Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.244.38.210 |
Source: C:\Users\user\Desktop\Payment_Confirmation pdf.exe | Code function: 0_2_00F46878 |
Source: C:\Users\user\Desktop\Payment_Confirmation pdf.exe | Code function: 0_2_00F41820 |
Source: C:\Users\user\Desktop\Payment_Confirmation pdf.exe | Code function: 0_2_00F41811 |
Source: C:\Users\user\Desktop\Payment_Confirmation pdf.exe | Code function: 0_2_00F415C0 |
Source: C:\Users\user\Desktop\Payment_Confirmation pdf.exe | Code function: 0_2_00F415B1 |
Source: C:\Users\user\Desktop\Payment_Confirmation pdf.exe | Code function: 0_2_00F40682 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 11_2_00D420DD |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 11_2_00D42066 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 11_2_00E91438 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 11_2_00D41424 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 11_2_00EDE9EE |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 11_2_00EDF9BA |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 11_2_00D4DD20 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 11_2_00D5A699 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 11_2_00DAF65C |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 11_2_00F44BCE |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 11_2_00EDE3B9 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 13_2_00D420DD |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 13_2_00DD50F2 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 13_2_00D42066 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 13_2_00EDE9EE |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 13_2_00EDF9BA |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 13_2_00D47279 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 13_2_00F44BCE |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 13_2_00EDE3B9 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 13_2_00E91438 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 13_2_00D4E430 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 13_2_00D41424 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 13_2_00D4DD20 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 13_2_00DD7614 |
Source: 00000000.00000002.233380857.0000000003A01000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000000.00000002.233380857.0000000003A01000.00000004.00000001.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: Process Memory Space: Payment_Confirmation pdf.exe PID: 2800, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: Process Memory Space: Payment_Confirmation pdf.exe PID: 2800, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: unknown | Process created: C:\Users\user\Desktop\Payment_Confirmation pdf.exe 'C:\Users\user\Desktop\Payment_Confirmation pdf.exe' |
Source: unknown | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe |
Source: unknown | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe |
Source: unknown | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe |
Source: unknown | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe |
Source: unknown | Process created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp863B.tmp' |
Source: unknown | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: unknown | Process created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmp8988.tmp' |
Source: unknown | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: unknown | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe 0 |
Source: unknown | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: unknown | Process created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' 0 |
Source: unknown | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: unknown | Process created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' |
Source: unknown | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Users\user\Desktop\Payment_Confirmation pdf.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe |
Source: C:\Users\user\Desktop\Payment_Confirmation pdf.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe |
Source: C:\Users\user\Desktop\Payment_Confirmation pdf.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe |
Source: C:\Users\user\Desktop\Payment_Confirmation pdf.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp863B.tmp' |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmp8988.tmp' |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 11_2_00D43560 push eax; iretd |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 11_2_00D42AC8 push A80020C3h; ret |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 11_2_00D42B08 push B80020CAh; retf 0020h |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 11_2_00D42B30 push B80020CAh; retf 0020h |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 13_2_00D42AC8 push A80020C3h; ret |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 13_2_00D42B08 push B80020CAh; retf 0020h |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 13_2_00D42B30 push B80020CAh; retf 0020h |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 13_2_00D43560 push eax; iretd |
Source: C:\Users\user\Desktop\Payment_Confirmation pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Payment_Confirmation pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Payment_Confirmation pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Payment_Confirmation pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Payment_Confirmation pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Payment_Confirmation pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Payment_Confirmation pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Payment_Confirmation pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Payment_Confirmation pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Payment_Confirmation pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Payment_Confirmation pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Payment_Confirmation pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Payment_Confirmation pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Payment_Confirmation pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Payment_Confirmation pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Payment_Confirmation pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Payment_Confirmation pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Payment_Confirmation pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Payment_Confirmation pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Payment_Confirmation pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Payment_Confirmation pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Payment_Confirmation pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Payment_Confirmation pdf.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe |
Source: C:\Users\user\Desktop\Payment_Confirmation pdf.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe |
Source: C:\Users\user\Desktop\Payment_Confirmation pdf.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe |
Source: C:\Users\user\Desktop\Payment_Confirmation pdf.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp863B.tmp' |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmp8988.tmp' |
Source: C:\Users\user\Desktop\Payment_Confirmation pdf.exe | Queries volume information: C:\Users\user\Desktop\Payment_Confirmation pdf.exe VolumeInformation |
Source: C:\Users\user\Desktop\Payment_Confirmation pdf.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |