Source: Yara match | File source: 12.0.notepad.exe.400000.6.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.notepad.exe.3e88ef0.3.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.10.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 11.2.notepad.exe.42e8ef0.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.8.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.12.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.14.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.14.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.10.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.PI#EB01122021.exe.3489930.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.2.notepad.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.10.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.20.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.16.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.8.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.12.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.2.notepad.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.2.notepad.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.8.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.20.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.12.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.16.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.20.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.10.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.10.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.18.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.2.notepad.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.10.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.18.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.18.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 11.2.notepad.exe.42e8ef0.3.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.14.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.PI#EB01122021.exe.3938ef0.3.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.14.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.18.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.14.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.16.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.12.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.10.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.12.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.10.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.2.notepad.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.6.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.12.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.20.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 17.2.notepad.exe.4078ef0.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.8.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.14.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.18.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.16.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.20.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.2.notepad.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.20.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.14.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.12.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.18.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.12.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 14.2.notepad.exe.4199000.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 17.2.notepad.exe.3bc9930.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.12.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 14.2.notepad.exe.4388ef0.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.notepad.exe.3e88ef0.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.8.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.20.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.18.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.PI#EB01122021.exe.3938ef0.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.2.PI#EB01122021.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.14.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.8.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.18.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.6.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.8.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.16.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.2.notepad.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 14.2.notepad.exe.3ed9930.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.16.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.6.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.14.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.16.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 14.2.notepad.exe.4388ef0.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.16.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.20.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.6.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.8.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.16.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.18.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 11.2.notepad.exe.3e39930.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.notepad.exe.39d9930.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.20.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.8.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.16.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.20.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.2.notepad.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.8.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.14.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.10.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.10.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.18.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 17.2.notepad.exe.3e89000.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.PI#EB01122021.exe.3749000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 17.2.notepad.exe.4078ef0.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.12.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.2.PI#EB01122021.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.notepad.exe.3c99000.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 11.2.notepad.exe.40f9000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 14.2.notepad.exe.3ed9930.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 11.2.notepad.exe.3e39930.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.PI#EB01122021.exe.3489930.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.notepad.exe.39d9930.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 17.2.notepad.exe.3bc9930.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0000000A.00000002.923611069.0000000001307000.00000004.00000020.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000000.665707954.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000012.00000000.747132927.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000000.723857494.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000002.710552942.00000000010F7000.00000004.00000020.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000000.668087697.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000012.00000000.746294295.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000012.00000002.750190502.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000000.727672917.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000000.724829494.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000000.667581883.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000000.706138674.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000000.666944230.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000000.698084508.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000002.674208538.0000000000FB7000.00000004.00000020.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000000.708512420.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000000.697551075.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000012.00000000.746714985.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000000.690545853.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000012.00000000.747620790.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000012.00000002.750930266.0000000000A37000.00000004.00000020.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000002.729381755.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000000.709640591.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000000.664681826.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000000.707894778.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000000.696164588.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000012.00000000.748212725.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000002.923123873.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000000.706739548.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000000.691529752.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000012.00000000.749457172.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000000.691017660.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000012.00000000.748825104.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000000.688839344.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000000.725530815.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000000.728757346.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000000.707310183.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000000.665184295.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000002.729849603.0000000001027000.00000004.00000020.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000000.726516834.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000000.709107178.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000002.673320463.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000000.666364820.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000000.724333978.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000002.710208184.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000011.00000002.753512383.0000000003BC9000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000009.00000002.701679427.00000000039D9000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.671210492.0000000003489000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000B.00000002.713877257.0000000003E39000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000E.00000002.736965742.0000000003ED9000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: PI#EB01122021.exe PID: 6884, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: PI#EB01122021.exe PID: 7064, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: notepad.exe PID: 5492, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: notepad.exe PID: 6436, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: notepad.exe PID: 5156, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: notepad.exe PID: 6512, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: notepad.exe PID: 6532, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: notepad.exe PID: 6660, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: notepad.exe PID: 6952, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: notepad.exe PID: 7160, type: MEMORYSTR |
Source: Yara match | File source: 12.0.notepad.exe.400000.6.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.notepad.exe.3e88ef0.3.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.10.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 11.2.notepad.exe.42e8ef0.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.8.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.12.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.14.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.14.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.10.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.PI#EB01122021.exe.3489930.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.2.notepad.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.10.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.20.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.16.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.8.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.12.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.2.notepad.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.2.notepad.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.8.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.20.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.12.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.16.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.20.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.10.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.10.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.18.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.2.notepad.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.10.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.18.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.18.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 11.2.notepad.exe.42e8ef0.3.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.14.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.PI#EB01122021.exe.3938ef0.3.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.14.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.18.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.14.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.16.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.12.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.10.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.12.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.10.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.2.notepad.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.6.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.12.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.20.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 17.2.notepad.exe.4078ef0.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.8.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.14.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.18.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.16.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.20.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.2.notepad.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.20.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.14.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.12.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.18.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.12.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 14.2.notepad.exe.4199000.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 17.2.notepad.exe.3bc9930.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.12.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 14.2.notepad.exe.4388ef0.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.notepad.exe.3e88ef0.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.8.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.20.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.18.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.PI#EB01122021.exe.3938ef0.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.2.PI#EB01122021.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.14.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.8.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.18.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.6.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.8.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.16.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.2.notepad.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 14.2.notepad.exe.3ed9930.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.16.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.6.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.14.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.16.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 14.2.notepad.exe.4388ef0.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.16.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.20.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.6.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.8.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.16.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.18.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 11.2.notepad.exe.3e39930.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.notepad.exe.39d9930.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.20.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.8.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.16.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.20.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.2.notepad.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.8.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.14.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.10.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.10.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.18.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 17.2.notepad.exe.3e89000.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.PI#EB01122021.exe.3749000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 17.2.notepad.exe.4078ef0.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.12.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.2.PI#EB01122021.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.notepad.exe.3c99000.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 11.2.notepad.exe.40f9000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 14.2.notepad.exe.3ed9930.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 11.2.notepad.exe.3e39930.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.PI#EB01122021.exe.3489930.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.notepad.exe.39d9930.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 17.2.notepad.exe.3bc9930.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0000000A.00000002.923611069.0000000001307000.00000004.00000020.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000000.665707954.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000012.00000000.747132927.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000000.723857494.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000002.710552942.00000000010F7000.00000004.00000020.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000000.668087697.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000012.00000000.746294295.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000012.00000002.750190502.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000000.727672917.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000000.724829494.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000000.667581883.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000000.706138674.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000000.666944230.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000000.698084508.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000002.674208538.0000000000FB7000.00000004.00000020.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000000.708512420.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000000.697551075.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000012.00000000.746714985.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000000.690545853.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000012.00000000.747620790.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000012.00000002.750930266.0000000000A37000.00000004.00000020.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000002.729381755.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000000.709640591.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000000.664681826.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000000.707894778.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000000.696164588.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000012.00000000.748212725.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000002.923123873.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000000.706739548.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000000.691529752.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000012.00000000.749457172.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000000.691017660.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000012.00000000.748825104.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000000.688839344.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000000.725530815.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000000.728757346.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000000.707310183.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000000.665184295.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000002.729849603.0000000001027000.00000004.00000020.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000000.726516834.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000000.709107178.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000002.673320463.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000000.666364820.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000000.724333978.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000002.710208184.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000011.00000002.753512383.0000000003BC9000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000009.00000002.701679427.00000000039D9000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.671210492.0000000003489000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000B.00000002.713877257.0000000003E39000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000E.00000002.736965742.0000000003ED9000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: PI#EB01122021.exe PID: 6884, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: PI#EB01122021.exe PID: 7064, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: notepad.exe PID: 5492, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: notepad.exe PID: 6436, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: notepad.exe PID: 5156, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: notepad.exe PID: 6512, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: notepad.exe PID: 6532, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: notepad.exe PID: 6660, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: notepad.exe PID: 6952, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: notepad.exe PID: 7160, type: MEMORYSTR |
Source: 12.0.notepad.exe.400000.6.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 9.2.notepad.exe.3e88ef0.3.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 12.0.notepad.exe.400000.10.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 11.2.notepad.exe.42e8ef0.3.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 4.0.PI#EB01122021.exe.400000.8.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 18.0.notepad.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 4.0.PI#EB01122021.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 12.0.notepad.exe.400000.12.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 16.0.notepad.exe.400000.14.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 16.0.notepad.exe.400000.14.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 10.0.notepad.exe.400000.10.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 1.2.PI#EB01122021.exe.3489930.4.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 16.2.notepad.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 12.0.notepad.exe.400000.10.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 18.0.notepad.exe.400000.20.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 18.0.notepad.exe.400000.16.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 12.0.notepad.exe.400000.8.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 16.0.notepad.exe.400000.12.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 12.0.notepad.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 18.2.notepad.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 10.2.notepad.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 10.0.notepad.exe.400000.8.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 16.0.notepad.exe.400000.20.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 18.0.notepad.exe.400000.12.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 18.0.notepad.exe.400000.16.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 16.0.notepad.exe.400000.20.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 16.0.notepad.exe.400000.10.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 18.0.notepad.exe.400000.10.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 12.0.notepad.exe.400000.18.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 12.2.notepad.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 4.0.PI#EB01122021.exe.400000.10.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 18.0.notepad.exe.400000.18.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 16.0.notepad.exe.400000.18.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 11.2.notepad.exe.42e8ef0.3.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 10.0.notepad.exe.400000.14.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 1.2.PI#EB01122021.exe.3938ef0.3.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 18.0.notepad.exe.400000.14.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 10.0.notepad.exe.400000.18.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 12.0.notepad.exe.400000.14.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 12.0.notepad.exe.400000.16.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 4.0.PI#EB01122021.exe.400000.12.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 18.0.notepad.exe.400000.10.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 18.0.notepad.exe.400000.12.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 16.0.notepad.exe.400000.10.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 10.2.notepad.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 10.0.notepad.exe.400000.6.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 16.0.notepad.exe.400000.12.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 18.0.notepad.exe.400000.20.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 17.2.notepad.exe.4078ef0.4.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 18.0.notepad.exe.400000.8.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 18.0.notepad.exe.400000.14.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 10.0.notepad.exe.400000.18.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 4.0.PI#EB01122021.exe.400000.16.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 12.0.notepad.exe.400000.20.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 16.2.notepad.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 4.0.PI#EB01122021.exe.400000.20.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 12.0.notepad.exe.400000.14.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 10.0.notepad.exe.400000.12.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 4.0.PI#EB01122021.exe.400000.18.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 10.0.notepad.exe.400000.12.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 17.2.notepad.exe.3bc9930.2.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 12.0.notepad.exe.400000.12.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 14.2.notepad.exe.4388ef0.4.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 9.2.notepad.exe.3e88ef0.3.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 4.0.PI#EB01122021.exe.400000.8.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 10.0.notepad.exe.400000.20.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 16.0.notepad.exe.400000.18.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 10.0.notepad.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 1.2.PI#EB01122021.exe.3938ef0.3.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 4.2.PI#EB01122021.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 4.0.PI#EB01122021.exe.400000.14.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 12.0.notepad.exe.400000.8.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 4.0.PI#EB01122021.exe.400000.18.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 18.0.notepad.exe.400000.6.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 16.0.notepad.exe.400000.8.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 12.0.notepad.exe.400000.16.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 12.2.notepad.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 14.2.notepad.exe.3ed9930.2.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 16.0.notepad.exe.400000.16.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 16.0.notepad.exe.400000.6.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 4.0.PI#EB01122021.exe.400000.14.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 4.0.PI#EB01122021.exe.400000.16.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 14.2.notepad.exe.4388ef0.4.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 10.0.notepad.exe.400000.16.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 4.0.PI#EB01122021.exe.400000.20.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 4.0.PI#EB01122021.exe.400000.6.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 10.0.notepad.exe.400000.8.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 16.0.notepad.exe.400000.16.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 18.0.notepad.exe.400000.18.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 11.2.notepad.exe.3e39930.4.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 9.2.notepad.exe.39d9930.2.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 12.0.notepad.exe.400000.20.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 18.0.notepad.exe.400000.8.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 10.0.notepad.exe.400000.16.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 10.0.notepad.exe.400000.20.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 18.2.notepad.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 16.0.notepad.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 16.0.notepad.exe.400000.8.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 10.0.notepad.exe.400000.14.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 4.0.PI#EB01122021.exe.400000.10.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 10.0.notepad.exe.400000.10.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 12.0.notepad.exe.400000.18.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 17.2.notepad.exe.4078ef0.4.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 4.0.PI#EB01122021.exe.400000.12.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 4.2.PI#EB01122021.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 00000004.00000000.665707954.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 00000012.00000000.747132927.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 00000010.00000000.723857494.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 00000004.00000000.668087697.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 00000012.00000000.746294295.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 00000012.00000002.750190502.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 00000010.00000000.727672917.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 00000010.00000000.724829494.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 00000004.00000000.667581883.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 0000000C.00000000.706138674.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 00000004.00000000.666944230.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 0000000A.00000000.698084508.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 0000000C.00000000.708512420.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 0000000A.00000000.697551075.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 0000000A.00000000.690545853.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 00000012.00000000.746714985.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 00000012.00000000.747620790.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 00000010.00000002.729381755.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 0000000C.00000000.709640591.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 00000004.00000000.664681826.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 0000000C.00000000.707894778.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 0000000A.00000000.696164588.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 00000012.00000000.748212725.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 0000000A.00000002.923123873.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 0000000C.00000000.706739548.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 0000000A.00000000.691529752.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 00000012.00000000.749457172.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 0000000A.00000000.691017660.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 00000012.00000000.748825104.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 0000000A.00000000.688839344.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 00000010.00000000.725530815.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 00000010.00000000.728757346.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 0000000C.00000000.707310183.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 00000004.00000000.665184295.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 00000010.00000000.726516834.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 0000000C.00000000.709107178.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 00000004.00000002.673320463.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 00000004.00000000.666364820.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 00000010.00000000.724333978.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 0000000C.00000002.710208184.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 12.0.notepad.exe.400000.6.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 9.2.notepad.exe.3e88ef0.3.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 12.0.notepad.exe.400000.10.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 11.2.notepad.exe.42e8ef0.3.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 4.0.PI#EB01122021.exe.400000.8.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 18.0.notepad.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 4.0.PI#EB01122021.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 12.0.notepad.exe.400000.12.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 16.0.notepad.exe.400000.14.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 16.0.notepad.exe.400000.14.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 10.0.notepad.exe.400000.10.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 1.2.PI#EB01122021.exe.3489930.4.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 16.2.notepad.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 12.0.notepad.exe.400000.10.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 18.0.notepad.exe.400000.20.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 18.0.notepad.exe.400000.16.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 12.0.notepad.exe.400000.8.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 16.0.notepad.exe.400000.12.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 12.0.notepad.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 18.2.notepad.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 10.2.notepad.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 10.0.notepad.exe.400000.8.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 16.0.notepad.exe.400000.20.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 18.0.notepad.exe.400000.12.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 18.0.notepad.exe.400000.16.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 16.0.notepad.exe.400000.20.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 16.0.notepad.exe.400000.10.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 18.0.notepad.exe.400000.10.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 12.0.notepad.exe.400000.18.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 12.2.notepad.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 4.0.PI#EB01122021.exe.400000.10.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 18.0.notepad.exe.400000.18.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 16.0.notepad.exe.400000.18.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 11.2.notepad.exe.42e8ef0.3.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 10.0.notepad.exe.400000.14.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 1.2.PI#EB01122021.exe.3938ef0.3.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 18.0.notepad.exe.400000.14.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 10.0.notepad.exe.400000.18.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 12.0.notepad.exe.400000.14.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 12.0.notepad.exe.400000.16.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 4.0.PI#EB01122021.exe.400000.12.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 18.0.notepad.exe.400000.10.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 18.0.notepad.exe.400000.12.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 16.0.notepad.exe.400000.10.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 10.2.notepad.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 10.0.notepad.exe.400000.6.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 16.0.notepad.exe.400000.12.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 18.0.notepad.exe.400000.20.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 17.2.notepad.exe.4078ef0.4.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 18.0.notepad.exe.400000.8.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 18.0.notepad.exe.400000.14.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 10.0.notepad.exe.400000.18.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 4.0.PI#EB01122021.exe.400000.16.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 12.0.notepad.exe.400000.20.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 16.2.notepad.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 4.0.PI#EB01122021.exe.400000.20.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 12.0.notepad.exe.400000.14.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 10.0.notepad.exe.400000.12.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 4.0.PI#EB01122021.exe.400000.18.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 10.0.notepad.exe.400000.12.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 17.2.notepad.exe.3bc9930.2.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 12.0.notepad.exe.400000.12.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 14.2.notepad.exe.4388ef0.4.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 9.2.notepad.exe.3e88ef0.3.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 4.0.PI#EB01122021.exe.400000.8.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 10.0.notepad.exe.400000.20.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 16.0.notepad.exe.400000.18.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 10.0.notepad.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 1.2.PI#EB01122021.exe.3938ef0.3.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 4.2.PI#EB01122021.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 4.0.PI#EB01122021.exe.400000.14.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 12.0.notepad.exe.400000.8.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 4.0.PI#EB01122021.exe.400000.18.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 18.0.notepad.exe.400000.6.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 16.0.notepad.exe.400000.8.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 12.0.notepad.exe.400000.16.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 12.2.notepad.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 14.2.notepad.exe.3ed9930.2.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 16.0.notepad.exe.400000.16.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 16.0.notepad.exe.400000.6.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 4.0.PI#EB01122021.exe.400000.14.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 4.0.PI#EB01122021.exe.400000.16.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 14.2.notepad.exe.4388ef0.4.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 10.0.notepad.exe.400000.16.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 4.0.PI#EB01122021.exe.400000.20.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 4.0.PI#EB01122021.exe.400000.6.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 10.0.notepad.exe.400000.8.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 16.0.notepad.exe.400000.16.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 18.0.notepad.exe.400000.18.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 11.2.notepad.exe.3e39930.4.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 9.2.notepad.exe.39d9930.2.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 12.0.notepad.exe.400000.20.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 18.0.notepad.exe.400000.8.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 10.0.notepad.exe.400000.16.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 10.0.notepad.exe.400000.20.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 18.2.notepad.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 16.0.notepad.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 16.0.notepad.exe.400000.8.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 10.0.notepad.exe.400000.14.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 4.0.PI#EB01122021.exe.400000.10.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 10.0.notepad.exe.400000.10.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 12.0.notepad.exe.400000.18.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 17.2.notepad.exe.4078ef0.4.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 4.0.PI#EB01122021.exe.400000.12.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 4.2.PI#EB01122021.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 00000004.00000000.665707954.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 00000012.00000000.747132927.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 00000010.00000000.723857494.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 00000004.00000000.668087697.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 00000012.00000000.746294295.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 00000012.00000002.750190502.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 00000010.00000000.727672917.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 00000010.00000000.724829494.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 00000004.00000000.667581883.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 0000000C.00000000.706138674.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 00000004.00000000.666944230.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 0000000A.00000000.698084508.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 0000000C.00000000.708512420.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 0000000A.00000000.697551075.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 0000000A.00000000.690545853.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 00000012.00000000.746714985.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 00000012.00000000.747620790.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 00000010.00000002.729381755.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 0000000C.00000000.709640591.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 00000004.00000000.664681826.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 0000000C.00000000.707894778.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 0000000A.00000000.696164588.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 00000012.00000000.748212725.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 0000000A.00000002.923123873.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 0000000C.00000000.706739548.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 0000000A.00000000.691529752.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 00000012.00000000.749457172.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 0000000A.00000000.691017660.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 00000012.00000000.748825104.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 0000000A.00000000.688839344.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 00000010.00000000.725530815.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 00000010.00000000.728757346.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 0000000C.00000000.707310183.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 00000004.00000000.665184295.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 00000010.00000000.726516834.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 0000000C.00000000.709107178.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 00000004.00000002.673320463.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 00000004.00000000.666364820.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 00000010.00000000.724333978.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 0000000C.00000002.710208184.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: C:\Users\user\Desktop\PI#EB01122021.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PI#EB01122021.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PI#EB01122021.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PI#EB01122021.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PI#EB01122021.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PI#EB01122021.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PI#EB01122021.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PI#EB01122021.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PI#EB01122021.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PI#EB01122021.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PI#EB01122021.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PI#EB01122021.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PI#EB01122021.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PI#EB01122021.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PI#EB01122021.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PI#EB01122021.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PI#EB01122021.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PI#EB01122021.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PI#EB01122021.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PI#EB01122021.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PI#EB01122021.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PI#EB01122021.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PI#EB01122021.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PI#EB01122021.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PI#EB01122021.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PI#EB01122021.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PI#EB01122021.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PI#EB01122021.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PI#EB01122021.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PI#EB01122021.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PI#EB01122021.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PI#EB01122021.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PI#EB01122021.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PI#EB01122021.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PI#EB01122021.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\PI#EB01122021.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Remcos\notepad.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: Yara match | File source: 12.0.notepad.exe.400000.6.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.notepad.exe.3e88ef0.3.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.10.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 11.2.notepad.exe.42e8ef0.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.8.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.12.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.14.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.14.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.10.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.PI#EB01122021.exe.3489930.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.2.notepad.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.10.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.20.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.16.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.8.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.12.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.2.notepad.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.2.notepad.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.8.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.20.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.12.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.16.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.20.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.10.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.10.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.18.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.2.notepad.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.10.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.18.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.18.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 11.2.notepad.exe.42e8ef0.3.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.14.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.PI#EB01122021.exe.3938ef0.3.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.14.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.18.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.14.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.16.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.12.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.10.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.12.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.10.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.2.notepad.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.6.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.12.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.20.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 17.2.notepad.exe.4078ef0.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.8.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.14.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.18.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.16.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.20.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.2.notepad.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.20.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.14.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.12.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.18.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.12.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 14.2.notepad.exe.4199000.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 17.2.notepad.exe.3bc9930.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.12.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 14.2.notepad.exe.4388ef0.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.notepad.exe.3e88ef0.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.8.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.20.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.18.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.PI#EB01122021.exe.3938ef0.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.2.PI#EB01122021.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.14.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.8.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.18.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.6.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.8.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.16.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.2.notepad.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 14.2.notepad.exe.3ed9930.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.16.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.6.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.14.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.16.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 14.2.notepad.exe.4388ef0.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.16.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.20.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.6.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.8.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.16.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.18.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 11.2.notepad.exe.3e39930.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.notepad.exe.39d9930.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.20.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.8.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.16.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.20.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.2.notepad.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.8.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.14.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.10.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.10.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.18.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 17.2.notepad.exe.3e89000.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.PI#EB01122021.exe.3749000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 17.2.notepad.exe.4078ef0.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.12.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.2.PI#EB01122021.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.notepad.exe.3c99000.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 11.2.notepad.exe.40f9000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 14.2.notepad.exe.3ed9930.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 11.2.notepad.exe.3e39930.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.PI#EB01122021.exe.3489930.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.notepad.exe.39d9930.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 17.2.notepad.exe.3bc9930.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0000000A.00000002.923611069.0000000001307000.00000004.00000020.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000000.665707954.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000012.00000000.747132927.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000000.723857494.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000002.710552942.00000000010F7000.00000004.00000020.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000000.668087697.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000012.00000000.746294295.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000012.00000002.750190502.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000000.727672917.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000000.724829494.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000000.667581883.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000000.706138674.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000000.666944230.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000000.698084508.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000002.674208538.0000000000FB7000.00000004.00000020.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000000.708512420.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000000.697551075.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000012.00000000.746714985.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000000.690545853.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000012.00000000.747620790.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000012.00000002.750930266.0000000000A37000.00000004.00000020.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000002.729381755.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000000.709640591.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000000.664681826.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000000.707894778.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000000.696164588.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000012.00000000.748212725.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000002.923123873.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000000.706739548.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000000.691529752.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000012.00000000.749457172.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000000.691017660.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000012.00000000.748825104.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000000.688839344.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000000.725530815.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000000.728757346.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000000.707310183.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000000.665184295.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000002.729849603.0000000001027000.00000004.00000020.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000000.726516834.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000000.709107178.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000002.673320463.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000000.666364820.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000000.724333978.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000002.710208184.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000011.00000002.753512383.0000000003BC9000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000009.00000002.701679427.00000000039D9000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.671210492.0000000003489000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000B.00000002.713877257.0000000003E39000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000E.00000002.736965742.0000000003ED9000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: PI#EB01122021.exe PID: 6884, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: PI#EB01122021.exe PID: 7064, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: notepad.exe PID: 5492, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: notepad.exe PID: 6436, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: notepad.exe PID: 5156, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: notepad.exe PID: 6512, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: notepad.exe PID: 6532, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: notepad.exe PID: 6660, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: notepad.exe PID: 6952, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: notepad.exe PID: 7160, type: MEMORYSTR |
Source: Yara match | File source: 12.0.notepad.exe.400000.6.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.notepad.exe.3e88ef0.3.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.10.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 11.2.notepad.exe.42e8ef0.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.8.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.12.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.14.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.14.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.10.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.PI#EB01122021.exe.3489930.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.2.notepad.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.10.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.20.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.16.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.8.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.12.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.2.notepad.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.2.notepad.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.8.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.20.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.12.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.16.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.20.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.10.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.10.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.18.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.2.notepad.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.10.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.18.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.18.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 11.2.notepad.exe.42e8ef0.3.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.14.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.PI#EB01122021.exe.3938ef0.3.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.14.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.18.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.14.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.16.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.12.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.10.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.12.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.10.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.2.notepad.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.6.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.12.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.20.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 17.2.notepad.exe.4078ef0.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.8.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.14.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.18.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.16.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.20.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.2.notepad.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.20.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.14.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.12.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.18.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.12.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 14.2.notepad.exe.4199000.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 17.2.notepad.exe.3bc9930.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.12.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 14.2.notepad.exe.4388ef0.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.notepad.exe.3e88ef0.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.8.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.20.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.18.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.PI#EB01122021.exe.3938ef0.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.2.PI#EB01122021.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.14.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.8.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.18.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.6.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.8.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.16.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.2.notepad.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 14.2.notepad.exe.3ed9930.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.16.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.6.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.14.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.16.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 14.2.notepad.exe.4388ef0.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.16.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.20.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.6.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.8.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.16.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.18.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 11.2.notepad.exe.3e39930.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.notepad.exe.39d9930.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.20.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.0.notepad.exe.400000.8.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.16.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.20.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.2.notepad.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.0.notepad.exe.400000.8.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.14.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.10.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.0.notepad.exe.400000.10.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.0.notepad.exe.400000.18.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 17.2.notepad.exe.3e89000.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.PI#EB01122021.exe.3749000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 17.2.notepad.exe.4078ef0.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.PI#EB01122021.exe.400000.12.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.2.PI#EB01122021.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.notepad.exe.3c99000.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 11.2.notepad.exe.40f9000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 14.2.notepad.exe.3ed9930.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 11.2.notepad.exe.3e39930.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.PI#EB01122021.exe.3489930.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.notepad.exe.39d9930.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 17.2.notepad.exe.3bc9930.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0000000A.00000002.923611069.0000000001307000.00000004.00000020.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000000.665707954.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000012.00000000.747132927.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000000.723857494.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000002.710552942.00000000010F7000.00000004.00000020.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000000.668087697.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000012.00000000.746294295.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000012.00000002.750190502.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000000.727672917.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000000.724829494.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000000.667581883.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000000.706138674.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000000.666944230.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000000.698084508.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000002.674208538.0000000000FB7000.00000004.00000020.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000000.708512420.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000000.697551075.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000012.00000000.746714985.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000000.690545853.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000012.00000000.747620790.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000012.00000002.750930266.0000000000A37000.00000004.00000020.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000002.729381755.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000000.709640591.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000000.664681826.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000000.707894778.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000000.696164588.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000012.00000000.748212725.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000002.923123873.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000000.706739548.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000000.691529752.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000012.00000000.749457172.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000000.691017660.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000012.00000000.748825104.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000000.688839344.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000000.725530815.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000000.728757346.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000000.707310183.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000000.665184295.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000002.729849603.0000000001027000.00000004.00000020.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000000.726516834.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000000.709107178.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000002.673320463.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000000.666364820.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000000.724333978.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000002.710208184.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000011.00000002.753512383.0000000003BC9000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000009.00000002.701679427.00000000039D9000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.671210492.0000000003489000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000B.00000002.713877257.0000000003E39000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000E.00000002.736965742.0000000003ED9000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: PI#EB01122021.exe PID: 6884, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: PI#EB01122021.exe PID: 7064, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: notepad.exe PID: 5492, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: notepad.exe PID: 6436, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: notepad.exe PID: 5156, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: notepad.exe PID: 6512, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: notepad.exe PID: 6532, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: notepad.exe PID: 6660, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: notepad.exe PID: 6952, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: notepad.exe PID: 7160, type: MEMORYSTR |