Source: DOCS.exe, 00000004.00000002.502145216.0000000002B61000.00000004.00000001.sdmp, NXLun.exe, 00000012.00000002.500663594.0000000003081000.00000004.00000001.sdmp |
String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: NXLun.exe, 00000012.00000002.500663594.0000000003081000.00000004.00000001.sdmp |
String found in binary or memory: http://DynDns.comDynDNS |
Source: DOCS.exe, 00000004.00000002.506216357.0000000002ED0000.00000004.00000001.sdmp |
String found in binary or memory: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0# |
Source: NXLun.exe, 00000012.00000002.500663594.0000000003081000.00000004.00000001.sdmp |
String found in binary or memory: http://hFHvHh.com |
Source: DOCS.exe, 00000004.00000002.506216357.0000000002ED0000.00000004.00000001.sdmp |
String found in binary or memory: http://ocsp.sectigo.com0A |
Source: DOCS.exe, 00000004.00000002.506101125.0000000002EC6000.00000004.00000001.sdmp |
String found in binary or memory: http://us2.smtp.mailhostbox.com |
Source: DOCS.exe, 00000004.00000002.502145216.0000000002B61000.00000004.00000001.sdmp |
String found in binary or memory: https://api.ipify.org%$ |
Source: NXLun.exe, 00000012.00000002.500663594.0000000003081000.00000004.00000001.sdmp |
String found in binary or memory: https://api.ipify.org%GETMozilla/5.0 |
Source: DOCS.exe, 00000004.00000002.506216357.0000000002ED0000.00000004.00000001.sdmp |
String found in binary or memory: https://sectigo.com/CPS0 |
Source: DOCS.exe, 00000004.00000002.506391286.0000000002EED000.00000004.00000001.sdmp, DOCS.exe, 00000004.00000002.506031808.0000000002EC0000.00000004.00000001.sdmp, DOCS.exe, 00000004.00000002.502145216.0000000002B61000.00000004.00000001.sdmp, DOCS.exe, 00000004.00000002.505417799.0000000002E89000.00000004.00000001.sdmp, DOCS.exe, 00000004.00000002.506468128.0000000002EF5000.00000004.00000001.sdmp |
String found in binary or memory: https://wiYfivfC8nSIDolSjnz.org |
Source: DOCS.exe, 00000001.00000002.244914282.0000000004085000.00000004.00000001.sdmp, DOCS.exe, 00000004.00000002.495044836.0000000000402000.00000040.00000001.sdmp, NXLun.exe, 00000011.00000002.347326587.0000000003CD5000.00000004.00000001.sdmp, NXLun.exe, 00000012.00000002.495132037.0000000000402000.00000040.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip |
Source: DOCS.exe, 00000004.00000002.502145216.0000000002B61000.00000004.00000001.sdmp, NXLun.exe, 00000012.00000002.500663594.0000000003081000.00000004.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Users\user\Desktop\DOCS.exe |
Code function: 1_2_052D3F50 |
1_2_052D3F50 |
Source: C:\Users\user\Desktop\DOCS.exe |
Code function: 1_2_052C86F9 |
1_2_052C86F9 |
Source: C:\Users\user\Desktop\DOCS.exe |
Code function: 1_2_02C85440 |
1_2_02C85440 |
Source: C:\Users\user\Desktop\DOCS.exe |
Code function: 1_2_02C85A88 |
1_2_02C85A88 |
Source: C:\Users\user\Desktop\DOCS.exe |
Code function: 1_2_02C83F68 |
1_2_02C83F68 |
Source: C:\Users\user\Desktop\DOCS.exe |
Code function: 1_2_02C85431 |
1_2_02C85431 |
Source: C:\Users\user\Desktop\DOCS.exe |
Code function: 1_2_02C83F58 |
1_2_02C83F58 |
Source: C:\Users\user\Desktop\DOCS.exe |
Code function: 4_2_00F53023 |
4_2_00F53023 |
Source: C:\Users\user\Desktop\DOCS.exe |
Code function: 4_2_00F507D0 |
4_2_00F507D0 |
Source: C:\Users\user\Desktop\DOCS.exe |
Code function: 4_2_00F56B68 |
4_2_00F56B68 |
Source: C:\Users\user\Desktop\DOCS.exe |
Code function: 4_2_00F51F88 |
4_2_00F51F88 |
Source: C:\Users\user\Desktop\DOCS.exe |
Code function: 4_2_00F572C0 |
4_2_00F572C0 |
Source: C:\Users\user\Desktop\DOCS.exe |
Code function: 4_2_00F59C50 |
4_2_00F59C50 |
Source: C:\Users\user\Desktop\DOCS.exe |
Code function: 4_2_00F5CFD8 |
4_2_00F5CFD8 |
Source: C:\Users\user\Desktop\DOCS.exe |
Code function: 4_2_00F8A208 |
4_2_00F8A208 |
Source: C:\Users\user\Desktop\DOCS.exe |
Code function: 4_2_00F856A0 |
4_2_00F856A0 |
Source: C:\Users\user\Desktop\DOCS.exe |
Code function: 4_2_00FD47A0 |
4_2_00FD47A0 |
Source: C:\Users\user\Desktop\DOCS.exe |
Code function: 4_2_00FD4790 |
4_2_00FD4790 |
Source: C:\Users\user\Desktop\DOCS.exe |
Code function: 4_2_00FD4772 |
4_2_00FD4772 |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Code function: 17_2_04D2D688 |
17_2_04D2D688 |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Code function: 17_2_04D26850 |
17_2_04D26850 |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Code function: 17_2_04D26FF8 |
17_2_04D26FF8 |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Code function: 17_2_04D26FE8 |
17_2_04D26FE8 |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Code function: 18_2_02E647A0 |
18_2_02E647A0 |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Code function: 18_2_02E63E58 |
18_2_02E63E58 |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Code function: 18_2_02E64772 |
18_2_02E64772 |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Code function: 18_2_02E64730 |
18_2_02E64730 |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Code function: 20_2_030C5431 |
20_2_030C5431 |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Code function: 20_2_030C5A88 |
20_2_030C5A88 |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Code function: 20_2_030C3F58 |
20_2_030C3F58 |
Source: NXLun.exe.4.dr, Regedit.cs |
Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent() |
Source: NXLun.exe.4.dr, Regedit.cs |
Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole) |
Source: 4.0.DOCS.exe.6e0000.0.unpack, Regedit.cs |
Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent() |
Source: 4.0.DOCS.exe.6e0000.0.unpack, Regedit.cs |
Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole) |
Source: 17.0.NXLun.exe.3a0000.0.unpack, Regedit.cs |
Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent() |
Source: 17.0.NXLun.exe.3a0000.0.unpack, Regedit.cs |
Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole) |
Source: 17.2.NXLun.exe.3a0000.0.unpack, Regedit.cs |
Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent() |
Source: 17.2.NXLun.exe.3a0000.0.unpack, Regedit.cs |
Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole) |
Source: 1.2.DOCS.exe.890000.0.unpack, Regedit.cs |
Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent() |
Source: 1.2.DOCS.exe.890000.0.unpack, Regedit.cs |
Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole) |
Source: 1.0.DOCS.exe.890000.0.unpack, Regedit.cs |
Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent() |
Source: 1.0.DOCS.exe.890000.0.unpack, Regedit.cs |
Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole) |
Source: 4.2.DOCS.exe.6e0000.1.unpack, Regedit.cs |
Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent() |
Source: 4.2.DOCS.exe.6e0000.1.unpack, Regedit.cs |
Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole) |
Source: DOCS.exe, Regedit.cs |
Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent() |
Source: DOCS.exe, Regedit.cs |
Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole) |
Source: 18.0.NXLun.exe.a30000.0.unpack, Regedit.cs |
Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent() |
Source: 18.0.NXLun.exe.a30000.0.unpack, Regedit.cs |
Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole) |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Queries volume information: C:\Users\user\Desktop\DOCS.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Queries volume information: C:\Users\user\Desktop\DOCS.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\DOCS.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Queries volume information: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Queries volume information: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Queries volume information: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\NXLun\NXLun.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation |
Jump to behavior |
Source: Yara match |
File source: 1.2.DOCS.exe.4045b60.6.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.2.DOCS.exe.4085b80.8.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.2.DOCS.exe.4045b60.6.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 17.2.NXLun.exe.3cd5b80.8.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.DOCS.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.2.DOCS.exe.2dc55d4.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 17.2.NXLun.exe.3cd5b80.8.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 17.2.NXLun.exe.3c95b60.7.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 18.2.NXLun.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.2.DOCS.exe.4085b80.8.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.2.DOCS.exe.4025b40.7.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 17.2.NXLun.exe.3c75b40.6.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 17.2.NXLun.exe.3c95b60.7.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.2.DOCS.exe.2dd4408.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 17.2.NXLun.exe.2a15758.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 17.2.NXLun.exe.2a2458c.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000011.00000002.347326587.0000000003CD5000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000012.00000002.495132037.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000011.00000002.347157176.0000000003C1D000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000001.00000002.244914282.0000000004085000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000001.00000002.241626967.0000000002CB1000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000001.00000002.244277836.0000000003FCD000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000012.00000002.500663594.0000000003081000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000011.00000002.337797812.0000000002901000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000004.00000002.495044836.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: DOCS.exe PID: 5928, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: DOCS.exe PID: 4992, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: NXLun.exe PID: 5388, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: NXLun.exe PID: 5372, type: MEMORY |
Source: Yara match |
File source: 1.2.DOCS.exe.4045b60.6.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.2.DOCS.exe.4085b80.8.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.2.DOCS.exe.4045b60.6.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 17.2.NXLun.exe.3cd5b80.8.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.DOCS.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.2.DOCS.exe.2dc55d4.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 17.2.NXLun.exe.3cd5b80.8.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 17.2.NXLun.exe.3c95b60.7.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 18.2.NXLun.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.2.DOCS.exe.4085b80.8.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.2.DOCS.exe.4025b40.7.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 17.2.NXLun.exe.3c75b40.6.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 17.2.NXLun.exe.3c95b60.7.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.2.DOCS.exe.2dd4408.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 17.2.NXLun.exe.2a15758.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 17.2.NXLun.exe.2a2458c.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000011.00000002.347326587.0000000003CD5000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000012.00000002.495132037.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000011.00000002.347157176.0000000003C1D000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000001.00000002.244914282.0000000004085000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000001.00000002.241626967.0000000002CB1000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000001.00000002.244277836.0000000003FCD000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000012.00000002.500663594.0000000003081000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000011.00000002.337797812.0000000002901000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000004.00000002.495044836.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: DOCS.exe PID: 5928, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: DOCS.exe PID: 4992, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: NXLun.exe PID: 5388, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: NXLun.exe PID: 5372, type: MEMORY |