Source: explorer.exe, 0000000A.00000000.969373511.00000000046D0000.00000002.00000001.00040000.00000000.sdmp | String found in binary or memory: http://computername/printers/printername/.printer |
Source: explorer.exe, 0000000A.00000000.1005046507.0000000003B10000.00000002.00000001.00040000.00000000.sdmp | String found in binary or memory: http://investor.msn.com |
Source: explorer.exe, 0000000A.00000000.1005046507.0000000003B10000.00000002.00000001.00040000.00000000.sdmp | String found in binary or memory: http://investor.msn.com/ |
Source: explorer.exe, 0000000A.00000000.998739838.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.949886859.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.983940407.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.1027026563.0000000000335000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://java.sun.com |
Source: explorer.exe, 0000000A.00000000.1005424318.0000000003CF7000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000A.00000000.1030081883.0000000003CF7000.00000002.00000001.00040000.00000000.sdmp | String found in binary or memory: http://localizability/practices/XML.asp |
Source: explorer.exe, 0000000A.00000000.1005424318.0000000003CF7000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000A.00000000.1030081883.0000000003CF7000.00000002.00000001.00040000.00000000.sdmp | String found in binary or memory: http://localizability/practices/XMLConfiguration.asp |
Source: explorer.exe, 0000000A.00000000.1001877731.0000000001DD0000.00000002.00000001.00040000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous. |
Source: Client.exe, 00000005.00000002.947458698.0000000002671000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: explorer.exe, 0000000A.00000000.1008328661.0000000006450000.00000002.00000001.00040000.00000000.sdmp | String found in binary or memory: http://servername/isapibackend.dll |
Source: explorer.exe, 0000000A.00000000.1005424318.0000000003CF7000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000A.00000000.1030081883.0000000003CF7000.00000002.00000001.00040000.00000000.sdmp | String found in binary or memory: http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check |
Source: explorer.exe, 0000000A.00000000.969373511.00000000046D0000.00000002.00000001.00040000.00000000.sdmp | String found in binary or memory: http://treyresearch.net |
Source: explorer.exe, 0000000A.00000000.969373511.00000000046D0000.00000002.00000001.00040000.00000000.sdmp | String found in binary or memory: http://wellformedweb.org/CommentAPI/ |
Source: explorer.exe, 0000000A.00000000.1005424318.0000000003CF7000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000A.00000000.1030081883.0000000003CF7000.00000002.00000001.00040000.00000000.sdmp | String found in binary or memory: http://windowsmedia.com/redir/services.asp?WMPFriendly=true |
Source: explorer.exe, 0000000A.00000000.1001877731.0000000001DD0000.00000002.00000001.00040000.00000000.sdmp | String found in binary or memory: http://www.%s.comPA |
Source: explorer.exe, 0000000A.00000000.998739838.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.949886859.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.983940407.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.1027026563.0000000000335000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.autoitscript.com/autoit3 |
Source: explorer.exe, 0000000A.00000000.969373511.00000000046D0000.00000002.00000001.00040000.00000000.sdmp | String found in binary or memory: http://www.expedia.com/pub/agent.dll?qscr=mcst&strt1=%1&city1=%2&stnm1=%4&zipc1=%3&cnty1=5?http://ww |
Source: explorer.exe, 0000000A.00000000.1005046507.0000000003B10000.00000002.00000001.00040000.00000000.sdmp | String found in binary or memory: http://www.hotmail.com/oe |
Source: explorer.exe, 0000000A.00000000.1005424318.0000000003CF7000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000A.00000000.1030081883.0000000003CF7000.00000002.00000001.00040000.00000000.sdmp | String found in binary or memory: http://www.icra.org/vocabulary/. |
Source: explorer.exe, 0000000A.00000000.969373511.00000000046D0000.00000002.00000001.00040000.00000000.sdmp | String found in binary or memory: http://www.iis.fhg.de/audioPA |
Source: explorer.exe, 0000000A.00000000.1005046507.0000000003B10000.00000002.00000001.00040000.00000000.sdmp | String found in binary or memory: http://www.msnbc.com/news/ticker.txt |
Source: explorer.exe, 0000000A.00000000.976786692.00000000084C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.1004626983.0000000002CBF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.piriform.com/ccleaner |
Source: explorer.exe, 0000000A.00000000.978377131.0000000008611000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.1010833057.0000000008611000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.993943393.0000000008611000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.piriform.com/ccleaner1SPS0 |
Source: explorer.exe, 0000000A.00000000.1010360758.0000000008521000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.995439916.0000000008807000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.979257547.000000000869E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.950353171.00000000003A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.994846785.000000000869E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.979787030.000000000880D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.992888492.00000000084D2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.1011293822.000000000869E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.993114505.0000000008521000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.1010156944.00000000084D2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.976835880.00000000084D2000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv |
Source: explorer.exe, 0000000A.00000000.1029291046.0000000002CBF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.986329833.0000000002CBF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.958357895.0000000002CBF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.1004626983.0000000002CBF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.piriform.com/ccleanerq |
Source: explorer.exe, 0000000A.00000000.988586812.0000000004385000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.1006236115.0000000004385000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.968187098.0000000004385000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.piriform.com/ccleanerv |
Source: explorer.exe, 0000000A.00000000.1005046507.0000000003B10000.00000002.00000001.00040000.00000000.sdmp | String found in binary or memory: http://www.windows.com/pctv. |
Source: explorer.exe, 0000000A.00000000.998739838.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.949886859.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.983940407.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.1027026563.0000000000335000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://support.mozilla.org |
Source: explorer.exe, 0000000A.00000000.998739838.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.949886859.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.983940407.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.1027026563.0000000000335000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org |
Source: explorer.exe, 0000000A.00000000.998739838.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.949886859.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.983940407.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.1027026563.0000000000335000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/firefox/52.0.1/releasenotes |
Source: SecuriteInfo.com.Exploit.Rtf.Obfuscated.32.12395.rtf, type: SAMPLE | Matched rule: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents. Author: ditekSHen |
Source: 9.2.notepad.exe.400000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 9.2.notepad.exe.400000.1.raw.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 9.2.notepad.exe.400000.1.raw.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 9.0.notepad.exe.400000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 9.0.notepad.exe.400000.2.raw.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 9.0.notepad.exe.400000.2.raw.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 9.0.notepad.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 9.0.notepad.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 9.0.notepad.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 9.0.notepad.exe.400000.3.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 9.0.notepad.exe.400000.3.raw.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 9.0.notepad.exe.400000.3.raw.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 9.2.notepad.exe.400000.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 9.2.notepad.exe.400000.1.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 9.2.notepad.exe.400000.1.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 9.0.notepad.exe.400000.3.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 9.0.notepad.exe.400000.3.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 9.0.notepad.exe.400000.3.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 9.0.notepad.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 9.0.notepad.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 9.0.notepad.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 9.0.notepad.exe.400000.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 9.0.notepad.exe.400000.1.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 9.0.notepad.exe.400000.1.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 9.0.notepad.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 9.0.notepad.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 9.0.notepad.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 9.0.notepad.exe.400000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 9.0.notepad.exe.400000.1.raw.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 9.0.notepad.exe.400000.1.raw.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 9.0.notepad.exe.400000.4.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 9.0.notepad.exe.400000.4.raw.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 9.0.notepad.exe.400000.4.raw.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 0000000B.00000002.1174323535.0000000000080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 0000000B.00000002.1174323535.0000000000080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 0000000B.00000002.1174323535.0000000000080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000009.00000000.936456430.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 00000009.00000000.936456430.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000009.00000000.936456430.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000009.00000002.1039869159.00000000002B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 00000009.00000002.1039869159.00000000002B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000009.00000002.1039869159.00000000002B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000009.00000000.936147308.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 00000009.00000000.936147308.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000009.00000000.936147308.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000009.00000000.944576873.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 00000009.00000000.944576873.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000009.00000000.944576873.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 0000000D.00000000.1155298831.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 0000000D.00000000.1155298831.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 0000000D.00000000.1155298831.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 0000000D.00000000.1152501907.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 0000000D.00000000.1152501907.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 0000000D.00000000.1152501907.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 0000000D.00000002.1160841001.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 0000000D.00000002.1160841001.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 0000000D.00000002.1160841001.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 0000000A.00000000.1012237175.000000000B4B5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 0000000A.00000000.1012237175.000000000B4B5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 0000000A.00000000.1012237175.000000000B4B5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 0000000B.00000002.1175159269.0000000000230000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 0000000B.00000002.1175159269.0000000000230000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 0000000B.00000002.1175159269.0000000000230000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000005.00000002.955126906.0000000003696000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 00000005.00000002.955126906.0000000003696000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000005.00000002.955126906.0000000003696000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 0000000A.00000000.996747059.000000000B4B5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 0000000A.00000000.996747059.000000000B4B5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 0000000A.00000000.996747059.000000000B4B5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 0000000B.00000002.1174987416.0000000000200000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 0000000B.00000002.1174987416.0000000000200000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 0000000B.00000002.1174987416.0000000000200000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000009.00000002.1039958071.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 00000009.00000002.1039958071.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000009.00000002.1039958071.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000009.00000002.1039727888.0000000000150000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 00000009.00000002.1039727888.0000000000150000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000009.00000002.1039727888.0000000000150000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000009.00000000.944868705.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 00000009.00000000.944868705.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000009.00000000.944868705.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: Process Memory Space: Client.exe PID: 2948, type: MEMORYSTR | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: Process Memory Space: notepad.exe PID: 2496, type: MEMORYSTR | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: Process Memory Space: NAPSTAT.EXE PID: 204, type: MEMORYSTR | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{35F4FC89-AF57-47A0-AA61-CE9C986E155F}.tmp, type: DROPPED | Matched rule: EXP_potential_CVE_2017_11882 Author: ReversingLabs |
Source: SecuriteInfo.com.Exploit.Rtf.Obfuscated.32.12395.rtf, type: SAMPLE | Matched rule: MAL_RTF_Embedded_OLE_PE date = 2018-01-22, author = Florian Roth, description = Detects a suspicious string often used in PE files in a hex encoded object stream, reference = https://www.nextron-systems.com/2018/01/22/creating-yara-rules-detect-embedded-exe-files-ole-objects/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: SecuriteInfo.com.Exploit.Rtf.Obfuscated.32.12395.rtf, type: SAMPLE | Matched rule: INDICATOR_RTF_MalVer_Objects author = ditekSHen, description = Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents. |
Source: 9.2.notepad.exe.400000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 9.2.notepad.exe.400000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 9.2.notepad.exe.400000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 9.0.notepad.exe.400000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 9.0.notepad.exe.400000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 9.0.notepad.exe.400000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 9.0.notepad.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 9.0.notepad.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 9.0.notepad.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 9.0.notepad.exe.400000.3.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 9.0.notepad.exe.400000.3.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 9.0.notepad.exe.400000.3.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 9.2.notepad.exe.400000.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 9.2.notepad.exe.400000.1.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 9.2.notepad.exe.400000.1.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 9.0.notepad.exe.400000.3.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 9.0.notepad.exe.400000.3.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 9.0.notepad.exe.400000.3.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 9.0.notepad.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 9.0.notepad.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 9.0.notepad.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 9.0.notepad.exe.400000.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 9.0.notepad.exe.400000.1.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 9.0.notepad.exe.400000.1.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 9.0.notepad.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 9.0.notepad.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 9.0.notepad.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 9.0.notepad.exe.400000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 9.0.notepad.exe.400000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 9.0.notepad.exe.400000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 9.0.notepad.exe.400000.4.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 9.0.notepad.exe.400000.4.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 9.0.notepad.exe.400000.4.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 0000000B.00000002.1174323535.0000000000080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 0000000B.00000002.1174323535.0000000000080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 0000000B.00000002.1174323535.0000000000080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000009.00000000.936456430.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000009.00000000.936456430.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000009.00000000.936456430.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000009.00000002.1039869159.00000000002B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000009.00000002.1039869159.00000000002B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000009.00000002.1039869159.00000000002B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000009.00000000.936147308.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000009.00000000.936147308.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000009.00000000.936147308.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000009.00000000.944576873.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000009.00000000.944576873.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000009.00000000.944576873.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 0000000D.00000000.1155298831.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 0000000D.00000000.1155298831.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 0000000D.00000000.1155298831.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 0000000D.00000000.1152501907.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 0000000D.00000000.1152501907.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 0000000D.00000000.1152501907.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 0000000D.00000002.1160841001.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 0000000D.00000002.1160841001.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 0000000D.00000002.1160841001.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 0000000A.00000000.1012237175.000000000B4B5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 0000000A.00000000.1012237175.000000000B4B5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 0000000A.00000000.1012237175.000000000B4B5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 0000000B.00000002.1175159269.0000000000230000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 0000000B.00000002.1175159269.0000000000230000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 0000000B.00000002.1175159269.0000000000230000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000005.00000002.955126906.0000000003696000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000005.00000002.955126906.0000000003696000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000005.00000002.955126906.0000000003696000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 0000000A.00000000.996747059.000000000B4B5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 0000000A.00000000.996747059.000000000B4B5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 0000000A.00000000.996747059.000000000B4B5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 0000000B.00000002.1174987416.0000000000200000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 0000000B.00000002.1174987416.0000000000200000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 0000000B.00000002.1174987416.0000000000200000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000009.00000002.1039958071.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000009.00000002.1039958071.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000009.00000002.1039958071.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000009.00000002.1039727888.0000000000150000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000009.00000002.1039727888.0000000000150000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000009.00000002.1039727888.0000000000150000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000009.00000000.944868705.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000009.00000000.944868705.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000009.00000000.944868705.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: Process Memory Space: Client.exe PID: 2948, type: MEMORYSTR | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: Process Memory Space: notepad.exe PID: 2496, type: MEMORYSTR | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: Process Memory Space: NAPSTAT.EXE PID: 204, type: MEMORYSTR | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{35F4FC89-AF57-47A0-AA61-CE9C986E155F}.tmp, type: DROPPED | Matched rule: rtf_cve2017_11882_ole author = John Davison, description = Attempts to identify the exploit CVE 2017 11882, score = , sample = 51cf2a6c0c1a29abca9fd13cb22421da, reference = https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about |
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{35F4FC89-AF57-47A0-AA61-CE9C986E155F}.tmp, type: DROPPED | Matched rule: EXP_potential_CVE_2017_11882 author = ReversingLabs, reference = https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-cobalt-strike-payload-exploiting-cve-2017-11882.html |
Source: C:\Users\user\AppData\Local\Temp\Client.exe | Code function: 5_2_001F13B0 | 5_2_001F13B0 |
Source: C:\Users\user\AppData\Local\Temp\Client.exe | Code function: 5_2_001F3618 | 5_2_001F3618 |
Source: C:\Users\user\AppData\Local\Temp\Client.exe | Code function: 5_2_001F4AB9 | 5_2_001F4AB9 |
Source: C:\Users\user\AppData\Local\Temp\Client.exe | Code function: 5_2_001FA060 | 5_2_001FA060 |
Source: C:\Users\user\AppData\Local\Temp\Client.exe | Code function: 5_2_001F4AC8 | 5_2_001F4AC8 |
Source: C:\Users\user\AppData\Local\Temp\Client.exe | Code function: 5_2_003403E5 | 5_2_003403E5 |
Source: C:\Users\user\AppData\Local\Temp\Client.exe | Code function: 5_2_00B59CB0 | 5_2_00B59CB0 |
Source: C:\Users\user\AppData\Local\Temp\Client.exe | Code function: 5_2_00B59EF0 | 5_2_00B59EF0 |
Source: C:\Users\user\AppData\Local\Temp\Client.exe | Code function: 5_2_00B59AE0 | 5_2_00B59AE0 |
Source: C:\Users\user\AppData\Local\Temp\Client.exe | Code function: 5_2_00B5A4E8 | 5_2_00B5A4E8 |
Source: C:\Users\user\AppData\Local\Temp\Client.exe | Code function: 5_2_00B56C10 | 5_2_00B56C10 |
Source: C:\Users\user\AppData\Local\Temp\Client.exe | Code function: 5_2_00B59920 | 5_2_00B59920 |
Source: C:\Users\user\AppData\Local\Temp\Client.exe | Code function: 5_2_04C40048 | 5_2_04C40048 |
Source: C:\Users\user\AppData\Local\Temp\Client.exe | Code function: 5_2_04C40548 | 5_2_04C40548 |
Source: C:\Users\user\AppData\Local\Temp\Client.exe | Code function: 5_2_04C4050C | 5_2_04C4050C |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00401030 | 9_2_00401030 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_0041E163 | 9_2_0041E163 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_0041E166 | 9_2_0041E166 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_0041F9AA | 9_2_0041F9AA |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_0041EA20 | 9_2_0041EA20 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_0040E330 | 9_2_0040E330 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_0041EC09 | 9_2_0041EC09 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00409DD0 | 9_2_00409DD0 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_0041F584 | 9_2_0041F584 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00402D8B | 9_2_00402D8B |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00402D90 | 9_2_00402D90 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_0041E7ED | 9_2_0041E7ED |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00402FB0 | 9_2_00402FB0 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B1E0C6 | 9_2_00B1E0C6 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B4D005 | 9_2_00B4D005 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B9D06D | 9_2_00B9D06D |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B3905A | 9_2_00B3905A |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B23040 | 9_2_00B23040 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B1E2E9 | 9_2_00B1E2E9 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00BC1238 | 9_2_00BC1238 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00BC63BF | 9_2_00BC63BF |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B463DB | 9_2_00B463DB |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B1F3CF | 9_2_00B1F3CF |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B22305 | 9_2_00B22305 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B6A37B | 9_2_00B6A37B |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B27353 | 9_2_00B27353 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B55485 | 9_2_00B55485 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B31489 | 9_2_00B31489 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00BA443E | 9_2_00BA443E |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B5D47D | 9_2_00B5D47D |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B3C5F0 | 9_2_00B3C5F0 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00BA05E3 | 9_2_00BA05E3 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B2351F | 9_2_00B2351F |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B66540 | 9_2_00B66540 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B24680 | 9_2_00B24680 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B2E6C1 | 9_2_00B2E6C1 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B6A634 | 9_2_00B6A634 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00BC2622 | 9_2_00BC2622 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B2C7BC | 9_2_00B2C7BC |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00BA579A | 9_2_00BA579A |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B557C3 | 9_2_00B557C3 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00BBF8EE | 9_2_00BBF8EE |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B9F8C4 | 9_2_00B9F8C4 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B4286D | 9_2_00B4286D |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B2C85C | 9_2_00B2C85C |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B229B2 | 9_2_00B229B2 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00BC098E | 9_2_00BC098E |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B369FE | 9_2_00B369FE |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00BA5955 | 9_2_00BA5955 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00BA394B | 9_2_00BA394B |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00BD3A83 | 9_2_00BD3A83 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00BCCBA4 | 9_2_00BCCBA4 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00BADBDA | 9_2_00BADBDA |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00BA6BCB | 9_2_00BA6BCB |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B47B00 | 9_2_00B47B00 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00BBFDDD | 9_2_00BBFDDD |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B50D3B | 9_2_00B50D3B |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B2CD5B | 9_2_00B2CD5B |
Source: C:\Users\user\AppData\Local\Temp\Client.exe | Code function: 5_2_001F24A0 NtQuerySystemInformation, | 5_2_001F24A0 |
Source: C:\Users\user\AppData\Local\Temp\Client.exe | Code function: 5_2_001F2498 NtQuerySystemInformation, | 5_2_001F2498 |
Source: C:\Users\user\AppData\Local\Temp\Client.exe | Code function: 5_2_00E9DC10 NtSetContextThread, | 5_2_00E9DC10 |
Source: C:\Users\user\AppData\Local\Temp\Client.exe | Code function: 5_2_00E9D1F0 NtProtectVirtualMemory, | 5_2_00E9D1F0 |
Source: C:\Users\user\AppData\Local\Temp\Client.exe | Code function: 5_2_00E9CD08 NtAllocateVirtualMemory, | 5_2_00E9CD08 |
Source: C:\Users\user\AppData\Local\Temp\Client.exe | Code function: 5_2_00E9F100 NtResumeThread, | 5_2_00E9F100 |
Source: C:\Users\user\AppData\Local\Temp\Client.exe | Code function: 5_2_00E9D700 NtWriteVirtualMemory, | 5_2_00E9D700 |
Source: C:\Users\user\AppData\Local\Temp\Client.exe | Code function: 5_2_04C4B8D8 NtCreateThreadEx, | 5_2_04C4B8D8 |
Source: C:\Users\user\AppData\Local\Temp\Client.exe | Code function: 5_2_04C4B3F8 NtWriteVirtualMemory, | 5_2_04C4B3F8 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_0041AD40 NtCreateFile, | 9_2_0041AD40 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_0041ADF0 NtReadFile, | 9_2_0041ADF0 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_0041AE70 NtClose, | 9_2_0041AE70 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_0041AF20 NtAllocateVirtualMemory, | 9_2_0041AF20 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_0041AD3A NtCreateFile, | 9_2_0041AD3A |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_0041AE6A NtClose, | 9_2_0041AE6A |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_0041AF1A NtAllocateVirtualMemory, | 9_2_0041AF1A |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B100C4 NtCreateFile,LdrInitializeThunk, | 9_2_00B100C4 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B10078 NtResumeThread,LdrInitializeThunk, | 9_2_00B10078 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B10048 NtProtectVirtualMemory,LdrInitializeThunk, | 9_2_00B10048 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B107AC NtCreateMutant,LdrInitializeThunk, | 9_2_00B107AC |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B0F9F0 NtClose,LdrInitializeThunk, | 9_2_00B0F9F0 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B0F900 NtReadFile,LdrInitializeThunk, | 9_2_00B0F900 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B0FAE8 NtQueryInformationProcess,LdrInitializeThunk, | 9_2_00B0FAE8 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B0FAD0 NtAllocateVirtualMemory,LdrInitializeThunk, | 9_2_00B0FAD0 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B0FBB8 NtQueryInformationToken,LdrInitializeThunk, | 9_2_00B0FBB8 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B0FB68 NtFreeVirtualMemory,LdrInitializeThunk, | 9_2_00B0FB68 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B0FC90 NtUnmapViewOfSection,LdrInitializeThunk, | 9_2_00B0FC90 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B0FC60 NtMapViewOfSection,LdrInitializeThunk, | 9_2_00B0FC60 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B0FD8C NtDelayExecution,LdrInitializeThunk, | 9_2_00B0FD8C |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B0FDC0 NtQuerySystemInformation,LdrInitializeThunk, | 9_2_00B0FDC0 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B0FEA0 NtReadVirtualMemory,LdrInitializeThunk, | 9_2_00B0FEA0 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B0FED0 NtAdjustPrivilegesToken,LdrInitializeThunk, | 9_2_00B0FED0 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B0FFB4 NtCreateSection,LdrInitializeThunk, | 9_2_00B0FFB4 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B110D0 NtOpenProcessToken, | 9_2_00B110D0 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B10060 NtQuerySection, | 9_2_00B10060 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B101D4 NtSetValueKey, | 9_2_00B101D4 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B1010C NtOpenDirectoryObject, | 9_2_00B1010C |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B11148 NtOpenThread, | 9_2_00B11148 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B0F8CC NtWaitForSingleObject, | 9_2_00B0F8CC |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B11930 NtSetContextThread, | 9_2_00B11930 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B0F938 NtWriteFile, | 9_2_00B0F938 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B0FAB8 NtQueryValueKey, | 9_2_00B0FAB8 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B0FA20 NtQueryInformationFile, | 9_2_00B0FA20 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B0FA50 NtEnumerateValueKey, | 9_2_00B0FA50 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B0FBE8 NtQueryVirtualMemory, | 9_2_00B0FBE8 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B0FB50 NtCreateKey, | 9_2_00B0FB50 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B0FC30 NtOpenProcess, | 9_2_00B0FC30 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B10C40 NtGetContextThread, | 9_2_00B10C40 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B0FC48 NtSetInformationFile, | 9_2_00B0FC48 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B11D80 NtSuspendThread, | 9_2_00B11D80 |
Source: C:\Windows\SysWOW64\notepad.exe | Code function: 9_2_00B0FD5C NtEnumerateKey, | 9_2_00B0FD5C |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\Client.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\Client.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\Client.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\Client.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\Client.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\Client.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\Client.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\Client.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\Client.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\Client.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\Client.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\Client.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\Client.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\Client.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\NAPSTAT.EXE | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\NAPSTAT.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\NAPSTAT.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\NAPSTAT.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\NAPSTAT.EXE | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | Jump to behavior |