Source: 12.3.AppLaunch.exe.8b2db5a.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects BabyShark KimJongRAT Author: Florian Roth |
Source: 12.2.AppLaunch.exe.bc0834a.1.unpack, type: UNPACKEDPE |
Matched rule: Detects BabyShark KimJongRAT Author: Florian Roth |
Source: 12.2.AppLaunch.exe.bc0834a.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects BabyShark KimJongRAT Author: Florian Roth |
Source: 12.3.AppLaunch.exe.8b2db5a.1.unpack, type: UNPACKEDPE |
Matched rule: Detects BabyShark KimJongRAT Author: Florian Roth |
Source: 1.2.PasswordStealer.NET.exe.41ccd20.5.unpack, type: UNPACKEDPE |
Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 1.2.PasswordStealer.NET.exe.41ccd20.5.unpack, type: UNPACKEDPE |
Matched rule: Detects HawkEyeV9 payload Author: ditekshen |
Source: 1.2.PasswordStealer.NET.exe.41ccd20.5.unpack, type: UNPACKEDPE |
Matched rule: HawkEye v9 Payload Author: ditekshen |
Source: 12.0.AppLaunch.exe.400000.4.unpack, type: UNPACKEDPE |
Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 12.0.AppLaunch.exe.400000.4.unpack, type: UNPACKEDPE |
Matched rule: Detects HawkEyeV9 payload Author: ditekshen |
Source: 12.0.AppLaunch.exe.400000.4.unpack, type: UNPACKEDPE |
Matched rule: HawkEye v9 Payload Author: ditekshen |
Source: 12.0.AppLaunch.exe.400000.2.unpack, type: UNPACKEDPE |
Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 12.0.AppLaunch.exe.400000.2.unpack, type: UNPACKEDPE |
Matched rule: Detects HawkEyeV9 payload Author: ditekshen |
Source: 12.0.AppLaunch.exe.400000.2.unpack, type: UNPACKEDPE |
Matched rule: HawkEye v9 Payload Author: ditekshen |
Source: 1.2.PasswordStealer.NET.exe.3edc33c.3.unpack, type: UNPACKEDPE |
Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 1.2.PasswordStealer.NET.exe.3edc33c.3.unpack, type: UNPACKEDPE |
Matched rule: Detects HawkEyeV9 payload Author: ditekshen |
Source: 1.2.PasswordStealer.NET.exe.3edc33c.3.unpack, type: UNPACKEDPE |
Matched rule: HawkEye v9 Payload Author: ditekshen |
Source: 1.2.PasswordStealer.NET.exe.40b87bc.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 1.2.PasswordStealer.NET.exe.40b87bc.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects HawkEyeV9 payload Author: ditekshen |
Source: 1.2.PasswordStealer.NET.exe.40b87bc.4.raw.unpack, type: UNPACKEDPE |
Matched rule: HawkEye v9 Payload Author: ditekshen |
Source: 12.0.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 12.0.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects HawkEyeV9 payload Author: ditekshen |
Source: 12.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 12.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects HawkEyeV9 payload Author: ditekshen |
Source: 12.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: HawkEye v9 Payload Author: ditekshen |
Source: 12.0.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: HawkEye v9 Payload Author: ditekshen |
Source: 12.0.AppLaunch.exe.400000.3.unpack, type: UNPACKEDPE |
Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 12.0.AppLaunch.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 12.0.AppLaunch.exe.400000.3.unpack, type: UNPACKEDPE |
Matched rule: Detects HawkEyeV9 payload Author: ditekshen |
Source: 12.0.AppLaunch.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: Detects HawkEyeV9 payload Author: ditekshen |
Source: 12.0.AppLaunch.exe.400000.3.unpack, type: UNPACKEDPE |
Matched rule: HawkEye v9 Payload Author: ditekshen |
Source: 12.0.AppLaunch.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: HawkEye v9 Payload Author: ditekshen |
Source: 12.3.AppLaunch.exe.8ad5b55.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects BabyShark KimJongRAT Author: Florian Roth |
Source: 1.2.PasswordStealer.NET.exe.41ccd20.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 1.2.PasswordStealer.NET.exe.41ccd20.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects HawkEyeV9 payload Author: ditekshen |
Source: 1.2.PasswordStealer.NET.exe.41ccd20.5.raw.unpack, type: UNPACKEDPE |
Matched rule: HawkEye v9 Payload Author: ditekshen |
Source: 1.2.PasswordStealer.NET.exe.40b87bc.4.unpack, type: UNPACKEDPE |
Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 1.2.PasswordStealer.NET.exe.40b87bc.4.unpack, type: UNPACKEDPE |
Matched rule: Detects HawkEyeV9 payload Author: ditekshen |
Source: 1.2.PasswordStealer.NET.exe.40b87bc.4.unpack, type: UNPACKEDPE |
Matched rule: HawkEye v9 Payload Author: ditekshen |
Source: 12.2.AppLaunch.exe.bbb0000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects BabyShark KimJongRAT Author: Florian Roth |
Source: 1.2.PasswordStealer.NET.exe.3edc33c.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 1.2.PasswordStealer.NET.exe.3edc33c.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects HawkEyeV9 payload Author: ditekshen |
Source: 1.2.PasswordStealer.NET.exe.3edc33c.3.raw.unpack, type: UNPACKEDPE |
Matched rule: HawkEye v9 Payload Author: ditekshen |
Source: 12.3.AppLaunch.exe.8ad5810.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects BabyShark KimJongRAT Author: Florian Roth |
Source: 12.3.AppLaunch.exe.8ad5810.2.unpack, type: UNPACKEDPE |
Matched rule: Detects BabyShark KimJongRAT Author: Florian Roth |
Source: 12.2.AppLaunch.exe.bbb0000.3.unpack, type: UNPACKEDPE |
Matched rule: Detects BabyShark KimJongRAT Author: Florian Roth |
Source: 12.2.AppLaunch.exe.bbb0345.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects BabyShark KimJongRAT Author: Florian Roth |
Source: 1.2.PasswordStealer.NET.exe.3e39510.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 1.2.PasswordStealer.NET.exe.3e39510.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects HawkEyeV9 payload Author: ditekshen |
Source: 1.2.PasswordStealer.NET.exe.3e39510.2.raw.unpack, type: UNPACKEDPE |
Matched rule: HawkEye v9 Payload Author: ditekshen |
Source: 0000000C.00000000.357553921.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 00000001.00000002.367424927.00000000041CC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 0000000C.00000000.359164021.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 00000001.00000002.367080602.000000000402E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 0000000C.00000000.360604963.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 0000000C.00000002.376052616.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 0000000C.00000000.360998857.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 0000000C.00000002.377094587.000000000BBB0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detects BabyShark KimJongRAT Author: Florian Roth |
Source: 00000001.00000002.366769959.0000000003E39000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: Process Memory Space: PasswordStealer.NET.exe PID: 6388, type: MEMORYSTR |
Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: Process Memory Space: AppLaunch.exe PID: 6788, type: MEMORYSTR |
Matched rule: Detects HawkEye Keylogger Reborn Author: Florian Roth |
Source: 12.3.AppLaunch.exe.8b2db5a.1.raw.unpack, type: UNPACKEDPE |
Matched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ |
Source: 12.2.AppLaunch.exe.bc0834a.1.unpack, type: UNPACKEDPE |
Matched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ |
Source: 12.2.AppLaunch.exe.bc0834a.1.raw.unpack, type: UNPACKEDPE |
Matched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ |
Source: 12.3.AppLaunch.exe.8b2db5a.1.unpack, type: UNPACKEDPE |
Matched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ |
Source: 1.2.PasswordStealer.NET.exe.41ccd20.5.unpack, type: UNPACKEDPE |
Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: 1.2.PasswordStealer.NET.exe.41ccd20.5.unpack, type: UNPACKEDPE |
Matched rule: SUSP_NET_NAME_ConfuserEx author = Arnim Rupp, description = Detects ConfuserEx packed file, reference = https://github.com/yck1509/ConfuserEx, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2021-01-22, modified = 2021-01-25 |
Source: 1.2.PasswordStealer.NET.exe.41ccd20.5.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_HawkEyeV9 author = ditekshen, description = Detects HawkEyeV9 payload, clamav_sig = MALWARE.Win.Trojan.HawkEyeV9 |
Source: 1.2.PasswordStealer.NET.exe.41ccd20.5.unpack, type: UNPACKEDPE |
Matched rule: HawkEyev9 author = ditekshen, description = HawkEye v9 Payload, cape_type = HawkEyev9 Payload |
Source: 12.0.AppLaunch.exe.400000.4.unpack, type: UNPACKEDPE |
Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: 12.0.AppLaunch.exe.400000.4.unpack, type: UNPACKEDPE |
Matched rule: SUSP_NET_NAME_ConfuserEx author = Arnim Rupp, description = Detects ConfuserEx packed file, reference = https://github.com/yck1509/ConfuserEx, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2021-01-22, modified = 2021-01-25 |
Source: 12.0.AppLaunch.exe.400000.4.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_HawkEyeV9 author = ditekshen, description = Detects HawkEyeV9 payload, clamav_sig = MALWARE.Win.Trojan.HawkEyeV9 |
Source: 12.0.AppLaunch.exe.400000.4.unpack, type: UNPACKEDPE |
Matched rule: HawkEyev9 author = ditekshen, description = HawkEye v9 Payload, cape_type = HawkEyev9 Payload |
Source: 12.0.AppLaunch.exe.400000.2.unpack, type: UNPACKEDPE |
Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: 12.0.AppLaunch.exe.400000.2.unpack, type: UNPACKEDPE |
Matched rule: SUSP_NET_NAME_ConfuserEx author = Arnim Rupp, description = Detects ConfuserEx packed file, reference = https://github.com/yck1509/ConfuserEx, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2021-01-22, modified = 2021-01-25 |
Source: 12.0.AppLaunch.exe.400000.2.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_HawkEyeV9 author = ditekshen, description = Detects HawkEyeV9 payload, clamav_sig = MALWARE.Win.Trojan.HawkEyeV9 |
Source: 12.0.AppLaunch.exe.400000.2.unpack, type: UNPACKEDPE |
Matched rule: HawkEyev9 author = ditekshen, description = HawkEye v9 Payload, cape_type = HawkEyev9 Payload |
Source: 1.2.PasswordStealer.NET.exe.3edc33c.3.unpack, type: UNPACKEDPE |
Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: 1.2.PasswordStealer.NET.exe.3edc33c.3.unpack, type: UNPACKEDPE |
Matched rule: SUSP_NET_NAME_ConfuserEx author = Arnim Rupp, description = Detects ConfuserEx packed file, reference = https://github.com/yck1509/ConfuserEx, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2021-01-22, modified = 2021-01-25 |
Source: 1.2.PasswordStealer.NET.exe.3edc33c.3.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_HawkEyeV9 author = ditekshen, description = Detects HawkEyeV9 payload, clamav_sig = MALWARE.Win.Trojan.HawkEyeV9 |
Source: 1.2.PasswordStealer.NET.exe.3edc33c.3.unpack, type: UNPACKEDPE |
Matched rule: HawkEyev9 author = ditekshen, description = HawkEye v9 Payload, cape_type = HawkEyev9 Payload |
Source: 1.2.PasswordStealer.NET.exe.40b87bc.4.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: 1.2.PasswordStealer.NET.exe.40b87bc.4.raw.unpack, type: UNPACKEDPE |
Matched rule: SUSP_NET_NAME_ConfuserEx author = Arnim Rupp, description = Detects ConfuserEx packed file, reference = https://github.com/yck1509/ConfuserEx, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2021-01-22, modified = 2021-01-25 |
Source: 1.2.PasswordStealer.NET.exe.40b87bc.4.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_HawkEyeV9 author = ditekshen, description = Detects HawkEyeV9 payload, clamav_sig = MALWARE.Win.Trojan.HawkEyeV9 |
Source: 1.2.PasswordStealer.NET.exe.40b87bc.4.raw.unpack, type: UNPACKEDPE |
Matched rule: HawkEyev9 author = ditekshen, description = HawkEye v9 Payload, cape_type = HawkEyev9 Payload |
Source: 12.0.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: 12.0.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_NET_NAME_ConfuserEx author = Arnim Rupp, description = Detects ConfuserEx packed file, reference = https://github.com/yck1509/ConfuserEx, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2021-01-22, modified = 2021-01-25 |
Source: 12.0.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_HawkEyeV9 author = ditekshen, description = Detects HawkEyeV9 payload, clamav_sig = MALWARE.Win.Trojan.HawkEyeV9 |
Source: 12.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: 12.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_NET_NAME_ConfuserEx author = Arnim Rupp, description = Detects ConfuserEx packed file, reference = https://github.com/yck1509/ConfuserEx, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2021-01-22, modified = 2021-01-25 |
Source: 12.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_HawkEyeV9 author = ditekshen, description = Detects HawkEyeV9 payload, clamav_sig = MALWARE.Win.Trojan.HawkEyeV9 |
Source: 12.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: HawkEyev9 author = ditekshen, description = HawkEye v9 Payload, cape_type = HawkEyev9 Payload |
Source: 12.0.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: HawkEyev9 author = ditekshen, description = HawkEye v9 Payload, cape_type = HawkEyev9 Payload |
Source: 12.0.AppLaunch.exe.400000.3.unpack, type: UNPACKEDPE |
Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: 12.0.AppLaunch.exe.400000.3.unpack, type: UNPACKEDPE |
Matched rule: SUSP_NET_NAME_ConfuserEx author = Arnim Rupp, description = Detects ConfuserEx packed file, reference = https://github.com/yck1509/ConfuserEx, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2021-01-22, modified = 2021-01-25 |
Source: 12.0.AppLaunch.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: 12.0.AppLaunch.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: SUSP_NET_NAME_ConfuserEx author = Arnim Rupp, description = Detects ConfuserEx packed file, reference = https://github.com/yck1509/ConfuserEx, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2021-01-22, modified = 2021-01-25 |
Source: 12.0.AppLaunch.exe.400000.3.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_HawkEyeV9 author = ditekshen, description = Detects HawkEyeV9 payload, clamav_sig = MALWARE.Win.Trojan.HawkEyeV9 |
Source: 12.0.AppLaunch.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_HawkEyeV9 author = ditekshen, description = Detects HawkEyeV9 payload, clamav_sig = MALWARE.Win.Trojan.HawkEyeV9 |
Source: 12.0.AppLaunch.exe.400000.3.unpack, type: UNPACKEDPE |
Matched rule: HawkEyev9 author = ditekshen, description = HawkEye v9 Payload, cape_type = HawkEyev9 Payload |
Source: 12.0.AppLaunch.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: HawkEyev9 author = ditekshen, description = HawkEye v9 Payload, cape_type = HawkEyev9 Payload |
Source: 12.3.AppLaunch.exe.8ad5b55.0.raw.unpack, type: UNPACKEDPE |
Matched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ |
Source: 1.2.PasswordStealer.NET.exe.41ccd20.5.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: 1.2.PasswordStealer.NET.exe.41ccd20.5.raw.unpack, type: UNPACKEDPE |
Matched rule: SUSP_NET_NAME_ConfuserEx author = Arnim Rupp, description = Detects ConfuserEx packed file, reference = https://github.com/yck1509/ConfuserEx, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2021-01-22, modified = 2021-01-25 |
Source: 1.2.PasswordStealer.NET.exe.41ccd20.5.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_HawkEyeV9 author = ditekshen, description = Detects HawkEyeV9 payload, clamav_sig = MALWARE.Win.Trojan.HawkEyeV9 |
Source: 1.2.PasswordStealer.NET.exe.41ccd20.5.raw.unpack, type: UNPACKEDPE |
Matched rule: HawkEyev9 author = ditekshen, description = HawkEye v9 Payload, cape_type = HawkEyev9 Payload |
Source: 1.2.PasswordStealer.NET.exe.40b87bc.4.unpack, type: UNPACKEDPE |
Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: 1.2.PasswordStealer.NET.exe.40b87bc.4.unpack, type: UNPACKEDPE |
Matched rule: SUSP_NET_NAME_ConfuserEx author = Arnim Rupp, description = Detects ConfuserEx packed file, reference = https://github.com/yck1509/ConfuserEx, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2021-01-22, modified = 2021-01-25 |
Source: 1.2.PasswordStealer.NET.exe.40b87bc.4.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_HawkEyeV9 author = ditekshen, description = Detects HawkEyeV9 payload, clamav_sig = MALWARE.Win.Trojan.HawkEyeV9 |
Source: 1.2.PasswordStealer.NET.exe.40b87bc.4.unpack, type: UNPACKEDPE |
Matched rule: HawkEyev9 author = ditekshen, description = HawkEye v9 Payload, cape_type = HawkEyev9 Payload |
Source: 12.2.AppLaunch.exe.bbb0000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ |
Source: 1.2.PasswordStealer.NET.exe.3edc33c.3.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: 1.2.PasswordStealer.NET.exe.3edc33c.3.raw.unpack, type: UNPACKEDPE |
Matched rule: SUSP_NET_NAME_ConfuserEx author = Arnim Rupp, description = Detects ConfuserEx packed file, reference = https://github.com/yck1509/ConfuserEx, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2021-01-22, modified = 2021-01-25 |
Source: 1.2.PasswordStealer.NET.exe.3edc33c.3.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_HawkEyeV9 author = ditekshen, description = Detects HawkEyeV9 payload, clamav_sig = MALWARE.Win.Trojan.HawkEyeV9 |
Source: 1.2.PasswordStealer.NET.exe.3edc33c.3.raw.unpack, type: UNPACKEDPE |
Matched rule: HawkEyev9 author = ditekshen, description = HawkEye v9 Payload, cape_type = HawkEyev9 Payload |
Source: 12.3.AppLaunch.exe.8ad5810.2.raw.unpack, type: UNPACKEDPE |
Matched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ |
Source: 12.3.AppLaunch.exe.8ad5810.2.unpack, type: UNPACKEDPE |
Matched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ |
Source: 12.2.AppLaunch.exe.bbb0000.3.unpack, type: UNPACKEDPE |
Matched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ |
Source: 12.2.AppLaunch.exe.bbb0345.2.raw.unpack, type: UNPACKEDPE |
Matched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ |
Source: 1.2.PasswordStealer.NET.exe.3e39510.2.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: 1.2.PasswordStealer.NET.exe.3e39510.2.raw.unpack, type: UNPACKEDPE |
Matched rule: SUSP_NET_NAME_ConfuserEx author = Arnim Rupp, description = Detects ConfuserEx packed file, reference = https://github.com/yck1509/ConfuserEx, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2021-01-22, modified = 2021-01-25 |
Source: 1.2.PasswordStealer.NET.exe.3e39510.2.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_HawkEyeV9 author = ditekshen, description = Detects HawkEyeV9 payload, clamav_sig = MALWARE.Win.Trojan.HawkEyeV9 |
Source: 1.2.PasswordStealer.NET.exe.3e39510.2.raw.unpack, type: UNPACKEDPE |
Matched rule: HawkEyev9 author = ditekshen, description = HawkEye v9 Payload, cape_type = HawkEyev9 Payload |
Source: 0000000C.00000000.357553921.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: 00000001.00000002.367424927.00000000041CC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: 0000000C.00000000.359164021.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: 00000001.00000002.367080602.000000000402E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: 0000000C.00000000.360604963.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: 0000000C.00000002.376052616.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: 0000000C.00000000.360998857.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: 0000000C.00000002.377094587.000000000BBB0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: APT_NK_BabyShark_KimJoingRAT_Apr19_1 date = 2019-04-27, hash1 = d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712, author = Florian Roth, description = Detects BabyShark KimJongRAT, reference = https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ |
Source: 00000001.00000002.366769959.0000000003E39000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: Process Memory Space: PasswordStealer.NET.exe PID: 6388, type: MEMORYSTR |
Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: Process Memory Space: AppLaunch.exe PID: 6788, type: MEMORYSTR |
Matched rule: MAL_HawkEye_Keylogger_Gen_Dec18 date = 2018-12-10, hash1 = b8693e015660d7bd791356b352789b43bf932793457d54beae351cf7a3de4dad, author = Florian Roth, description = Detects HawkEye Keylogger Reborn, reference = https://twitter.com/James_inthe_box/status/1072116224652324870 |
Source: C:\Users\user\Desktop\PasswordStealer.NET.exe |
Code function: 1_2_009A4628 |
1_2_009A4628 |
Source: C:\Users\user\Desktop\PasswordStealer.NET.exe |
Code function: 1_2_009A4550 |
1_2_009A4550 |
Source: C:\Users\user\Desktop\PasswordStealer.NET.exe |
Code function: 1_2_013FD9B8 |
1_2_013FD9B8 |
Source: C:\Users\user\Desktop\PasswordStealer.NET.exe |
Code function: 1_2_013FD9B3 |
1_2_013FD9B3 |
Source: C:\Users\user\Desktop\PasswordStealer.NET.exe |
Code function: 1_2_013FBA9C |
1_2_013FBA9C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_070F54B8 |
12_2_070F54B8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_070F04D8 |
12_2_070F04D8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_070F2068 |
12_2_070F2068 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_070F3F53 |
12_2_070F3F53 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_070F9F98 |
12_2_070F9F98 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_070F3EFB |
12_2_070F3EFB |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_070F6C2A |
12_2_070F6C2A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_070F0C48 |
12_2_070F0C48 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_070F9938 |
12_2_070F9938 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_070F4519 |
12_2_070F4519 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_070F4528 |
12_2_070F4528 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_070F0527 |
12_2_070F0527 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_070F8530 |
12_2_070F8530 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_070F8540 |
12_2_070F8540 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_070F3568 |
12_2_070F3568 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_070F3563 |
12_2_070F3563 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_070F0562 |
12_2_070F0562 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_070F05A6 |
12_2_070F05A6 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_070F05ED |
12_2_070F05ED |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_070F4168 |
12_2_070F4168 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_070F4178 |
12_2_070F4178 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_070F204F |
12_2_070F204F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_070F3F33 |
12_2_070F3F33 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_070F6E10 |
12_2_070F6E10 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_070F8E40 |
12_2_070F8E40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_070F0C37 |
12_2_070F0C37 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_070F9928 |
12_2_070F9928 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_070F29E9 |
12_2_070F29E9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_070F29F8 |
12_2_070F29F8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_070F5880 |
12_2_070F5880 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_070F5890 |
12_2_070F5890 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_070F48D0 |
12_2_070F48D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_070F48E0 |
12_2_070F48E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_09F7FBD0 |
12_2_09F7FBD0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_09F74C00 |
12_2_09F74C00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_09F74310 |
12_2_09F74310 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_09F762B8 |
12_2_09F762B8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_09F7FBC0 |
12_2_09F7FBC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_09F78B70 |
12_2_09F78B70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_09F78B60 |
12_2_09F78B60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_09F73FC0 |
12_2_09F73FC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_09F79090 |
12_2_09F79090 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_09F79081 |
12_2_09F79081 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_09F7C2C8 |
12_2_09F7C2C8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_09F7C2B8 |
12_2_09F7C2B8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_0A270B90 |
12_2_0A270B90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 12_2_0A270B80 |
12_2_0A270B80 |
Source: 12.0.AppLaunch.exe.400000.4.unpack, u202a????????????????????????????????????????.cs |
Security API names: System.Void Microsoft.Win32.RegistryKey::SetAccessControl(System.Security.AccessControl.RegistrySecurity) |
Source: 12.0.AppLaunch.exe.400000.4.unpack, u202a????????????????????????????????????????.cs |
Security API names: System.Security.Principal.IdentityReference System.Security.Principal.SecurityIdentifier::Translate(System.Type) |
Source: 12.0.AppLaunch.exe.400000.4.unpack, u202a????????????????????????????????????????.cs |
Security API names: System.Void System.Security.AccessControl.RegistrySecurity::AddAccessRule(System.Security.AccessControl.RegistryAccessRule) |
Source: 12.0.AppLaunch.exe.400000.1.unpack, u200b????????????????????????????????????????.cs |
Security API names: System.Void System.IO.DirectoryInfo::SetAccessControl(System.Security.AccessControl.DirectorySecurity) |
Source: 12.0.AppLaunch.exe.400000.0.unpack, u200b????????????????????????????????????????.cs |
Security API names: System.Void System.IO.DirectoryInfo::SetAccessControl(System.Security.AccessControl.DirectorySecurity) |
Source: 12.2.AppLaunch.exe.400000.0.unpack, u200b????????????????????????????????????????.cs |
Security API names: System.Void System.IO.DirectoryInfo::SetAccessControl(System.Security.AccessControl.DirectorySecurity) |
Source: 12.2.AppLaunch.exe.400000.0.unpack, u202a????????????????????????????????????????.cs |
Security API names: System.Void Microsoft.Win32.RegistryKey::SetAccessControl(System.Security.AccessControl.RegistrySecurity) |
Source: 12.2.AppLaunch.exe.400000.0.unpack, u202a????????????????????????????????????????.cs |
Security API names: System.Security.Principal.IdentityReference System.Security.Principal.SecurityIdentifier::Translate(System.Type) |
Source: 12.2.AppLaunch.exe.400000.0.unpack, u202a????????????????????????????????????????.cs |
Security API names: System.Void System.Security.AccessControl.RegistrySecurity::AddAccessRule(System.Security.AccessControl.RegistryAccessRule) |
Source: 12.0.AppLaunch.exe.400000.3.unpack, u200d????????????????????????????????????????.cs |
Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent() |
Source: 12.0.AppLaunch.exe.400000.3.unpack, u200d????????????????????????????????????????.cs |
Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole) |
Source: 12.0.AppLaunch.exe.400000.0.unpack, u202a????????????????????????????????????????.cs |
Security API names: System.Void Microsoft.Win32.RegistryKey::SetAccessControl(System.Security.AccessControl.RegistrySecurity) |
Source: 12.0.AppLaunch.exe.400000.0.unpack, u202a????????????????????????????????????????.cs |
Security API names: System.Security.Principal.IdentityReference System.Security.Principal.SecurityIdentifier::Translate(System.Type) |
Source: 12.0.AppLaunch.exe.400000.0.unpack, u202a????????????????????????????????????????.cs |
Security API names: System.Void System.Security.AccessControl.RegistrySecurity::AddAccessRule(System.Security.AccessControl.RegistryAccessRule) |
Source: 12.0.AppLaunch.exe.400000.4.unpack, u200d????????????????????????????????????????.cs |
Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent() |
Source: 12.0.AppLaunch.exe.400000.4.unpack, u200d????????????????????????????????????????.cs |
Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole) |
Source: 12.0.AppLaunch.exe.400000.1.unpack, u200d????????????????????????????????????????.cs |
Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent() |
Source: 12.0.AppLaunch.exe.400000.1.unpack, u200d????????????????????????????????????????.cs |
Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole) |
Source: 12.2.AppLaunch.exe.400000.0.unpack, u200d????????????????????????????????????????.cs |
Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent() |
Source: 12.2.AppLaunch.exe.400000.0.unpack, u200d????????????????????????????????????????.cs |
Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole) |
Source: 12.0.AppLaunch.exe.400000.4.unpack, u200b????????????????????????????????????????.cs |
Security API names: System.Void System.IO.DirectoryInfo::SetAccessControl(System.Security.AccessControl.DirectorySecurity) |
Source: 12.0.AppLaunch.exe.400000.3.unpack, u200b????????????????????????????????????????.cs |
Security API names: System.Void System.IO.DirectoryInfo::SetAccessControl(System.Security.AccessControl.DirectorySecurity) |
Source: 12.0.AppLaunch.exe.400000.0.unpack, u200d????????????????????????????????????????.cs |
Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent() |
Source: 12.0.AppLaunch.exe.400000.0.unpack, u200d????????????????????????????????????????.cs |
Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole) |
Source: 12.0.AppLaunch.exe.400000.3.unpack, u202a????????????????????????????????????????.cs |
Security API names: System.Void Microsoft.Win32.RegistryKey::SetAccessControl(System.Security.AccessControl.RegistrySecurity) |
Source: 12.0.AppLaunch.exe.400000.3.unpack, u202a????????????????????????????????????????.cs |
Security API names: System.Security.Principal.IdentityReference System.Security.Principal.SecurityIdentifier::Translate(System.Type) |
Source: 12.0.AppLaunch.exe.400000.3.unpack, u202a????????????????????????????????????????.cs |
Security API names: System.Void System.Security.AccessControl.RegistrySecurity::AddAccessRule(System.Security.AccessControl.RegistryAccessRule) |
Source: 12.0.AppLaunch.exe.400000.1.unpack, u202a????????????????????????????????????????.cs |
Security API names: System.Void Microsoft.Win32.RegistryKey::SetAccessControl(System.Security.AccessControl.RegistrySecurity) |
Source: 12.0.AppLaunch.exe.400000.1.unpack, u202a????????????????????????????????????????.cs |
Security API names: System.Security.Principal.IdentityReference System.Security.Principal.SecurityIdentifier::Translate(System.Type) |
Source: 12.0.AppLaunch.exe.400000.1.unpack, u202a????????????????????????????????????????.cs |
Security API names: System.Void System.Security.AccessControl.RegistrySecurity::AddAccessRule(System.Security.AccessControl.RegistryAccessRule) |
Source: C:\Users\user\Desktop\PasswordStealer.NET.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PasswordStealer.NET.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PasswordStealer.NET.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PasswordStealer.NET.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PasswordStealer.NET.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PasswordStealer.NET.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PasswordStealer.NET.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PasswordStealer.NET.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PasswordStealer.NET.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PasswordStealer.NET.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PasswordStealer.NET.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PasswordStealer.NET.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PasswordStealer.NET.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PasswordStealer.NET.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PasswordStealer.NET.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PasswordStealer.NET.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PasswordStealer.NET.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PasswordStealer.NET.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PasswordStealer.NET.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PasswordStealer.NET.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PasswordStealer.NET.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PasswordStealer.NET.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PasswordStealer.NET.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PasswordStealer.NET.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PasswordStealer.NET.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PasswordStealer.NET.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PasswordStealer.NET.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PasswordStealer.NET.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PasswordStealer.NET.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PasswordStealer.NET.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PasswordStealer.NET.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PasswordStealer.NET.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PasswordStealer.NET.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PasswordStealer.NET.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |