Source: Yara match | File source: 2.0.vbc.exe.610000.3.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.vbc.exe.610000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.0.vbc.exe.610000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.0.vbc.exe.610000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.0.vbc.exe.610000.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.Dhl recent package delivery report needs attention.exe.353dd30.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.0.vbc.exe.610000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.Dhl recent package delivery report needs attention.exe.3509510.1.raw.unpack, type: UNPACKEDPE |
Source: vbc.exe, 00000002.00000002.637072337.0000000006981000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: vbc.exe, 00000002.00000002.637072337.0000000006981000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://DynDns.comDynDNSnamejidpasswordPsi/Psi |
Source: vbc.exe, 00000002.00000002.639895069.0000000006CEE000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://api.telegram.org |
Source: vbc.exe, 00000002.00000002.640666655.0000000009DF0000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: vbc.exe, 00000002.00000002.637072337.0000000006981000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://hEsAGj.com |
Source: vbc.exe, 00000002.00000002.639841267.0000000006CD9000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: Dhl recent package delivery report needs attention.exe | String found in binary or memory: http://www.red-gate.com/products/dotnet-development/smartassembly/?utm_source=smartassemblyui&utm_me |
Source: Dhl recent package delivery report needs attention.exe | String found in binary or memory: http://www.smartassembly.com/webservices/Reporting/L |
Source: Dhl recent package delivery report needs attention.exe | String found in binary or memory: http://www.smartassembly.com/webservices/Reporting/UploadReport2 |
Source: Dhl recent package delivery report needs attention.exe | String found in binary or memory: http://www.smartassembly.com/webservices/Reporting/UploadReport2v |
Source: Dhl recent package delivery report needs attention.exe | String found in binary or memory: http://www.smartassembly.com/webservices/UploadReportLogin/ |
Source: Dhl recent package delivery report needs attention.exe | String found in binary or memory: http://www.smartassembly.com/webservices/UploadReportLogin/GetServerURL |
Source: vbc.exe, 00000002.00000002.639841267.0000000006CD9000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://api.telegram.org |
Source: Dhl recent package delivery report needs attention.exe, 00000001.00000002.388827798.0000000003509000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000000.382250415.0000000000612000.00000040.00000400.00020000.00000000.sdmp, vbc.exe, 00000002.00000000.380913160.0000000000612000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: https://api.telegram.org/bot5279095555:AAE4HwAzPbUle9whPqEu6faWeNRU-6BRHps/ |
Source: vbc.exe, 00000002.00000002.639841267.0000000006CD9000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://api.telegram.org/bot5279095555:AAE4HwAzPbUle9whPqEu6faWeNRU-6BRHps/sendDocument |
Source: vbc.exe, 00000002.00000002.637072337.0000000006981000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://api.telegram.org/bot5279095555:AAE4HwAzPbUle9whPqEu6faWeNRU-6BRHps/sendDocumentdocument----- |
Source: vbc.exe, 00000002.00000002.639841267.0000000006CD9000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://api.telegram.org4Hkp |
Source: Dhl recent package delivery report needs attention.exe, 00000001.00000002.388770101.0000000002518000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://dafa.fa |
Source: vbc.exe, 00000002.00000002.637072337.0000000006981000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://uyuDgc6hArJiFp.org |
Source: vbc.exe, 00000002.00000002.637072337.0000000006981000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.ziphttps://www |
Source: 2.0.vbc.exe.610000.3.unpack, type: UNPACKEDPE | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 2.2.vbc.exe.610000.0.unpack, type: UNPACKEDPE | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 2.0.vbc.exe.610000.1.unpack, type: UNPACKEDPE | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 2.0.vbc.exe.610000.0.unpack, type: UNPACKEDPE | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 1.2.Dhl recent package delivery report needs attention.exe.353dd30.2.unpack, type: UNPACKEDPE | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 2.0.vbc.exe.610000.4.unpack, type: UNPACKEDPE | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 1.2.Dhl recent package delivery report needs attention.exe.353dd30.2.raw.unpack, type: UNPACKEDPE | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 1.2.Dhl recent package delivery report needs attention.exe.3509510.1.unpack, type: UNPACKEDPE | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 2.0.vbc.exe.610000.2.unpack, type: UNPACKEDPE | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 1.2.Dhl recent package delivery report needs attention.exe.3509510.1.raw.unpack, type: UNPACKEDPE | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 2.0.vbc.exe.610000.0.unpack, u003cPrivateImplementationDetailsu003eu007bBB4BE492u002d6011u002d480Bu002d9BB6u002d62392DD3DBCEu007d/C1CFE8FFu002d83FDu002d4C7Fu002d8602u002d9133ABE62880.cs | Large array initialization: .cctor: array initializer size 11668 |
Source: 2.0.vbc.exe.610000.4.unpack, u003cPrivateImplementationDetailsu003eu007bBB4BE492u002d6011u002d480Bu002d9BB6u002d62392DD3DBCEu007d/C1CFE8FFu002d83FDu002d4C7Fu002d8602u002d9133ABE62880.cs | Large array initialization: .cctor: array initializer size 11668 |
Source: 2.0.vbc.exe.610000.3.unpack, u003cPrivateImplementationDetailsu003eu007bBB4BE492u002d6011u002d480Bu002d9BB6u002d62392DD3DBCEu007d/C1CFE8FFu002d83FDu002d4C7Fu002d8602u002d9133ABE62880.cs | Large array initialization: .cctor: array initializer size 11668 |
Source: 2.0.vbc.exe.610000.1.unpack, u003cPrivateImplementationDetailsu003eu007bBB4BE492u002d6011u002d480Bu002d9BB6u002d62392DD3DBCEu007d/C1CFE8FFu002d83FDu002d4C7Fu002d8602u002d9133ABE62880.cs | Large array initialization: .cctor: array initializer size 11668 |
Source: 2.2.vbc.exe.610000.0.unpack, u003cPrivateImplementationDetailsu003eu007bBB4BE492u002d6011u002d480Bu002d9BB6u002d62392DD3DBCEu007d/C1CFE8FFu002d83FDu002d4C7Fu002d8602u002d9133ABE62880.cs | Large array initialization: .cctor: array initializer size 11668 |
Source: 2.0.vbc.exe.610000.3.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 2.2.vbc.exe.610000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 2.0.vbc.exe.610000.1.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 2.0.vbc.exe.610000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 1.2.Dhl recent package delivery report needs attention.exe.353dd30.2.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 2.0.vbc.exe.610000.4.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 1.2.Dhl recent package delivery report needs attention.exe.353dd30.2.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 1.2.Dhl recent package delivery report needs attention.exe.3509510.1.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 2.0.vbc.exe.610000.2.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 1.2.Dhl recent package delivery report needs attention.exe.3509510.1.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Code function: 2_2_008DF080 | 2_2_008DF080 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Code function: 2_2_008DF3C8 | 2_2_008DF3C8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Code function: 2_2_008D02C2 | 2_2_008D02C2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Code function: 2_2_008DF3BD | 2_2_008DF3BD |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Code function: 2_2_0A104BC8 | 2_2_0A104BC8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Code function: 2_2_0A1030E8 | 2_2_0A1030E8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Code function: 2_2_0A101150 | 2_2_0A101150 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Code function: 2_2_0A104F40 | 2_2_0A104F40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Code function: 2_2_0A108780 | 2_2_0A108780 |
Source: Dhl recent package delivery report needs attention.exe, 00000001.00000002.387791663.0000000000250000.00000002.00000001.01000000.00000005.sdmp | Binary or memory string: OriginalFilenameAcroCEF.exe> vs Dhl recent package delivery report needs attention.exe |
Source: Dhl recent package delivery report needs attention.exe, 00000001.00000002.387791663.0000000000250000.00000002.00000001.01000000.00000005.sdmp | Binary or memory string: OriginalFilenameAcroCEF.exe< vs Dhl recent package delivery report needs attention.exe |
Source: Dhl recent package delivery report needs attention.exe, 00000001.00000002.388770101.0000000002518000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameoOGLJXHkjIUdDHWuyQTkUEYbpke.exe4 vs Dhl recent package delivery report needs attention.exe |
Source: Dhl recent package delivery report needs attention.exe, 00000001.00000002.388827798.0000000003509000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameoOGLJXHkjIUdDHWuyQTkUEYbpke.exe4 vs Dhl recent package delivery report needs attention.exe |
Source: Dhl recent package delivery report needs attention.exe | Binary or memory string: OriginalFilenameAcroCEF.exe> vs Dhl recent package delivery report needs attention.exe |
Source: Dhl recent package delivery report needs attention.exe | Binary or memory string: OriginalFilenameAcroCEF.exe< vs Dhl recent package delivery report needs attention.exe |
Source: Dhl recent package delivery report needs attention.exe, u001fu0003/u009b.cs | Cryptographic APIs: 'CreateDecryptor' |
Source: Dhl recent package delivery report needs attention.exe, u001fu0003/u009b.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: Dhl recent package delivery report needs attention.exe, u001fu0003/u009b.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: 1.0.Dhl recent package delivery report needs attention.exe.1e0000.0.unpack, u001fu0003/u009b.cs | Cryptographic APIs: 'CreateDecryptor' |
Source: 1.0.Dhl recent package delivery report needs attention.exe.1e0000.0.unpack, u001fu0003/u009b.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: 1.0.Dhl recent package delivery report needs attention.exe.1e0000.0.unpack, u001fu0003/u009b.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: 2.0.vbc.exe.610000.0.unpack, A/F1.cs | Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: 2.0.vbc.exe.610000.0.unpack, A/F1.cs | Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: 2.0.vbc.exe.610000.4.unpack, A/F1.cs | Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: 2.0.vbc.exe.610000.4.unpack, A/F1.cs | Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: C:\Users\user\Desktop\Dhl recent package delivery report needs attention.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Dhl recent package delivery report needs attention.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Dhl recent package delivery report needs attention.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Dhl recent package delivery report needs attention.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Dhl recent package delivery report needs attention.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Dhl recent package delivery report needs attention.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Dhl recent package delivery report needs attention.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Dhl recent package delivery report needs attention.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Dhl recent package delivery report needs attention.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Dhl recent package delivery report needs attention.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Dhl recent package delivery report needs attention.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Dhl recent package delivery report needs attention.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Dhl recent package delivery report needs attention.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Dhl recent package delivery report needs attention.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Dhl recent package delivery report needs attention.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Dhl recent package delivery report needs attention.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Dhl recent package delivery report needs attention.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Dhl recent package delivery report needs attention.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Dhl recent package delivery report needs attention.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Dhl recent package delivery report needs attention.exe | Queries volume information: C:\Users\user\Desktop\Dhl recent package delivery report needs attention.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Dhl recent package delivery report needs attention.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Dhl recent package delivery report needs attention.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | Jump to behavior |
Source: Yara match | File source: 2.0.vbc.exe.610000.3.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.vbc.exe.610000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.0.vbc.exe.610000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.0.vbc.exe.610000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.Dhl recent package delivery report needs attention.exe.353dd30.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.0.vbc.exe.610000.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.Dhl recent package delivery report needs attention.exe.353dd30.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.Dhl recent package delivery report needs attention.exe.3509510.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.0.vbc.exe.610000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.Dhl recent package delivery report needs attention.exe.3509510.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000002.00000000.382250415.0000000000612000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.636043814.0000000000612000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000000.381341061.0000000000612000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000000.381707170.0000000000612000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000000.380913160.0000000000612000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.388827798.0000000003509000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.637072337.0000000006981000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: Dhl recent package delivery report needs attention.exe PID: 6256, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: vbc.exe PID: 2728, type: MEMORYSTR |
Source: Yara match | File source: 2.0.vbc.exe.610000.3.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.vbc.exe.610000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.0.vbc.exe.610000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.0.vbc.exe.610000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.Dhl recent package delivery report needs attention.exe.353dd30.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.0.vbc.exe.610000.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.Dhl recent package delivery report needs attention.exe.353dd30.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.Dhl recent package delivery report needs attention.exe.3509510.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.0.vbc.exe.610000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.Dhl recent package delivery report needs attention.exe.3509510.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000002.00000000.382250415.0000000000612000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.636043814.0000000000612000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000000.381341061.0000000000612000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000000.381707170.0000000000612000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000000.380913160.0000000000612000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.388827798.0000000003509000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.637072337.0000000006981000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: Dhl recent package delivery report needs attention.exe PID: 6256, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: vbc.exe PID: 2728, type: MEMORYSTR |