
| Source: 15.2.colorcpl.exe.77d191d.2.raw.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Author: unknown |
| Source: 15.2.colorcpl.exe.77d191d.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
| Source: 8.2.SndVol.exe.442191d.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
| Source: 8.2.SndVol.exe.442191d.0.raw.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Author: unknown |
| Source: 8.2.SndVol.exe.442191d.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
| Source: 15.2.colorcpl.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
| Source: 15.2.colorcpl.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Author: unknown |
| Source: 15.2.colorcpl.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
| Source: 8.2.SndVol.exe.29130000.2.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
| Source: 8.2.SndVol.exe.29130000.2.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Author: unknown |
| Source: 8.2.SndVol.exe.29130000.2.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
| Source: 15.2.colorcpl.exe.77d0000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
| Source: 15.2.colorcpl.exe.77d0000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Author: unknown |
| Source: 15.2.colorcpl.exe.77d0000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
| Source: 0000000F.00000002.1792665550.0000000000400000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
| Source: 0000000F.00000002.1792665550.0000000000400000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: REMCOS_RAT_variants Author: unknown |
| Source: 0000000F.00000002.1792665550.0000000000400000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
| Source: 00000008.00000002.3862154789.0000000004420000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
| Source: 00000008.00000002.3862154789.0000000004420000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: REMCOS_RAT_variants Author: unknown |
| Source: 00000008.00000002.3862154789.0000000004420000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
| Source: 00000008.00000002.3877541973.0000000029130000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
| Source: 00000008.00000002.3877541973.0000000029130000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: REMCOS_RAT_variants Author: unknown |
| Source: 00000008.00000002.3877541973.0000000029130000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
| Source: 0000000F.00000002.1794055073.00000000077D0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
| Source: 0000000F.00000002.1794055073.00000000077D0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: REMCOS_RAT_variants Author: unknown |
| Source: 0000000F.00000002.1794055073.00000000077D0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
| Source: Process Memory Space: SndVol.exe PID: 7672, type: MEMORYSTR |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
| Source: Process Memory Space: colorcpl.exe PID: 8136, type: MEMORYSTR |
Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Code function: 0_2_02C6B118 GetModuleHandleW,NtOpenProcess,IsBadReadPtr,IsBadReadPtr,GetModuleHandleW,NtCreateThreadEx, |
0_2_02C6B118 |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Code function: 0_2_02C67A2C NtAllocateVirtualMemory, |
0_2_02C67A2C |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Code function: 0_2_02C6DC8C RtlDosPathNameToNtPathName_U,NtCreateFile,NtWriteFile,NtClose, |
0_2_02C6DC8C |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Code function: 0_2_02C6DC04 RtlI,RtlDosPathNameToNtPathName_U,NtDeleteFile, |
0_2_02C6DC04 |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Code function: 0_2_02C6DD70 RtlDosPathNameToNtPathName_U,NtOpenFile,NtQueryInformationFile,NtReadFile,NtClose, |
0_2_02C6DD70 |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Code function: 0_2_02C67D78 NtWriteVirtualMemory, |
0_2_02C67D78 |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Code function: 0_2_02C684C8 NtProtectVirtualMemory, |
0_2_02C684C8 |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Code function: 0_2_02C67A2A NtAllocateVirtualMemory, |
0_2_02C67A2A |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Code function: 0_2_02C6DBB0 RtlI,RtlDosPathNameToNtPathName_U,NtDeleteFile, |
0_2_02C6DBB0 |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Code function: 0_2_02C68D6E GetThreadContext,SetThreadContext,NtResumeThread, |
0_2_02C68D6E |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Code function: 0_2_02C68D70 GetThreadContext,SetThreadContext,NtResumeThread, |
0_2_02C68D70 |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Code function: 10_2_02ABB118 GetModuleHandleW,NtOpenProcess,IsBadReadPtr,IsBadReadPtr,GetModuleHandleW, |
10_2_02ABB118 |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Code function: 10_2_02AB7D78 NtWriteVirtualMemory, |
10_2_02AB7D78 |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Code function: 10_2_02ABDD70 RtlDosPathNameToNtPathName_U,NtOpenFile,NtReadFile,NtClose, |
10_2_02ABDD70 |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Code function: 10_2_02ABDBB0 RtlInitUnicodeString,RtlDosPathNameToNtPathName_U,NtDeleteFile, |
10_2_02ABDBB0 |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Code function: 10_2_02ABDC8C RtlDosPathNameToNtPathName_U,NtWriteFile,NtClose, |
10_2_02ABDC8C |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Code function: 10_2_02ABDC04 RtlInitUnicodeString,RtlDosPathNameToNtPathName_U,NtDeleteFile, |
10_2_02ABDC04 |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Code function: 10_2_02AB8D6E Toolhelp32ReadProcessMemory,Thread32Next,GetThreadContext,Heap32Next,Heap32Next,Heap32Next,Heap32Next,Heap32Next,Heap32Next,Heap32Next,Heap32Next,Heap32Next,Heap32Next,Toolhelp32ReadProcessMemory,Heap32ListFirst,SetThreadContext,NtResumeThread,Thread32Next, |
10_2_02AB8D6E |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Code function: 10_2_02AB8D70 Toolhelp32ReadProcessMemory,Thread32Next,GetThreadContext,Heap32Next,Heap32Next,Heap32Next,Heap32Next,Heap32Next,Heap32Next,Heap32Next,Heap32Next,Heap32Next,Heap32Next,Toolhelp32ReadProcessMemory,Heap32ListFirst,SetThreadContext,NtResumeThread,Thread32Next, |
10_2_02AB8D70 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_077EE33D NtdllDefWindowProc_A,GetCursorPos,SetForegroundWindow,TrackPopupMenu,IsWindowVisible,ShowWindow,ShowWindow,SetForegroundWindow,Shell_NotifyIcon,ExitProcess,CreatePopupMenu,AppendMenuA, |
15_2_077EE33D |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Code function: 0_2_02C520C4 |
0_2_02C520C4 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_0445950D |
8_2_0445950D |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_044546F4 |
8_2_044546F4 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_0445869B |
8_2_0445869B |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_0446E766 |
8_2_0446E766 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_044487F4 |
8_2_044487F4 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_0445F068 |
8_2_0445F068 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_044740C8 |
8_2_044740C8 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_0444814B |
8_2_0444814B |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_0445F2C5 |
8_2_0445F2C5 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_04458283 |
8_2_04458283 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_04456C08 |
8_2_04456C08 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_0445EC0A |
8_2_0445EC0A |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_04434D22 |
8_2_04434D22 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_04457D87 |
8_2_04457D87 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_0445EE39 |
8_2_0445EE39 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_04474EF6 |
8_2_04474EF6 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_0443FEA8 |
8_2_0443FEA8 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_04458F05 |
8_2_04458F05 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_04466F8D |
8_2_04466F8D |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_0444895D |
8_2_0444895D |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_0443E910 |
8_2_0443E910 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_04458AD0 |
8_2_04458AD0 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_04447BBC |
8_2_04447BBC |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_2916797E |
8_2_2916797E |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_291639D7 |
8_2_291639D7 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_2914DBF3 |
8_2_2914DBF3 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_2917DA49 |
8_2_2917DA49 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_29157AD7 |
8_2_29157AD7 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_29167DB3 |
8_2_29167DB3 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_29157C40 |
8_2_29157C40 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_29156E9F |
8_2_29156E9F |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_2916DEED |
8_2_2916DEED |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_29165EEB |
8_2_29165EEB |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_2916E11C |
8_2_2916E11C |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_2914F18B |
8_2_2914F18B |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_291841D9 |
8_2_291841D9 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_291681E8 |
8_2_291681E8 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_29144005 |
8_2_29144005 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_2916706A |
8_2_2916706A |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_2916E34B |
8_2_2916E34B |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_291833AB |
8_2_291833AB |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_29176270 |
8_2_29176270 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_29167566 |
8_2_29167566 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_2916E5A8 |
8_2_2916E5A8 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_2915742E |
8_2_2915742E |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_291687F0 |
8_2_291687F0 |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Code function: 10_2_02AA20C4 |
10_2_02AA20C4 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_0043706A |
15_2_0043706A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_00414005 |
15_2_00414005 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_0043E11C |
15_2_0043E11C |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_004541D9 |
15_2_004541D9 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_004381E8 |
15_2_004381E8 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_0041F18B |
15_2_0041F18B |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_00446270 |
15_2_00446270 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_0043E34B |
15_2_0043E34B |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_004533AB |
15_2_004533AB |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_0042742E |
15_2_0042742E |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_00437566 |
15_2_00437566 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_0043E5A8 |
15_2_0043E5A8 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_004387F0 |
15_2_004387F0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_0043797E |
15_2_0043797E |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_004339D7 |
15_2_004339D7 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_0044DA49 |
15_2_0044DA49 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_00427AD7 |
15_2_00427AD7 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_0041DBF3 |
15_2_0041DBF3 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_00427C40 |
15_2_00427C40 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_00437DB3 |
15_2_00437DB3 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_00435EEB |
15_2_00435EEB |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_0043DEED |
15_2_0043DEED |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_00426E9F |
15_2_00426E9F |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_077F87F4 |
15_2_077F87F4 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_0781E766 |
15_2_0781E766 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_0780869B |
15_2_0780869B |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_078046F4 |
15_2_078046F4 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_0780950D |
15_2_0780950D |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_07808283 |
15_2_07808283 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_0780F2C5 |
15_2_0780F2C5 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_077F814B |
15_2_077F814B |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_078240C8 |
15_2_078240C8 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_0780F068 |
15_2_0780F068 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_07816F8D |
15_2_07816F8D |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_07808F05 |
15_2_07808F05 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_07824EF6 |
15_2_07824EF6 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_0780EE39 |
15_2_0780EE39 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_077EFEA8 |
15_2_077EFEA8 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_07807D87 |
15_2_07807D87 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_077E4D22 |
15_2_077E4D22 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_07806C08 |
15_2_07806C08 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_0780EC0A |
15_2_0780EC0A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_077F7BBC |
15_2_077F7BBC |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_07808AD0 |
15_2_07808AD0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_077F895D |
15_2_077F895D |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_077EE910 |
15_2_077EE910 |
| Source: 15.2.colorcpl.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
| Source: 15.2.colorcpl.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
| Source: 15.2.colorcpl.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
| Source: 8.2.SndVol.exe.442191d.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
| Source: 8.2.SndVol.exe.442191d.0.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
| Source: 8.2.SndVol.exe.442191d.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
| Source: 15.2.colorcpl.exe.77d0000.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
| Source: 15.2.colorcpl.exe.77d0000.1.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
| Source: 15.2.colorcpl.exe.77d0000.1.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
| Source: 15.2.colorcpl.exe.77d191d.2.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
| Source: 15.2.colorcpl.exe.77d191d.2.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
| Source: 15.2.colorcpl.exe.77d191d.2.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
| Source: 8.2.SndVol.exe.4420000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
| Source: 8.2.SndVol.exe.4420000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
| Source: 8.2.SndVol.exe.4420000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
| Source: 8.2.SndVol.exe.29130000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
| Source: 8.2.SndVol.exe.29130000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
| Source: 8.2.SndVol.exe.29130000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
| Source: 8.2.SndVol.exe.4420000.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
| Source: 8.2.SndVol.exe.4420000.1.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
| Source: 8.2.SndVol.exe.4420000.1.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
| Source: 15.2.colorcpl.exe.77d191d.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
| Source: 15.2.colorcpl.exe.77d191d.2.raw.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
| Source: 15.2.colorcpl.exe.77d191d.2.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
| Source: 8.2.SndVol.exe.442191d.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
| Source: 8.2.SndVol.exe.442191d.0.raw.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
| Source: 8.2.SndVol.exe.442191d.0.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
| Source: 15.2.colorcpl.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
| Source: 15.2.colorcpl.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
| Source: 15.2.colorcpl.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
| Source: 8.2.SndVol.exe.29130000.2.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
| Source: 8.2.SndVol.exe.29130000.2.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
| Source: 8.2.SndVol.exe.29130000.2.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
| Source: 15.2.colorcpl.exe.77d0000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
| Source: 15.2.colorcpl.exe.77d0000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
| Source: 15.2.colorcpl.exe.77d0000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
| Source: 0000000F.00000002.1792665550.0000000000400000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
| Source: 0000000F.00000002.1792665550.0000000000400000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
| Source: 0000000F.00000002.1792665550.0000000000400000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
| Source: 00000008.00000002.3862154789.0000000004420000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
| Source: 00000008.00000002.3862154789.0000000004420000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
| Source: 00000008.00000002.3862154789.0000000004420000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
| Source: 00000008.00000002.3877541973.0000000029130000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
| Source: 00000008.00000002.3877541973.0000000029130000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
| Source: 00000008.00000002.3877541973.0000000029130000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
| Source: 0000000F.00000002.1794055073.00000000077D0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
| Source: 0000000F.00000002.1794055073.00000000077D0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
| Source: 0000000F.00000002.1794055073.00000000077D0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
| Source: Process Memory Space: SndVol.exe PID: 7672, type: MEMORYSTR |
Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
| Source: Process Memory Space: colorcpl.exe PID: 8136, type: MEMORYSTR |
Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: apphelp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: version.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: url.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: ieframe.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: iertutil.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: netapi32.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: userenv.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: winhttp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: wkscli.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: netutils.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: wldp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: propsys.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: winmm.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: wininet.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Code function: 0_2_02C55908 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA, |
0_2_02C55908 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_29138847 __EH_prolog,FindFirstFileW,__CxxThrowException@8,FindNextFileW,FindClose, |
8_2_29138847 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_29137877 FindFirstFileW,FindNextFileW, |
8_2_29137877 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_2917E8F9 FindFirstFileExA, |
8_2_2917E8F9 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_2913BB6B FindFirstFileA,FindClose,DeleteFileA,GetLastError,DeleteFileA,GetLastError,FindNextFileA,FindClose, |
8_2_2913BB6B |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_29149B86 FindFirstFileW,FindNextFileW,FindNextFileW, |
8_2_29149B86 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_2913BD72 FindFirstFileA,FindClose,DeleteFileA,GetLastError,FindNextFileA,FindClose,FindClose, |
8_2_2913BD72 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_2914C322 FindFirstFileW,FindNextFileW,RemoveDirectoryW,SetFileAttributesW,DeleteFileW,GetLastError,FindClose,RemoveDirectoryW,FindClose, |
8_2_2914C322 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_2913C388 FindFirstFileW,PathFileExistsW,FindNextFileW,FindClose,FindClose, |
8_2_2913C388 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_2913928E __EH_prolog,__CxxThrowException@8,FindFirstFileW,FindNextFileW,FindClose,FindClose, |
8_2_2913928E |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: 8_2_291396A0 __EH_prolog,FindFirstFileW,FindNextFileW,FindClose,FindClose, |
8_2_291396A0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_0040928E __EH_prolog,__CxxThrowException@8,FindFirstFileW,FindNextFileW,FindClose,FindClose, |
15_2_0040928E |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_0041C322 FindFirstFileW,FindNextFileW,RemoveDirectoryW,SetFileAttributesW,DeleteFileW,GetLastError,FindClose,RemoveDirectoryW,FindClose, |
15_2_0041C322 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_0040C388 FindFirstFileW,PathFileExistsW,FindNextFileW,FindClose,FindClose, |
15_2_0040C388 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_004096A0 __EH_prolog,FindFirstFileW,FindNextFileW,FindClose,FindClose, |
15_2_004096A0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_00408847 __EH_prolog,FindFirstFileW,__CxxThrowException@8,FindNextFileW,FindClose, |
15_2_00408847 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_00407877 FindFirstFileW,FindNextFileW, |
15_2_00407877 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_0044E8F9 FindFirstFileExA, |
15_2_0044E8F9 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_0040BB6B FindFirstFileA,FindClose,DeleteFileA,GetLastError,DeleteFileA,GetLastError,FindNextFileA,FindClose, |
15_2_0040BB6B |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_00419B86 FindFirstFileW,FindNextFileW,FindNextFileW, |
15_2_00419B86 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_0040BD72 FindFirstFileA,FindClose,DeleteFileA,GetLastError,FindNextFileA,FindClose,FindClose, |
15_2_0040BD72 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_0781F616 FindFirstFileExA, |
15_2_0781F616 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_077D9564 __EH_prolog,FindFirstFileW,__CxxThrowException@8,FindNextFileW,FindClose, |
15_2_077D9564 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_077D8594 FindFirstFileW,FindNextFileW, |
15_2_077D8594 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_077DA3BD __EH_prolog,FindFirstFileW,FindNextFileW,FindClose,FindClose, |
15_2_077DA3BD |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_077ED03F FindFirstFileW,FindNextFileW,RemoveDirectoryW,SetFileAttributesW,DeleteFileW,GetLastError,FindClose,RemoveDirectoryW,FindClose, |
15_2_077ED03F |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_077DD0A5 FindFirstFileW,PathFileExistsW,FindNextFileW,FindClose,FindClose, |
15_2_077DD0A5 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_077D9FAB __EH_prolog,__CxxThrowException@8,FindFirstFileW,FindNextFileW,FindClose,FindClose, |
15_2_077D9FAB |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_077DCA8F FindFirstFileA,FindClose,DeleteFileA,GetLastError,FindNextFileA,FindClose,FindClose, |
15_2_077DCA8F |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_077EA8A3 FindFirstFileW, |
15_2_077EA8A3 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 15_2_077DC888 FindFirstFileA,FindClose,DeleteFileA,GetLastError,DeleteFileA,GetLastError,FindNextFileA,FindClose, |
15_2_077DC888 |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Code function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA, |
0_2_02C55ACC |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Code function: GetLocaleInfoA, |
0_2_02C5A7C4 |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Code function: lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA, |
0_2_02C55BD8 |
| Source: C:\Users\user\Desktop\jlPBMMQbXC.exe |
Code function: GetLocaleInfoA, |
0_2_02C5A810 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: GetLocaleInfoA, |
8_2_2913F90C |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: GetLocaleInfoW, |
8_2_2917896D |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW, |
8_2_29181D58 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: EnumSystemLocalesW, |
8_2_29181FD0 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, |
8_2_29182143 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: EnumSystemLocalesW, |
8_2_2918201B |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: EnumSystemLocalesW, |
8_2_291820B6 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: GetLocaleInfoW, |
8_2_29182393 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: GetLocaleInfoW, |
8_2_291825C3 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: EnumSystemLocalesW, |
8_2_29178484 |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
8_2_291824BC |
| Source: C:\Windows\SysWOW64\SndVol.exe |
Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
8_2_29182690 |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Code function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA, |
10_2_02AA5ACC |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Code function: lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA, |
10_2_02AA5BD7 |
| Source: C:\Users\Public\Libraries\Selebzih.PIF |
Code function: GetLocaleInfoA, |
10_2_02AAA810 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: EnumSystemLocalesW, |
15_2_0045201B |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: EnumSystemLocalesW, |
15_2_004520B6 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, |
15_2_00452143 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: GetLocaleInfoW, |
15_2_00452393 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: EnumSystemLocalesW, |
15_2_00448484 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
15_2_004524BC |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: GetLocaleInfoW, |
15_2_004525C3 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
15_2_00452690 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: GetLocaleInfoW, |
15_2_0044896D |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: GetLocaleInfoA, |
15_2_0040F90C |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW, |
15_2_00451D58 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: EnumSystemLocalesW, |
15_2_00451FD0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: GetLocaleInfoW, |
15_2_0781968A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: GetLocaleInfoA, |
15_2_077E0629 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
15_2_078233AD |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: GetLocaleInfoW, |
15_2_078232E0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: EnumSystemLocalesW, |
15_2_078191A1 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
15_2_078231D9 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: GetLocaleInfoW, |
15_2_078230B0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, |
15_2_07822E60 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: EnumSystemLocalesW, |
15_2_07822DD3 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: EnumSystemLocalesW, |
15_2_07822D38 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: EnumSystemLocalesW, |
15_2_07822CED |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW, |
15_2_07822A75 |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet