Source: Yara match | File source: 6LkjS4JhAl.exe, type: SAMPLE |
Source: Yara match | File source: 0.2.6LkjS4JhAl.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.0.6LkjS4JhAl.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000000.00000002.506546365.0000000000409000.00000004.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: 6LkjS4JhAl.exe PID: 6508, type: MEMORYSTR |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\DCF\SPREADSHEETCOMPARE.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CMigrate.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javacpl.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\unpack200.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOICONS.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOXMLED.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateSetup.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\OcPubMgr.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\misc.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\FIRSTRUN.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\MSQRY32.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateBroker.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\AutoIt3\Uninstall.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaws.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateComRegisterShell64.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\MSOHTMED.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\AppSharingHookController.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\VPREVIEW.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\GRAPH.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSREC.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\ACCICONS.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\WORDICON.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\CNFNOT32.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\SELFCERT.EXE, type: DROPPED |
Source: Yara match | File source: C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaws.exe, type: DROPPED |
Source: Yara match | File source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ose.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\OLicenseHeartbeat.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaw.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\DCF\filecompare.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\Setup.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\XLICONS.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Oarpmany.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\MSOUC.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\AutoIt3\Au3Info.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdate.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\lync99.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssvagent.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\PPTICO.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\NAMECONTROLSERVER.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CSISYNCCLIENT.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateOnDemand.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\AutoIt3\Au3Check.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE, type: DROPPED |
Source: Yara match | File source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe, type: DROPPED |
Source: Yara match | File source: C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe, type: DROPPED |
Source: Yara match | File source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\SCANPST.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe, type: DROPPED |
Source: Yara match | File source: C:\ProgramData\Package Cache\{49697869-be8e-427d-81a0-c334d1d14950}\VC_redist.x86.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe, type: DROPPED |
Source: Yara match | File source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateCore.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\protocolhandler.exe, type: DROPPED |
Source: Yara match | File source: C:\Windows\svchost.com, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe, type: DROPPED |
Source: Yara match | File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\ChromeSetup.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe, type: DROPPED |
Source: Yara match | File source: C:\ProgramData\Microsoft\Windows Defender\Scans\MpPayloadData\mpengine.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\IEContentService.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\LICLUA.EXE, type: DROPPED |
Source: Yara match | File source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOSQM.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\SETLANG.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\FLTLDR.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\POWERPNT.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\CLVIEW.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\ODeploy.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\110\SQLDumper.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2launcher.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\lynchtmlconv.exe, type: DROPPED |
Source: Yara match | File source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaw.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE, type: DROPPED |
Source: Yara match | File source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exe, type: DROPPED |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssvagent.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\AppSharingHookController.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\POWERPNT.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2launcher.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\ACCICONS.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\Setup.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOXMLED.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\protocolhandler.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\SETLANG.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Oarpmany.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateOnDemand.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\MSOUC.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\PPTICO.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\CNFNOT32.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\ProgramData\Microsoft\Windows Defender\Scans\MpPayloadData\mpengine.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\FLTLDR.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\AutoIt3\Au3Check.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\LICLUA.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\DCF\SPREADSHEETCOMPARE.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\ProgramData\Package Cache\{49697869-be8e-427d-81a0-c334d1d14950}\VC_redist.x86.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\MSOSREC.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\WORDICON.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Users\user\AppData\Local\Temp\CR_14C6C.tmp\setup.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\XLICONS.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\GRAPH.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateComRegisterShell64.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOSQM.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\ProgramData\Adobe\ARM\S\1977\AdobeARMHelper.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\FIRSTRUN.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Java\jre1.8.0_211\bin\unpack200.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\CLVIEW.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\MSOHTMED.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javacpl.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\lynchtmlconv.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\misc.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateBroker.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\OLicenseHeartbeat.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaws.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\IEContentService.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdate.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\AutoIt3\Uninstall.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\OcPubMgr.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\SCANPST.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\ProgramData\Adobe\ARM\S\11399\AdobeARMHelper.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\VPREVIEW.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\MSQRY32.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaws.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\AutoIt3\Au3Info.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateSetup.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CSISYNCCLIENT.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOICONS.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\ODeploy.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\DCF\filecompare.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\lync99.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateCore.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaw.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\110\SQLDumper.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\SELFCERT.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\NAMECONTROLSERVER.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CMigrate.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE | Jump to behavior |
Source: 6LkjS4JhAl.exe, type: SAMPLE | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: 0.2.6LkjS4JhAl.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: 0.0.6LkjS4JhAl.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\DCF\SPREADSHEETCOMPARE.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CMigrate.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javacpl.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\unpack200.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOICONS.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOXMLED.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateSetup.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\OcPubMgr.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\misc.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\FIRSTRUN.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\MSQRY32.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateBroker.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\AutoIt3\Uninstall.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaws.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateComRegisterShell64.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOHTMED.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\AppSharingHookController.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\VPREVIEW.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\GRAPH.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSREC.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\ACCICONS.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\WORDICON.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\CNFNOT32.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\SELFCERT.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaws.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ose.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\OLicenseHeartbeat.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaw.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\DCF\filecompare.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\Setup.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\XLICONS.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Oarpmany.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOUC.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\AutoIt3\Au3Info.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdate.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\lync99.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssvagent.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\PPTICO.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\NAMECONTROLSERVER.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CSISYNCCLIENT.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateOnDemand.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\AutoIt3\Au3Check.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\SCANPST.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\ProgramData\Package Cache\{49697869-be8e-427d-81a0-c334d1d14950}\VC_redist.x86.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateCore.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\protocolhandler.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Windows\svchost.com, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\ChromeSetup.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\ProgramData\Microsoft\Windows Defender\Scans\MpPayloadData\mpengine.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\IEContentService.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\LICLUA.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOSQM.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\SETLANG.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\FLTLDR.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\POWERPNT.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\CLVIEW.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\ODeploy.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\110\SQLDumper.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2launcher.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Microsoft Office\Office16\lynchtmlconv.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaw.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exe, type: DROPPED | Matched rule: MAL_Neshta_Generic date = 2018-01-15, hash3 = 1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb, hash2 = b7f8233dafab45e3abbbb4f3cc76e6860fae8d5337fb0b750ea20058b56b0efb, hash1 = 0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e, author = Florian Roth, description = Detects Neshta malware, reference = Internal Research, modified = 2021-04-14 |
Source: Yara match | File source: 6LkjS4JhAl.exe, type: SAMPLE |
Source: Yara match | File source: 0.2.6LkjS4JhAl.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.0.6LkjS4JhAl.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000000.00000002.506546365.0000000000409000.00000004.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: 6LkjS4JhAl.exe PID: 6508, type: MEMORYSTR |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\DCF\SPREADSHEETCOMPARE.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CMigrate.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javacpl.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\unpack200.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOICONS.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOXMLED.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateSetup.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\OcPubMgr.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\misc.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\FIRSTRUN.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\MSQRY32.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateBroker.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\AutoIt3\Uninstall.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaws.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateComRegisterShell64.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\MSOHTMED.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\AppSharingHookController.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\VPREVIEW.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\GRAPH.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSREC.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\ACCICONS.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\WORDICON.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\CNFNOT32.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\SELFCERT.EXE, type: DROPPED |
Source: Yara match | File source: C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaws.exe, type: DROPPED |
Source: Yara match | File source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ose.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\OLicenseHeartbeat.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaw.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\DCF\filecompare.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\Setup.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\XLICONS.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Oarpmany.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\MSOUC.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\AutoIt3\Au3Info.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdate.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\lync99.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssvagent.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\PPTICO.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\NAMECONTROLSERVER.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CSISYNCCLIENT.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateOnDemand.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\AutoIt3\Au3Check.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE, type: DROPPED |
Source: Yara match | File source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe, type: DROPPED |
Source: Yara match | File source: C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe, type: DROPPED |
Source: Yara match | File source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\SCANPST.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe, type: DROPPED |
Source: Yara match | File source: C:\ProgramData\Package Cache\{49697869-be8e-427d-81a0-c334d1d14950}\VC_redist.x86.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe, type: DROPPED |
Source: Yara match | File source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateCore.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\protocolhandler.exe, type: DROPPED |
Source: Yara match | File source: C:\Windows\svchost.com, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe, type: DROPPED |
Source: Yara match | File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\ChromeSetup.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe, type: DROPPED |
Source: Yara match | File source: C:\ProgramData\Microsoft\Windows Defender\Scans\MpPayloadData\mpengine.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\IEContentService.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\LICLUA.EXE, type: DROPPED |
Source: Yara match | File source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOSQM.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\SETLANG.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\FLTLDR.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\POWERPNT.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\CLVIEW.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\ODeploy.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\110\SQLDumper.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2launcher.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\lynchtmlconv.exe, type: DROPPED |
Source: Yara match | File source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaw.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE, type: DROPPED |
Source: Yara match | File source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exe, type: DROPPED |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssvagent.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\AppSharingHookController.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\POWERPNT.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2launcher.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\ACCICONS.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\Setup.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOXMLED.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\protocolhandler.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\SETLANG.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Oarpmany.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateOnDemand.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\MSOUC.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\PPTICO.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\CNFNOT32.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\ProgramData\Microsoft\Windows Defender\Scans\MpPayloadData\mpengine.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\FLTLDR.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\AutoIt3\Au3Check.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\LICLUA.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\DCF\SPREADSHEETCOMPARE.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\ProgramData\Package Cache\{49697869-be8e-427d-81a0-c334d1d14950}\VC_redist.x86.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\MSOSREC.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\WORDICON.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Users\user\AppData\Local\Temp\CR_14C6C.tmp\setup.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\XLICONS.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\GRAPH.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateComRegisterShell64.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOSQM.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\ProgramData\Adobe\ARM\S\1977\AdobeARMHelper.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\FIRSTRUN.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Java\jre1.8.0_211\bin\unpack200.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\CLVIEW.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\MSOHTMED.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javacpl.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\lynchtmlconv.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\misc.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateBroker.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\OLicenseHeartbeat.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaws.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\IEContentService.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdate.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\AutoIt3\Uninstall.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\OcPubMgr.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\SCANPST.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\ProgramData\Adobe\ARM\S\11399\AdobeARMHelper.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\VPREVIEW.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\MSQRY32.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaws.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\AutoIt3\Au3Info.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateSetup.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CSISYNCCLIENT.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOICONS.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\ODeploy.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\DCF\filecompare.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\lync99.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateCore.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaw.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\110\SQLDumper.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\SELFCERT.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\NAMECONTROLSERVER.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CMigrate.exe | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | System file written: C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssvagent.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Microsoft Office\Office16\AppSharingHookController.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Microsoft Office\Office16\POWERPNT.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2launcher.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Microsoft Office\Office16\ACCICONS.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe | |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Windows\svchost.com | |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\Setup.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOXMLED.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Microsoft Office\Office16\protocolhandler.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Microsoft Office\Office16\SETLANG.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ose.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Oarpmany.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateOnDemand.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Microsoft Office\Office16\MSOUC.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Microsoft Office\Office16\PPTICO.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Microsoft Office\Office16\CNFNOT32.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\ProgramData\Microsoft\Windows Defender\Scans\MpPayloadData\mpengine.exe | |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\FLTLDR.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe | |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\AutoIt3\Au3Check.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\LICLUA.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Microsoft Office\Office16\DCF\SPREADSHEETCOMPARE.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\ProgramData\Package Cache\{49697869-be8e-427d-81a0-c334d1d14950}\VC_redist.x86.exe | |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Microsoft Office\Office16\MSOSREC.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.exe | |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Microsoft Office\Office16\WORDICON.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Users\user\AppData\Local\Temp\CR_14C6C.tmp\setup.exe | |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Microsoft Office\Office16\XLICONS.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Microsoft Office\Office16\GRAPH.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Users\user\AppData\Local\Temp\3582-490\6LkjS4JhAl.exe | |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateComRegisterShell64.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOSQM.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\ProgramData\Adobe\ARM\S\1977\AdobeARMHelper.exe | |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Microsoft Office\Office16\FIRSTRUN.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\unpack200.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Microsoft Office\Office16\CLVIEW.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Microsoft Office\Office16\MSOHTMED.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javacpl.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Microsoft Office\Office16\lynchtmlconv.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Microsoft Office\Office16\misc.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateBroker.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\OLicenseHeartbeat.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\ChromeSetup.exe | |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaws.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Microsoft Office\Office16\IEContentService.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdate.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\AutoIt3\Uninstall.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Microsoft Office\Office16\OcPubMgr.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Microsoft Office\Office16\SCANPST.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\ProgramData\Adobe\ARM\S\11399\AdobeARMHelper.exe | |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Microsoft Office\Office16\VPREVIEW.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe | |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Microsoft Office\Office16\MSQRY32.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaws.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\AutoIt3\Au3Info.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateSetup.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CSISYNCCLIENT.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe | |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOICONS.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\ODeploy.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Microsoft Office\Office16\DCF\filecompare.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Microsoft Office\Office16\lync99.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateCore.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaw.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\110\SQLDumper.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe | |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Microsoft Office\Office16\SELFCERT.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Microsoft Office\Office16\NAMECONTROLSERVER.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CMigrate.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | File created: C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE | Jump to dropped file |
Source: Yara match | File source: 6LkjS4JhAl.exe, type: SAMPLE |
Source: Yara match | File source: 0.2.6LkjS4JhAl.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.0.6LkjS4JhAl.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000000.00000002.506546365.0000000000409000.00000004.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: 6LkjS4JhAl.exe PID: 6508, type: MEMORYSTR |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\DCF\SPREADSHEETCOMPARE.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CMigrate.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javacpl.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\unpack200.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOICONS.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOXMLED.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateSetup.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\OcPubMgr.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\misc.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\FIRSTRUN.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\MSQRY32.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateBroker.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\AutoIt3\Uninstall.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaws.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateComRegisterShell64.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\MSOHTMED.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\AppSharingHookController.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\VPREVIEW.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\GRAPH.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSREC.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\ACCICONS.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\WORDICON.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\CNFNOT32.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\SELFCERT.EXE, type: DROPPED |
Source: Yara match | File source: C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaws.exe, type: DROPPED |
Source: Yara match | File source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ose.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\OLicenseHeartbeat.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaw.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\DCF\filecompare.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\Setup.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\XLICONS.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Oarpmany.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\MSOUC.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\AutoIt3\Au3Info.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdate.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\lync99.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssvagent.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\PPTICO.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\NAMECONTROLSERVER.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CSISYNCCLIENT.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateOnDemand.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\AutoIt3\Au3Check.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE, type: DROPPED |
Source: Yara match | File source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe, type: DROPPED |
Source: Yara match | File source: C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe, type: DROPPED |
Source: Yara match | File source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\SCANPST.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe, type: DROPPED |
Source: Yara match | File source: C:\ProgramData\Package Cache\{49697869-be8e-427d-81a0-c334d1d14950}\VC_redist.x86.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe, type: DROPPED |
Source: Yara match | File source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateCore.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\protocolhandler.exe, type: DROPPED |
Source: Yara match | File source: C:\Windows\svchost.com, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe, type: DROPPED |
Source: Yara match | File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\ChromeSetup.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe, type: DROPPED |
Source: Yara match | File source: C:\ProgramData\Microsoft\Windows Defender\Scans\MpPayloadData\mpengine.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\IEContentService.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\LICLUA.EXE, type: DROPPED |
Source: Yara match | File source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOSQM.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\SETLANG.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\FLTLDR.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\POWERPNT.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\CLVIEW.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\ODeploy.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\110\SQLDumper.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2launcher.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\lynchtmlconv.exe, type: DROPPED |
Source: Yara match | File source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaw.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE, type: DROPPED |
Source: Yara match | File source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exe, type: DROPPED |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssvagent.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\AppSharingHookController.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\POWERPNT.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2launcher.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\ACCICONS.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe | |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Windows\svchost.com | |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\Setup.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOXMLED.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\protocolhandler.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\SETLANG.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ose.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Oarpmany.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateOnDemand.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\MSOUC.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\PPTICO.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\CNFNOT32.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Scans\MpPayloadData\mpengine.exe | |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\FLTLDR.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe | |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Au3Check.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\LICLUA.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\DCF\SPREADSHEETCOMPARE.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\ProgramData\Package Cache\{49697869-be8e-427d-81a0-c334d1d14950}\VC_redist.x86.exe | |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\MSOSREC.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.exe | |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\WORDICON.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CR_14C6C.tmp\setup.exe | |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\XLICONS.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\GRAPH.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateComRegisterShell64.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOSQM.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\ProgramData\Adobe\ARM\S\1977\AdobeARMHelper.exe | |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\FIRSTRUN.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Java\jre1.8.0_211\bin\unpack200.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\CLVIEW.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\MSOHTMED.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\lynchtmlconv.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javacpl.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\misc.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateBroker.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\OLicenseHeartbeat.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\ChromeSetup.exe | |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaws.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\IEContentService.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdate.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Uninstall.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\OcPubMgr.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\SCANPST.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\ProgramData\Adobe\ARM\S\11399\AdobeARMHelper.exe | |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\VPREVIEW.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\MSQRY32.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe | |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaws.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Au3Info.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateSetup.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CSISYNCCLIENT.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe | |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOICONS.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\ODeploy.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\DCF\filecompare.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\lync99.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateCore.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaw.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\110\SQLDumper.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe | |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\SELFCERT.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\NAMECONTROLSERVER.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CMigrate.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\6LkjS4JhAl.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE | Jump to dropped file |
Source: Yara match | File source: 6LkjS4JhAl.exe, type: SAMPLE |
Source: Yara match | File source: 0.2.6LkjS4JhAl.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.0.6LkjS4JhAl.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000000.00000002.506546365.0000000000409000.00000004.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: 6LkjS4JhAl.exe PID: 6508, type: MEMORYSTR |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\DCF\SPREADSHEETCOMPARE.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CMigrate.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javacpl.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\unpack200.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOICONS.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOXMLED.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateSetup.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\OcPubMgr.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\misc.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\FIRSTRUN.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\MSQRY32.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateBroker.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\AutoIt3\Uninstall.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaws.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateComRegisterShell64.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\MSOHTMED.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\AppSharingHookController.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\VPREVIEW.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\GRAPH.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSREC.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\ACCICONS.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\WORDICON.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\CNFNOT32.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\SELFCERT.EXE, type: DROPPED |
Source: Yara match | File source: C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaws.exe, type: DROPPED |
Source: Yara match | File source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ose.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\OLicenseHeartbeat.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaw.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\DCF\filecompare.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\Setup.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\XLICONS.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Oarpmany.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\MSOUC.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\AutoIt3\Au3Info.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdate.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\lync99.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssvagent.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\PPTICO.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\NAMECONTROLSERVER.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CSISYNCCLIENT.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateOnDemand.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\AutoIt3\Au3Check.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE, type: DROPPED |
Source: Yara match | File source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe, type: DROPPED |
Source: Yara match | File source: C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe, type: DROPPED |
Source: Yara match | File source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\SCANPST.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe, type: DROPPED |
Source: Yara match | File source: C:\ProgramData\Package Cache\{49697869-be8e-427d-81a0-c334d1d14950}\VC_redist.x86.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe, type: DROPPED |
Source: Yara match | File source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateCore.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\protocolhandler.exe, type: DROPPED |
Source: Yara match | File source: C:\Windows\svchost.com, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe, type: DROPPED |
Source: Yara match | File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\ChromeSetup.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe, type: DROPPED |
Source: Yara match | File source: C:\ProgramData\Microsoft\Windows Defender\Scans\MpPayloadData\mpengine.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\IEContentService.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\LICLUA.EXE, type: DROPPED |
Source: Yara match | File source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOSQM.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\SETLANG.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\FLTLDR.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\POWERPNT.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\CLVIEW.EXE, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\ODeploy.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\110\SQLDumper.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2launcher.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Microsoft Office\Office16\lynchtmlconv.exe, type: DROPPED |
Source: Yara match | File source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaw.exe, type: DROPPED |
Source: Yara match | File source: C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE, type: DROPPED |
Source: Yara match | File source: C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exe, type: DROPPED |