Source: 3.2.csc.exe.aa0000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown |
Source: 3.2.csc.exe.aa0000.0.unpack, type: UNPACKEDPE | Matched rule: Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc. Author: ditekSHen |
Source: 3.2.csc.exe.aa0000.0.unpack, type: UNPACKEDPE | Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen |
Source: 3.2.csc.exe.aa0000.0.unpack, type: UNPACKEDPE | Matched rule: Detects executables containing the string DcRatBy Author: ditekSHen |
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown |
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.unpack, type: UNPACKEDPE | Matched rule: Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc. Author: ditekSHen |
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.unpack, type: UNPACKEDPE | Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen |
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.unpack, type: UNPACKEDPE | Matched rule: Detects executables containing the string DcRatBy Author: ditekSHen |
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown |
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc. Author: ditekSHen |
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen |
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables containing the string DcRatBy Author: ditekSHen |
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.c00000.2.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown |
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.c00000.2.unpack, type: UNPACKEDPE | Matched rule: Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc. Author: ditekSHen |
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.c00000.2.unpack, type: UNPACKEDPE | Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen |
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.c00000.2.unpack, type: UNPACKEDPE | Matched rule: Detects executables containing the string DcRatBy Author: ditekSHen |
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown |
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc. Author: ditekSHen |
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen |
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects executables containing the string DcRatBy Author: ditekSHen |
Source: 00000003.00000002.3355880871.0000000000AA2000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown |
Source: 00000000.00000002.2282262613.0000000000C02000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown |
Source: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown |
Source: 00000003.00000002.3356628122.0000000005258000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown |
Source: 00000003.00000002.3356996740.0000000006F81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown |
Source: Process Memory Space: Documento_Remisorio_Activo_N#8475684756..exe PID: 4980, type: MEMORYSTR | Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown |
Source: Process Memory Space: csc.exe PID: 712, type: MEMORYSTR | Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_004228F0 NtQueryDefaultLocale, | 0_2_004228F0 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00423B73 NtQueryDefaultLocale, | 0_2_00423B73 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_004221F0 NtQueryDefaultLocale, | 0_2_004221F0 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00422270 NtQueryDefaultLocale, | 0_2_00422270 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00422276 NtQueryDefaultLocale, | 0_2_00422276 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00422287 NtQueryDefaultLocale, | 0_2_00422287 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00422415 NtQueryDefaultLocale, | 0_2_00422415 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_004224DC NtQueryDefaultLocale, | 0_2_004224DC |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0042256F NtQueryDefaultLocale, | 0_2_0042256F |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0042258A NtQueryDefaultLocale, | 0_2_0042258A |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_004227F8 NtQueryDefaultLocale, | 0_2_004227F8 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00422873 NtQueryDefaultLocale, | 0_2_00422873 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00422814 NtQueryDefaultLocale, | 0_2_00422814 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00423020 NtQueryDefaultLocale, | 0_2_00423020 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00423033 NtQueryDefaultLocale, | 0_2_00423033 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00423080 NtQueryDefaultLocale, | 0_2_00423080 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0042312D NtQueryDefaultLocale, | 0_2_0042312D |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00423291 NtQueryDefaultLocale, | 0_2_00423291 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_004232B1 NtQueryDefaultLocale, | 0_2_004232B1 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00423339 NtQueryDefaultLocale, | 0_2_00423339 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00423797 NtQueryDefaultLocale, | 0_2_00423797 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00423B4A NtQueryDefaultLocale, | 0_2_00423B4A |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00423B4F NtQueryDefaultLocale, | 0_2_00423B4F |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00423DD6 NtQueryDefaultLocale, | 0_2_00423DD6 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00423DE3 NtQueryDefaultLocale, | 0_2_00423DE3 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00421DAD NtQueryDefaultLocale, | 0_2_00421DAD |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00421DB2 NtQueryDefaultLocale, | 0_2_00421DB2 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00423E4F NtQueryDefaultLocale, | 0_2_00423E4F |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00423E30 NtQueryDefaultLocale, | 0_2_00423E30 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0042C70B | 0_2_0042C70B |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0042960E | 0_2_0042960E |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00423B73 | 0_2_00423B73 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00414048 | 0_2_00414048 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0041405F | 0_2_0041405F |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0049806C | 0_2_0049806C |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0042A069 | 0_2_0042A069 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0042A07B | 0_2_0042A07B |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00414005 | 0_2_00414005 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_004240E4 | 0_2_004240E4 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_004100EC | 0_2_004100EC |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_004100F7 | 0_2_004100F7 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00410141 | 0_2_00410141 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00410109 | 0_2_00410109 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0041A132 | 0_2_0041A132 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00482130 | 0_2_00482130 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0042A1C6 | 0_2_0042A1C6 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0041019C | 0_2_0041019C |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0041A1A2 | 0_2_0041A1A2 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0041025A | 0_2_0041025A |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00440230 | 0_2_00440230 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0041E2D5 | 0_2_0041E2D5 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0042A292 | 0_2_0042A292 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_004102BA | 0_2_004102BA |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00410375 | 0_2_00410375 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0042432C | 0_2_0042432C |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00446330 | 0_2_00446330 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0040E3C6 | 0_2_0040E3C6 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0048A3C4 | 0_2_0048A3C4 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00418469 | 0_2_00418469 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00422415 | 0_2_00422415 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0041843C | 0_2_0041843C |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_004244CB | 0_2_004244CB |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0041A4DC | 0_2_0041A4DC |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0041C4E8 | 0_2_0041C4E8 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00418493 | 0_2_00418493 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0040E4A6 | 0_2_0040E4A6 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00424542 | 0_2_00424542 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0040E54F | 0_2_0040E54F |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0047A550 | 0_2_0047A550 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00424529 | 0_2_00424529 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0042A534 | 0_2_0042A534 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0041A5C1 | 0_2_0041A5C1 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0040E5EE | 0_2_0040E5EE |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0042A62F | 0_2_0042A62F |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0041863F | 0_2_0041863F |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0040E687 | 0_2_0040E687 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00418740 | 0_2_00418740 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_004267D0 | 0_2_004267D0 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0041C7F8 | 0_2_0041C7F8 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0049287D | 0_2_0049287D |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00420983 | 0_2_00420983 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_004989B1 | 0_2_004989B1 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0048C9B7 | 0_2_0048C9B7 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0041AA02 | 0_2_0041AA02 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00424B46 | 0_2_00424B46 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00420BDF | 0_2_00420BDF |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0042AB99 | 0_2_0042AB99 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00490C05 | 0_2_00490C05 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00426C1C | 0_2_00426C1C |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00424CD4 | 0_2_00424CD4 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00422CAB | 0_2_00422CAB |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00426D05 | 0_2_00426D05 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00410D28 | 0_2_00410D28 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0048AE08 | 0_2_0048AE08 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00426E00 | 0_2_00426E00 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0041AF6C | 0_2_0041AF6C |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00421010 | 0_2_00421010 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00423020 | 0_2_00423020 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00423033 | 0_2_00423033 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_004130D4 | 0_2_004130D4 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_004130E5 | 0_2_004130E5 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00423080 | 0_2_00423080 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00413097 | 0_2_00413097 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_004730A0 | 0_2_004730A0 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00413140 | 0_2_00413140 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00419149 | 0_2_00419149 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0042517C | 0_2_0042517C |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0042312D | 0_2_0042312D |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0041B13F | 0_2_0041B13F |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_004131B4 | 0_2_004131B4 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00421257 | 0_2_00421257 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00423291 | 0_2_00423291 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_004232B1 | 0_2_004232B1 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0040F305 | 0_2_0040F305 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00423339 | 0_2_00423339 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0040F3DF | 0_2_0040F3DF |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0040F445 | 0_2_0040F445 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0040F460 | 0_2_0040F460 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0040D4E0 | 0_2_0040D4E0 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0041F4B5 | 0_2_0041F4B5 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00421568 | 0_2_00421568 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00417520 | 0_2_00417520 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0040D5C0 | 0_2_0040D5C0 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_004975E4 | 0_2_004975E4 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_004275BC | 0_2_004275BC |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0040D65F | 0_2_0040D65F |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0041D670 | 0_2_0041D670 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0040D675 | 0_2_0040D675 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0042163C | 0_2_0042163C |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_004176C4 | 0_2_004176C4 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_004296DB | 0_2_004296DB |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_004216EE | 0_2_004216EE |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_004296A9 | 0_2_004296A9 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_004176BF | 0_2_004176BF |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0041175B | 0_2_0041175B |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0042975C | 0_2_0042975C |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00429700 | 0_2_00429700 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00499715 | 0_2_00499715 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00419721 | 0_2_00419721 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00421864 | 0_2_00421864 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00429836 | 0_2_00429836 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_004178FA | 0_2_004178FA |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_004178B7 | 0_2_004178B7 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00417942 | 0_2_00417942 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0049B950 | 0_2_0049B950 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00429905 | 0_2_00429905 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00447910 | 0_2_00447910 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00417992 | 0_2_00417992 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00419A53 | 0_2_00419A53 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0041FA63 | 0_2_0041FA63 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0041FA11 | 0_2_0041FA11 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00433AA0 | 0_2_00433AA0 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00423B4A | 0_2_00423B4A |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00423B4F | 0_2_00423B4F |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00497B28 | 0_2_00497B28 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00425B20 | 0_2_00425B20 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00419B29 | 0_2_00419B29 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0041FB2D | 0_2_0041FB2D |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00419BE0 | 0_2_00419BE0 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0041FBEE | 0_2_0041FBEE |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0041FBFD | 0_2_0041FBFD |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00411BFF | 0_2_00411BFF |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00427BAC | 0_2_00427BAC |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0041FBBC | 0_2_0041FBBC |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0041FC52 | 0_2_0041FC52 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00421C0F | 0_2_00421C0F |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00419C1C | 0_2_00419C1C |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00419C3A | 0_2_00419C3A |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00479CD0 | 0_2_00479CD0 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0041FCD9 | 0_2_0041FCD9 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00419C8E | 0_2_00419C8E |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0041FCB4 | 0_2_0041FCB4 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0040DDD4 | 0_2_0040DDD4 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00423DD6 | 0_2_00423DD6 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00423DE3 | 0_2_00423DE3 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00411E51 | 0_2_00411E51 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_004FBE67 | 0_2_004FBE67 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00419E7B | 0_2_00419E7B |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00429E1E | 0_2_00429E1E |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00423E30 | 0_2_00423E30 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0040DE33 | 0_2_0040DE33 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00419EAF | 0_2_00419EAF |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00429F4F | 0_2_00429F4F |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0040DF55 | 0_2_0040DF55 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_0040DFCE | 0_2_0040DFCE |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00479FD0 | 0_2_00479FD0 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00413FF2 | 0_2_00413FF2 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: 0_2_00413FF9 | 0_2_00413FF9 |
Source: 3.2.csc.exe.aa0000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12 |
Source: 3.2.csc.exe.aa0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_B64_Artifacts author = ditekSHen, description = Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc. |
Source: 3.2.csc.exe.aa0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI |
Source: 3.2.csc.exe.aa0000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_DcRatBy author = ditekSHen, description = Detects executables containing the string DcRatBy |
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12 |
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_B64_Artifacts author = ditekSHen, description = Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc. |
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI |
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_DcRatBy author = ditekSHen, description = Detects executables containing the string DcRatBy |
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12 |
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_B64_Artifacts author = ditekSHen, description = Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc. |
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI |
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.4d44f2.1.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_DcRatBy author = ditekSHen, description = Detects executables containing the string DcRatBy |
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.c00000.2.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12 |
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.c00000.2.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_B64_Artifacts author = ditekSHen, description = Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc. |
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.c00000.2.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI |
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.c00000.2.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_DcRatBy author = ditekSHen, description = Detects executables containing the string DcRatBy |
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12 |
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_B64_Artifacts author = ditekSHen, description = Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc. |
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI |
Source: 0.2.Documento_Remisorio_Activo_N#8475684756..exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_DcRatBy author = ditekSHen, description = Detects executables containing the string DcRatBy |
Source: 00000003.00000002.3355880871.0000000000AA2000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12 |
Source: 00000000.00000002.2282262613.0000000000C02000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12 |
Source: 00000000.00000002.2282125974.00000000004D4000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12 |
Source: 00000003.00000002.3356628122.0000000005258000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12 |
Source: 00000003.00000002.3356996740.0000000006F81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12 |
Source: Process Memory Space: Documento_Remisorio_Activo_N#8475684756..exe PID: 4980, type: MEMORYSTR | Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12 |
Source: Process Memory Space: csc.exe PID: 712, type: MEMORYSTR | Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Section loaded: wtsapi32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Section loaded: k7rn7l32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Section loaded: ntd3ll.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: GetLocaleInfoA,GetLocaleInfoA,GetACP, | 0_2_00492133 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: __getptd,_LcidFromHexString,GetLocaleInfoA, | 0_2_0049224A |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen, | 0_2_004922E2 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage, | 0_2_00492356 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: GetLocaleInfoA, | 0_2_00486441 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage, | 0_2_00492528 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA, | 0_2_004925E9 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: GetLocaleInfoA, | 0_2_0049465E |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA, | 0_2_00492650 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s, | 0_2_0049268C |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement, | 0_2_0048274E |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetLastError,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,GetLocaleInfoA, | 0_2_004968EF |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: _LocaleUpdate::_LocaleUpdate,GetLocaleInfoW, | 0_2_004968BB |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat, | 0_2_00496A2E |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo, | 0_2_00491419 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoW, | 0_2_00489AD1 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement, | 0_2_00491A87 |
Source: C:\Users\user\Desktop\Documento_Remisorio_Activo_N#8475684756..exe | Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,InterlockedDecrement,InterlockedDecrement, | 0_2_00491CDF |