Source: 12.0.b2.exe.400000.4.unpack |
Avira: Label: TR/Spy.Gen8 |
Source: 12.0.b2.exe.400000.12.unpack |
Avira: Label: TR/Spy.Gen8 |
Source: 12.0.b2.exe.400000.6.unpack |
Avira: Label: TR/Spy.Gen8 |
Source: 12.0.b2.exe.400000.8.unpack |
Avira: Label: TR/Spy.Gen8 |
Source: 12.0.b2.exe.400000.10.unpack |
Avira: Label: TR/Spy.Gen8 |
Source: 12.2.b2.exe.400000.0.unpack |
Avira: Label: TR/Spy.Gen8 |
Source: b2.exe, 0000000C.00000002.615030457.00000000034D1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: b2.exe, 0000000C.00000002.615030457.00000000034D1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://DynDns.comDynDNS |
Source: f.dll.0.dr |
String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0 |
Source: f.dll.0.dr |
String found in binary or memory: http://ocsp.thawte.com0 |
Source: f.dll.0.dr |
String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0 |
Source: f.dll.0.dr |
String found in binary or memory: http://s2.symcb.com0 |
Source: f.dll.0.dr |
String found in binary or memory: http://sv.symcb.com/sv.crl0a |
Source: f.dll.0.dr |
String found in binary or memory: http://sv.symcb.com/sv.crt0 |
Source: f.dll.0.dr |
String found in binary or memory: http://sv.symcd.com0& |
Source: f.dll.0.dr |
String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0 |
Source: f.dll.0.dr |
String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0( |
Source: f.dll.0.dr |
String found in binary or memory: http://ts-ocsp.ws.symantec.com07 |
Source: f.dll.0.dr |
String found in binary or memory: http://www.symauth.com/cps0( |
Source: f.dll.0.dr |
String found in binary or memory: http://www.symauth.com/rpa00 |
Source: b2.exe, 0000000C.00000002.615030457.00000000034D1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://xqtbof.com |
Source: b2.exe, 0000000C.00000002.615030457.00000000034D1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.ipify.orgGETMozilla/5.0 |
Source: b2.exe, 00000000.00000003.516030971.000000000637B000.00000004.00000800.00020000.00000000.sdmp, b2.exe, 00000000.00000003.515670250.0000000006376000.00000004.00000800.00020000.00000000.sdmp, b2.exe, 00000000.00000003.516280598.000000000637B000.00000004.00000800.00020000.00000000.sdmp, b2.exe, 00000000.00000003.514691789.000000000636D000.00000004.00000800.00020000.00000000.sdmp, b2.exe, 00000000.00000003.520969631.0000000006A1C000.00000004.00000800.00020000.00000000.sdmp, b2.exe, 00000000.00000003.516074359.0000000006A14000.00000004.00000800.00020000.00000000.sdmp, b2.exe, 00000000.00000003.519825219.0000000006A1A000.00000004.00000800.00020000.00000000.sdmp, b2.exe, 00000000.00000003.515451731.0000000006376000.00000004.00000800.00020000.00000000.sdmp, b2.exe, 00000000.00000003.518667846.000000000637B000.00000004.00000800.00020000.00000000.sdmp, b2.exe, 00000000.00000003.519966505.0000000006A1C000.00000004.00000800.00020000.00000000.sdmp, b2.exe, 0000000C.00000000.522653847.0000000000402000.00000040.00000400.00020000.00000000.sdmp, b2.exe, 0000000C.00000000.522219203.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org/bot1324911145:AAEQBcai78GJtNdHHMwAX0xQhP0p7EcyOuo/ |
Source: b2.exe, 0000000C.00000002.615030457.00000000034D1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org/bot1324911145:AAEQBcai78GJtNdHHMwAX0xQhP0p7EcyOuo/sendDocumentdocument----- |
Source: f.dll.0.dr |
String found in binary or memory: https://d.symcb.com/cps0% |
Source: f.dll.0.dr |
String found in binary or memory: https://d.symcb.com/rpa0 |
Source: b2.exe, 00000000.00000003.516030971.000000000637B000.00000004.00000800.00020000.00000000.sdmp, b2.exe, 00000000.00000003.515670250.0000000006376000.00000004.00000800.00020000.00000000.sdmp, b2.exe, 00000000.00000003.516280598.000000000637B000.00000004.00000800.00020000.00000000.sdmp, b2.exe, 00000000.00000003.514691789.000000000636D000.00000004.00000800.00020000.00000000.sdmp, b2.exe, 00000000.00000003.520969631.0000000006A1C000.00000004.00000800.00020000.00000000.sdmp, b2.exe, 00000000.00000003.516074359.0000000006A14000.00000004.00000800.00020000.00000000.sdmp, b2.exe, 00000000.00000003.519825219.0000000006A1A000.00000004.00000800.00020000.00000000.sdmp, b2.exe, 00000000.00000003.515451731.0000000006376000.00000004.00000800.00020000.00000000.sdmp, b2.exe, 00000000.00000003.518667846.000000000637B000.00000004.00000800.00020000.00000000.sdmp, b2.exe, 00000000.00000003.519966505.0000000006A1C000.00000004.00000800.00020000.00000000.sdmp, b2.exe, 0000000C.00000000.522653847.0000000000402000.00000040.00000400.00020000.00000000.sdmp, b2.exe, 0000000C.00000000.522219203.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip |
Source: b2.exe, 0000000C.00000002.615030457.00000000034D1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: 12.0.b2.exe.400000.8.unpack, type: UNPACKEDPE |
Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 12.0.b2.exe.400000.6.unpack, type: UNPACKEDPE |
Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 12.0.b2.exe.400000.12.unpack, type: UNPACKEDPE |
Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 12.0.b2.exe.400000.10.unpack, type: UNPACKEDPE |
Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 12.2.b2.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 12.0.b2.exe.400000.4.unpack, type: UNPACKEDPE |
Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 0000000C.00000002.615030457.00000000034D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: Process Memory Space: b2.exe PID: 7148, type: MEMORYSTR |
Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: b2.exe, u0034cu003azu00400u002d6mwu00212u007c3siu003e87ru005bgu002c15ou0029bu003b/u0032su003eau007d68nu0029u002d7zxu00231.cs |
Large array initialization: 3f%s:74w(?2a0t[;6bn~1<5d9: array initializer size 151552 |
Source: 0.0.b2.exe.4c0000.0.unpack, u0034cu003azu00400u002d6mwu00212u007c3siu003e87ru005bgu002c15ou0029bu003b/u0032su003eau007d68nu0029u002d7zxu00231.cs |
Large array initialization: 3f%s:74w(?2a0t[;6bn~1<5d9: array initializer size 151552 |
Source: 0.2.b2.exe.4c0000.0.unpack, u0034cu003azu00400u002d6mwu00212u007c3siu003e87ru005bgu002c15ou0029bu003b/u0032su003eau007d68nu0029u002d7zxu00231.cs |
Large array initialization: 3f%s:74w(?2a0t[;6bn~1<5d9: array initializer size 151552 |
Source: 12.0.b2.exe.e00000.9.unpack, u0034cu003azu00400u002d6mwu00212u007c3siu003e87ru005bgu002c15ou0029bu003b/u0032su003eau007d68nu0029u002d7zxu00231.cs |
Large array initialization: 3f%s:74w(?2a0t[;6bn~1<5d9: array initializer size 151552 |
Source: 12.0.b2.exe.400000.4.unpack, u003cPrivateImplementationDetailsu003eu007bFEC5A5F0u002d0C6Eu002d486Fu002d9208u002d7549C4E59E3Cu007d/u00332F6BFD2u002d9E8Bu002d4D29u002d8410u002dA27354B95FB9.cs |
Large array initialization: .cctor: array initializer size 12014 |
Source: 12.2.b2.exe.e00000.1.unpack, u0034cu003azu00400u002d6mwu00212u007c3siu003e87ru005bgu002c15ou0029bu003b/u0032su003eau007d68nu0029u002d7zxu00231.cs |
Large array initialization: 3f%s:74w(?2a0t[;6bn~1<5d9: array initializer size 151552 |
Source: 12.0.b2.exe.e00000.5.unpack, u0034cu003azu00400u002d6mwu00212u007c3siu003e87ru005bgu002c15ou0029bu003b/u0032su003eau007d68nu0029u002d7zxu00231.cs |
Large array initialization: 3f%s:74w(?2a0t[;6bn~1<5d9: array initializer size 151552 |
Source: 12.0.b2.exe.e00000.0.unpack, u0034cu003azu00400u002d6mwu00212u007c3siu003e87ru005bgu002c15ou0029bu003b/u0032su003eau007d68nu0029u002d7zxu00231.cs |
Large array initialization: 3f%s:74w(?2a0t[;6bn~1<5d9: array initializer size 151552 |
Source: 12.0.b2.exe.e00000.3.unpack, u0034cu003azu00400u002d6mwu00212u007c3siu003e87ru005bgu002c15ou0029bu003b/u0032su003eau007d68nu0029u002d7zxu00231.cs |
Large array initialization: 3f%s:74w(?2a0t[;6bn~1<5d9: array initializer size 151552 |
Source: 12.0.b2.exe.e00000.13.unpack, u0034cu003azu00400u002d6mwu00212u007c3siu003e87ru005bgu002c15ou0029bu003b/u0032su003eau007d68nu0029u002d7zxu00231.cs |
Large array initialization: 3f%s:74w(?2a0t[;6bn~1<5d9: array initializer size 151552 |
Source: 12.0.b2.exe.e00000.1.unpack, u0034cu003azu00400u002d6mwu00212u007c3siu003e87ru005bgu002c15ou0029bu003b/u0032su003eau007d68nu0029u002d7zxu00231.cs |
Large array initialization: 3f%s:74w(?2a0t[;6bn~1<5d9: array initializer size 151552 |
Source: 12.0.b2.exe.400000.12.unpack, u003cPrivateImplementationDetailsu003eu007bFEC5A5F0u002d0C6Eu002d486Fu002d9208u002d7549C4E59E3Cu007d/u00332F6BFD2u002d9E8Bu002d4D29u002d8410u002dA27354B95FB9.cs |
Large array initialization: .cctor: array initializer size 12014 |
Source: 12.0.b2.exe.400000.6.unpack, u003cPrivateImplementationDetailsu003eu007bFEC5A5F0u002d0C6Eu002d486Fu002d9208u002d7549C4E59E3Cu007d/u00332F6BFD2u002d9E8Bu002d4D29u002d8410u002dA27354B95FB9.cs |
Large array initialization: .cctor: array initializer size 12014 |
Source: 12.0.b2.exe.e00000.7.unpack, u0034cu003azu00400u002d6mwu00212u007c3siu003e87ru005bgu002c15ou0029bu003b/u0032su003eau007d68nu0029u002d7zxu00231.cs |
Large array initialization: 3f%s:74w(?2a0t[;6bn~1<5d9: array initializer size 151552 |
Source: 12.0.b2.exe.400000.8.unpack, u003cPrivateImplementationDetailsu003eu007bFEC5A5F0u002d0C6Eu002d486Fu002d9208u002d7549C4E59E3Cu007d/u00332F6BFD2u002d9E8Bu002d4D29u002d8410u002dA27354B95FB9.cs |
Large array initialization: .cctor: array initializer size 12014 |
Source: 12.0.b2.exe.400000.8.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 12.0.b2.exe.400000.6.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 12.0.b2.exe.400000.12.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 12.0.b2.exe.400000.10.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 12.2.b2.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 12.0.b2.exe.400000.4.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 0000000C.00000002.615030457.00000000034D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: Process Memory Space: b2.exe PID: 7148, type: MEMORYSTR |
Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: b2.exe |
Binary or memory string: OriginalFilename vs b2.exe |
Source: b2.exe, 00000000.00000002.533971800.0000000000C09000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameclr.dllT vs b2.exe |
Source: b2.exe, 00000000.00000000.344905302.00000000004D8000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilename009273620200110_pdf.exe< vs b2.exe |
Source: b2.exe |
Binary or memory string: OriginalFilename vs b2.exe |
Source: b2.exe, 0000000C.00000000.513142471.0000000000E18000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilename009273620200110_pdf.exe< vs b2.exe |
Source: b2.exe, 0000000C.00000000.522653847.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameHITvAreWBkWWDoLFBJGDIdpxGN.exe4 vs b2.exe |
Source: b2.exe |
Binary or memory string: OriginalFilename009273620200110_pdf.exe< vs b2.exe |
Source: 12.0.b2.exe.400000.4.unpack, A/b2.cs |
Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: 12.0.b2.exe.400000.4.unpack, A/b2.cs |
Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: 12.0.b2.exe.400000.12.unpack, A/b2.cs |
Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: 12.0.b2.exe.400000.12.unpack, A/b2.cs |
Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: 12.0.b2.exe.400000.6.unpack, A/b2.cs |
Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: 12.0.b2.exe.400000.6.unpack, A/b2.cs |
Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Queries volume information: C:\Users\user\Desktop\b2.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Queries volume information: C:\Users\user\Desktop\b2.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\b2.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Jump to behavior |
Source: Yara match |
File source: 12.0.b2.exe.400000.8.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 12.0.b2.exe.400000.6.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 12.0.b2.exe.400000.12.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 12.0.b2.exe.400000.10.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 12.2.b2.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 12.0.b2.exe.400000.4.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0000000C.00000000.522653847.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 0000000C.00000002.613014718.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 0000000C.00000000.523738264.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 0000000C.00000000.523078417.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 0000000C.00000000.522219203.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 0000000C.00000002.615030457.00000000034D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: b2.exe PID: 7148, type: MEMORYSTR |
Source: Yara match |
File source: 12.0.b2.exe.400000.8.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 12.0.b2.exe.400000.6.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 12.0.b2.exe.400000.12.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 12.0.b2.exe.400000.10.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 12.2.b2.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 12.0.b2.exe.400000.4.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0000000C.00000000.522653847.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 0000000C.00000002.613014718.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 0000000C.00000000.523738264.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 0000000C.00000000.523078417.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 0000000C.00000000.522219203.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 0000000C.00000002.615030457.00000000034D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: b2.exe PID: 7148, type: MEMORYSTR |