Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00AE4696 GetFileAttributesW,FindFirstFileW,FindClose, | 0_2_00AE4696 |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00AEF200 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, | 0_2_00AEF200 |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00AEF35D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, | 0_2_00AEF35D |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00AEF65E FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose, | 0_2_00AEF65E |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00AEC9C7 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf, | 0_2_00AEC9C7 |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00AEC93C FindFirstFileW,FindClose, | 0_2_00AEC93C |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00AE3A2B FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, | 0_2_00AE3A2B |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00AE3D4E FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, | 0_2_00AE3D4E |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00AEBF27 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose, | 0_2_00AEBF27 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_01004696 GetFileAttributesW,FindFirstFileW,FindClose, | 5_2_01004696 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_0100C93C FindFirstFileW,FindClose, | 5_2_0100C93C |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_0100C9C7 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf, | 5_2_0100C9C7 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_0100F35D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, | 5_2_0100F35D |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_0100F200 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, | 5_2_0100F200 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_0100F65E FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose, | 5_2_0100F65E |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_01003A2B FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, | 5_2_01003A2B |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_01003D4E FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, | 5_2_01003D4E |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_0100BF27 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose, | 5_2_0100BF27 |
Source: RegSvcs.exe, 00000006.00000002.3724793852.0000000002ED7000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.3724793852.0000000002E27000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.4074056598.0000000003057000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.4074056598.0000000003107000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://api.telegram.org |
Source: RegSvcs.exe, 00000006.00000002.3724793852.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.4074056598.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: RegSvcs.exe, 00000006.00000002.3727604621.0000000005360000.00000004.08000000.00040000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.3726494091.0000000003DA1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.3727264751.00000000052E0000.00000004.08000000.00040000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.3723541613.0000000002970000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://account.dyn.com/ |
Source: RegSvcs.exe, 00000006.00000002.3724793852.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.3727604621.0000000005360000.00000004.08000000.00040000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.3726494091.0000000003DA1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.3727264751.00000000052E0000.00000004.08000000.00040000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.3723541613.0000000002970000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.4074056598.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://api.ipify.org |
Source: RegSvcs.exe, 00000006.00000002.3724793852.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.4074056598.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://api.ipify.org/ |
Source: RegSvcs.exe, 00000006.00000002.3724793852.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.4074056598.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://api.ipify.org/t |
Source: RegSvcs.exe, 00000006.00000002.3724793852.0000000002ED7000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.3724793852.0000000002E27000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.4074056598.0000000003057000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.4074056598.0000000003107000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://api.telegram.org |
Source: RegSvcs.exe, 00000006.00000002.3724793852.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.3727604621.0000000005360000.00000004.08000000.00040000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.3726494091.0000000003DA1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.3727264751.00000000052E0000.00000004.08000000.00040000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.3723541613.0000000002970000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.4074056598.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://api.telegram.org/bot6598056807:AAEJNVpW5jLTQx4-KLaAAUiX0mRFbdRCujw/ |
Source: RegSvcs.exe, 00000006.00000002.3724793852.0000000002ED7000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.3724793852.0000000002E27000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.4074056598.0000000003057000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000E.00000002.4074056598.0000000003107000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://api.telegram.org/bot6598056807:AAEJNVpW5jLTQx4-KLaAAUiX0mRFbdRCujw/sendDocument |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00B0CDAC DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW, | 0_2_00B0CDAC |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_0102CDAC DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW, | 5_2_0102CDAC |
Source: 6.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects RedLine infostealer Author: ditekSHen |
Source: 6.2.RegSvcs.exe.3df5d90.3.unpack, type: UNPACKEDPE | Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 6.2.RegSvcs.exe.5360000.6.unpack, type: UNPACKEDPE | Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 6.2.RegSvcs.exe.52e0ee8.5.unpack, type: UNPACKEDPE | Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 6.2.RegSvcs.exe.29b00f6.1.unpack, type: UNPACKEDPE | Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 6.2.RegSvcs.exe.29b0fde.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 6.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects RedLine infostealer Author: ditekSHen |
Source: 6.2.RegSvcs.exe.52e0ee8.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 13.2.name.exe.3b20000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects RedLine infostealer Author: ditekSHen |
Source: 6.2.RegSvcs.exe.29b0fde.2.unpack, type: UNPACKEDPE | Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 6.2.RegSvcs.exe.3df5d90.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 9.2.name.exe.f00000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects RedLine infostealer Author: ditekSHen |
Source: 6.2.RegSvcs.exe.29b00f6.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 11.2.name.exe.3470000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects RedLine infostealer Author: ditekSHen |
Source: 6.2.RegSvcs.exe.52e0000.4.unpack, type: UNPACKEDPE | Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 6.2.RegSvcs.exe.52e0000.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 5.2.name.exe.2250000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects RedLine infostealer Author: ditekSHen |
Source: 6.2.RegSvcs.exe.5360000.6.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 0000000B.00000002.3709116896.0000000003470000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects RedLine infostealer Author: ditekSHen |
Source: 00000006.00000002.3721578647.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Detects RedLine infostealer Author: ditekSHen |
Source: 0000000D.00000002.3721594709.0000000003B20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects RedLine infostealer Author: ditekSHen |
Source: 00000006.00000002.3727604621.0000000005360000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 00000005.00000002.3514402339.0000000002250000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects RedLine infostealer Author: ditekSHen |
Source: 00000006.00000002.3727264751.00000000052E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen |
Source: 00000009.00000002.3677574811.0000000000F00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects RedLine infostealer Author: ditekSHen |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: This is a third-party compiled AutoIt script. | 0_2_00A83B4C |
Source: Supplier Order Scan 0001293039493.exe | String found in binary or memory: This is a third-party compiled AutoIt script. | |
Source: Supplier Order Scan 0001293039493.exe, 00000000.00000003.3473323845.00000000034F5000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: This is a third-party compiled AutoIt script. | memstr_3e4ba94f-2 |
Source: Supplier Order Scan 0001293039493.exe, 00000000.00000003.3473323845.00000000034F5000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer | memstr_a1677c21-8 |
Source: Supplier Order Scan 0001293039493.exe, 00000000.00000000.1603846107.0000000000B35000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: This is a third-party compiled AutoIt script. | memstr_d43efb16-6 |
Source: Supplier Order Scan 0001293039493.exe, 00000000.00000000.1603846107.0000000000B35000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer | memstr_0fe7a17c-3 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: This is a third-party compiled AutoIt script. | 5_2_00FA3B4C |
Source: name.exe | String found in binary or memory: This is a third-party compiled AutoIt script. | |
Source: name.exe, 00000005.00000002.3513690920.0000000001055000.00000002.00000001.01000000.00000005.sdmp | String found in binary or memory: This is a third-party compiled AutoIt script. | memstr_7dc161a7-4 |
Source: name.exe, 00000005.00000002.3513690920.0000000001055000.00000002.00000001.01000000.00000005.sdmp | String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer | memstr_77879edf-f |
Source: name.exe, 00000009.00000002.3678156040.0000000001055000.00000002.00000001.01000000.00000005.sdmp | String found in binary or memory: This is a third-party compiled AutoIt script. | memstr_c22a57be-8 |
Source: name.exe, 00000009.00000002.3678156040.0000000001055000.00000002.00000001.01000000.00000005.sdmp | String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer | memstr_30f3de78-1 |
Source: name.exe, 0000000B.00000002.3708790104.0000000001055000.00000002.00000001.01000000.00000005.sdmp | String found in binary or memory: This is a third-party compiled AutoIt script. | memstr_4d78c692-2 |
Source: name.exe, 0000000B.00000002.3708790104.0000000001055000.00000002.00000001.01000000.00000005.sdmp | String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer | memstr_66268d37-7 |
Source: name.exe, 0000000D.00000002.3720422488.0000000001055000.00000002.00000001.01000000.00000005.sdmp | String found in binary or memory: This is a third-party compiled AutoIt script. | memstr_a6eb0b06-6 |
Source: name.exe, 0000000D.00000002.3720422488.0000000001055000.00000002.00000001.01000000.00000005.sdmp | String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer | memstr_254577eb-3 |
Source: Supplier Order Scan 0001293039493.exe | String found in binary or memory: This is a third-party compiled AutoIt script. | memstr_3165e733-4 |
Source: Supplier Order Scan 0001293039493.exe | String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer | memstr_16d69721-4 |
Source: name.exe.0.dr | String found in binary or memory: This is a third-party compiled AutoIt script. | memstr_df93a708-a |
Source: name.exe.0.dr | String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer | memstr_0b2d233c-1 |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00A8E800 | 0_2_00A8E800 |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00AADBB5 | 0_2_00AADBB5 |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00AB7006 | 0_2_00AB7006 |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00A8E060 | 0_2_00A8E060 |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00B0804A | 0_2_00B0804A |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00A93190 | 0_2_00A93190 |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00A9710E | 0_2_00A9710E |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00A94140 | 0_2_00A94140 |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00A81287 | 0_2_00A81287 |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00AAF419 | 0_2_00AAF419 |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00AB6522 | 0_2_00AB6522 |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00A95680 | 0_2_00A95680 |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00AA16C4 | 0_2_00AA16C4 |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00AB267E | 0_2_00AB267E |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00B00665 | 0_2_00B00665 |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00A958C0 | 0_2_00A958C0 |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00AA78D3 | 0_2_00AA78D3 |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00A96843 | 0_2_00A96843 |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00AB89DF | 0_2_00AB89DF |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00AB6A94 | 0_2_00AB6A94 |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00B00AE2 | 0_2_00B00AE2 |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00A98A0E | 0_2_00A98A0E |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00ADEB07 | 0_2_00ADEB07 |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00AE8B13 | 0_2_00AE8B13 |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00AB9D05 | 0_2_00AB9D05 |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00AACD61 | 0_2_00AACD61 |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00A8FE40 | 0_2_00A8FE40 |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00AABFE6 | 0_2_00AABFE6 |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00D53680 | 0_2_00D53680 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_00FAE800 | 5_2_00FAE800 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_00FCDBB5 | 5_2_00FCDBB5 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_00FAE060 | 5_2_00FAE060 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_0102804A | 5_2_0102804A |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_00FB4140 | 5_2_00FB4140 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_00FC2405 | 5_2_00FC2405 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_00FD6522 | 5_2_00FD6522 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_00FD267E | 5_2_00FD267E |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_01020665 | 5_2_01020665 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_00FB6843 | 5_2_00FB6843 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_00FC283A | 5_2_00FC283A |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_00FD89DF | 5_2_00FD89DF |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_01008B13 | 5_2_01008B13 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_00FD6A94 | 5_2_00FD6A94 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_00FB8A0E | 5_2_00FB8A0E |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_01020AE2 | 5_2_01020AE2 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_00FFEB07 | 5_2_00FFEB07 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_00FCCD61 | 5_2_00FCCD61 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_00FD7006 | 5_2_00FD7006 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_00FB3190 | 5_2_00FB3190 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_00FB710E | 5_2_00FB710E |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_00FA1287 | 5_2_00FA1287 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_00FC33C7 | 5_2_00FC33C7 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_00FCF419 | 5_2_00FCF419 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_00FC16C4 | 5_2_00FC16C4 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_00FB5680 | 5_2_00FB5680 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_00FC78D3 | 5_2_00FC78D3 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_00FB58C0 | 5_2_00FB58C0 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_00FC1BB8 | 5_2_00FC1BB8 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_00FD9D05 | 5_2_00FD9D05 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_00FAFE40 | 5_2_00FAFE40 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_00FCBFE6 | 5_2_00FCBFE6 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_00FC1FD0 | 5_2_00FC1FD0 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_02243680 | 5_2_02243680 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_00408C60 | 6_2_00408C60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_0040DC11 | 6_2_0040DC11 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_00407C3F | 6_2_00407C3F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_00418CCC | 6_2_00418CCC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_00406CA0 | 6_2_00406CA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_004028B0 | 6_2_004028B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_0041A4BE | 6_2_0041A4BE |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_00408C60 | 6_2_00408C60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_00418244 | 6_2_00418244 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_00401650 | 6_2_00401650 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_00402F20 | 6_2_00402F20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_004193C4 | 6_2_004193C4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_00418788 | 6_2_00418788 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_00402F89 | 6_2_00402F89 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_00402B90 | 6_2_00402B90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_004073A0 | 6_2_004073A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_02AECB38 | 6_2_02AECB38 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_02AED750 | 6_2_02AED750 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_02AECE80 | 6_2_02AECE80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_02AE12CA | 6_2_02AE12CA |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_02AE0FD0 | 6_2_02AE0FD0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_02AE1030 | 6_2_02AE1030 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_0634BE08 | 6_2_0634BE08 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_063496F0 | 6_2_063496F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_0634EED0 | 6_2_0634EED0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_06346238 | 6_2_06346238 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_06345A40 | 6_2_06345A40 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_0634F5D0 | 6_2_0634F5D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_06340006 | 6_2_06340006 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_06340040 | 6_2_06340040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_06740620 | 6_2_06740620 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_06745420 | 6_2_06745420 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_0674A218 | 6_2_0674A218 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_067463B8 | 6_2_067463B8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_06741710 | 6_2_06741710 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_0674E168 | 6_2_0674E168 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_06AD48D1 | 6_2_06AD48D1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_06AD0040 | 6_2_06AD0040 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 9_2_00EF3680 | 9_2_00EF3680 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 11_2_03463680 | 11_2_03463680 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 13_2_00D63680 | 13_2_00D63680 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 14_2_02F7D750 | 14_2_02F7D750 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 14_2_02F7CB38 | 14_2_02F7CB38 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 14_2_02F7CE80 | 14_2_02F7CE80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 14_2_02F70FD0 | 14_2_02F70FD0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 14_2_02F71030 | 14_2_02F71030 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 14_2_05B79700 | 14_2_05B79700 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 14_2_05B7EEE0 | 14_2_05B7EEE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 14_2_05B7BE18 | 14_2_05B7BE18 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 14_2_05B75A50 | 14_2_05B75A50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 14_2_05B76248 | 14_2_05B76248 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 14_2_05B7F5E0 | 14_2_05B7F5E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 14_2_05B7001E | 14_2_05B7001E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 14_2_05B70040 | 14_2_05B70040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 14_2_068EA738 | 14_2_068EA738 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 14_2_068E0740 | 14_2_068E0740 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 14_2_068E64D8 | 14_2_068E64D8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 14_2_068E5540 | 14_2_068E5540 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 14_2_068EE288 | 14_2_068EE288 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 14_2_068E1830 | 14_2_068E1830 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 14_2_05B79AA8 | 14_2_05B79AA8 |
Source: 6.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
Source: 6.2.RegSvcs.exe.3df5d90.3.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 6.2.RegSvcs.exe.5360000.6.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 6.2.RegSvcs.exe.52e0ee8.5.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 6.2.RegSvcs.exe.29b00f6.1.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 6.2.RegSvcs.exe.29b0fde.2.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 6.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
Source: 6.2.RegSvcs.exe.52e0ee8.5.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 13.2.name.exe.3b20000.1.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
Source: 6.2.RegSvcs.exe.29b0fde.2.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 6.2.RegSvcs.exe.3df5d90.3.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 9.2.name.exe.f00000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
Source: 6.2.RegSvcs.exe.29b00f6.1.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 11.2.name.exe.3470000.1.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
Source: 6.2.RegSvcs.exe.52e0000.4.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 6.2.RegSvcs.exe.52e0000.4.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 5.2.name.exe.2250000.1.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
Source: 6.2.RegSvcs.exe.5360000.6.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 0000000B.00000002.3709116896.0000000003470000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
Source: 00000006.00000002.3721578647.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
Source: 0000000D.00000002.3721594709.0000000003B20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
Source: 00000006.00000002.3727604621.0000000005360000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 00000005.00000002.3514402339.0000000002250000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
Source: 00000006.00000002.3727264751.00000000052E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
Source: 00000009.00000002.3677574811.0000000000F00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
Source: unknown | Process created: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe "C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe" | |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Process created: C:\Users\user\AppData\Local\directory\name.exe "C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe" | |
Source: C:\Users\user\AppData\Local\directory\name.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe" | |
Source: unknown | Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs" | |
Source: C:\Windows\System32\wscript.exe | Process created: C:\Users\user\AppData\Local\directory\name.exe "C:\Users\user\AppData\Local\directory\name.exe" | |
Source: C:\Users\user\AppData\Local\directory\name.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\AppData\Local\directory\name.exe" | |
Source: C:\Users\user\AppData\Local\directory\name.exe | Process created: C:\Users\user\AppData\Local\directory\name.exe "C:\Users\user\AppData\Local\directory\name.exe" | |
Source: C:\Users\user\AppData\Local\directory\name.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\AppData\Local\directory\name.exe" | |
Source: C:\Users\user\AppData\Local\directory\name.exe | Process created: C:\Users\user\AppData\Local\directory\name.exe "C:\Users\user\AppData\Local\directory\name.exe" | |
Source: C:\Users\user\AppData\Local\directory\name.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\AppData\Local\directory\name.exe" | |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Process created: C:\Users\user\AppData\Local\directory\name.exe "C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe" | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe" | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Process created: C:\Users\user\AppData\Local\directory\name.exe "C:\Users\user\AppData\Local\directory\name.exe" | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\AppData\Local\directory\name.exe" | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Process created: C:\Users\user\AppData\Local\directory\name.exe "C:\Users\user\AppData\Local\directory\name.exe" | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\AppData\Local\directory\name.exe" | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Process created: C:\Users\user\AppData\Local\directory\name.exe "C:\Users\user\AppData\Local\directory\name.exe" | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\AppData\Local\directory\name.exe" | Jump to behavior |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Section loaded: wsock32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: wsock32.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: sxs.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: vbscript.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: msisip.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: wshext.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: scrobj.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: mlang.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: scrrun.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: edputil.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: appresolver.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: bcp47langs.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: wsock32.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: wsock32.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: wsock32.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00AA8B85 push ecx; ret | 0_2_00AA8B98 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_01008719 push FFFFFF8Bh; iretd | 5_2_0100871B |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_00FCE94F push edi; ret | 5_2_00FCE951 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_00FCEA68 push esi; ret | 5_2_00FCEA6A |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_00FC8B85 push ecx; ret | 5_2_00FC8B98 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_00FCEC43 push esi; ret | 5_2_00FCEC45 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_00FCED2C push edi; ret | 5_2_00FCED2E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_0041C40C push cs; iretd | 6_2_0041C4E2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_00423149 push eax; ret | 6_2_00423179 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_0041C50E push cs; iretd | 6_2_0041C4E2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_004231C8 push eax; ret | 6_2_00423179 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_0040E21D push ecx; ret | 6_2_0040E230 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_0041C6BE push ebx; ret | 6_2_0041C6BF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_0040BB97 push dword ptr [ecx-75h]; iretd | 6_2_0040BBA3 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_02AE434F push edx; iretd | 6_2_02AE4363 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_0634E138 pushad ; retf | 6_2_0634E139 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_06AD56E8 push eax; retf | 6_2_06AD56E9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 6_2_06AD20F0 push es; ret | 6_2_06AD20F4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 14_2_02F7434F push edx; iretd | 14_2_02F74363 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 14_2_02F72997 push es; ret | 14_2_02F72998 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Code function: 14_2_05B7E148 pushad ; retf | 14_2_05B7E149 |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00B055FD IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed, | 0_2_00B055FD |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00A84A35 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput, | 0_2_00A84A35 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_00FA4A35 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput, | 5_2_00FA4A35 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_010255FD IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed, | 5_2_010255FD |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 600000 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 599860 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 599655 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 599540 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 599434 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 599328 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 599219 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 599109 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 599000 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 598891 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 598782 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 598657 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 598532 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 598422 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 598313 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 598188 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 598063 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 597938 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 597813 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 597698 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 597578 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 597469 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 597355 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 597227 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 595722 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 595552 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 595437 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 595327 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 595204 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 595078 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 594967 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 594826 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 594676 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 594547 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 594422 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 594313 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 594188 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 594077 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 593968 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 593858 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 593735 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 593625 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 593515 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 593406 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 593296 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 593186 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 593078 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 592969 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 592859 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 592750 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 592637 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 592522 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 600000 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 599890 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 599781 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 599671 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 599562 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 599452 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 599343 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 599234 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 599124 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 599015 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 598906 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 598796 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 598687 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 598578 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 598468 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 598359 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 598250 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 598140 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 598031 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 597920 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 597812 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 597703 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 597593 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 597484 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 597375 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 597265 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 597156 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 597046 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 596937 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 596817 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 596687 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 596578 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 596468 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 596359 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 596250 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 596140 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 596030 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 595909 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 595781 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 595671 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 595562 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 595453 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 595343 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 595234 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 595125 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 595015 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 594906 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 594796 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 594687 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 594578 | Jump to behavior |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00AE4696 GetFileAttributesW,FindFirstFileW,FindClose, | 0_2_00AE4696 |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00AEF200 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, | 0_2_00AEF200 |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00AEF35D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, | 0_2_00AEF35D |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00AEF65E FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose, | 0_2_00AEF65E |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00AEC9C7 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf, | 0_2_00AEC9C7 |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00AEC93C FindFirstFileW,FindClose, | 0_2_00AEC93C |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00AE3A2B FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, | 0_2_00AE3A2B |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00AE3D4E FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, | 0_2_00AE3D4E |
Source: C:\Users\user\Desktop\Supplier Order Scan 0001293039493.exe | Code function: 0_2_00AEBF27 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose, | 0_2_00AEBF27 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_01004696 GetFileAttributesW,FindFirstFileW,FindClose, | 5_2_01004696 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_0100C93C FindFirstFileW,FindClose, | 5_2_0100C93C |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_0100C9C7 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf, | 5_2_0100C9C7 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_0100F35D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, | 5_2_0100F35D |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_0100F200 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, | 5_2_0100F200 |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_0100F65E FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose, | 5_2_0100F65E |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_01003A2B FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, | 5_2_01003A2B |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_01003D4E FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, | 5_2_01003D4E |
Source: C:\Users\user\AppData\Local\directory\name.exe | Code function: 5_2_0100BF27 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose, | 5_2_0100BF27 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 600000 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 599860 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 599655 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 599540 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 599434 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 599328 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 599219 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 599109 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 599000 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 598891 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 598782 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 598657 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 598532 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 598422 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 598313 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 598188 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 598063 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 597938 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 597813 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 597698 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 597578 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 597469 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 597355 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 597227 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 595722 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 595552 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 595437 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 595327 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 595204 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 595078 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 594967 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 594826 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 594676 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 594547 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 594422 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 594313 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 594188 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 594077 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 593968 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 593858 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 593735 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 593625 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 593515 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 593406 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 593296 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 593186 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 593078 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 592969 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 592859 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 592750 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 592637 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 592522 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 600000 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 599890 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 599781 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 599671 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 599562 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 599452 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 599343 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 599234 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 599124 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 599015 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 598906 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 598796 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 598687 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 598578 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 598468 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 598359 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 598250 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 598140 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 598031 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 597920 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 597812 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 597703 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 597593 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 597484 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 597375 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 597265 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 597156 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 597046 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 596937 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 596817 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 596687 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 596578 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 596468 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 596359 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 596250 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 596140 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 596030 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 595909 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 595781 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 595671 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 595562 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 595453 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 595343 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 595234 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 595125 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 595015 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 594906 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 594796 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 594687 | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe | Thread delayed: delay time: 594578 | Jump to behavior |
Source: Yara match | File source: sslproxydump.pcap, type: PCAP |
Source: Yara match | File source: 6.2.RegSvcs.exe.3df5d90.3.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.2.RegSvcs.exe.5360000.6.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.2.RegSvcs.exe.52e0ee8.5.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.2.RegSvcs.exe.29b00f6.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.2.RegSvcs.exe.29b0fde.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.2.RegSvcs.exe.52e0ee8.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.2.RegSvcs.exe.29b0fde.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.2.RegSvcs.exe.3df5d90.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.2.RegSvcs.exe.29b00f6.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.2.RegSvcs.exe.52e0000.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.2.RegSvcs.exe.52e0000.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.2.RegSvcs.exe.5360000.6.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000006.00000002.3724793852.0000000002E2B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000E.00000002.4074056598.000000000304F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000006.00000002.3724793852.0000000002E1F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000006.00000002.3724793852.0000000002DF4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000E.00000002.4074056598.0000000003024000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000006.00000002.3727604621.0000000005360000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000E.00000002.4074056598.000000000305B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000006.00000002.3727264751.00000000052E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000006.00000002.3726494091.0000000003DA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000006.00000002.3723541613.0000000002970000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: RegSvcs.exe PID: 5100, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: RegSvcs.exe PID: 2024, type: MEMORYSTR |
Source: Yara match | File source: sslproxydump.pcap, type: PCAP |
Source: Yara match | File source: 6.2.RegSvcs.exe.3df5d90.3.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.2.RegSvcs.exe.5360000.6.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.2.RegSvcs.exe.52e0ee8.5.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.2.RegSvcs.exe.29b00f6.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.2.RegSvcs.exe.29b0fde.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.2.RegSvcs.exe.52e0ee8.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.2.RegSvcs.exe.29b0fde.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.2.RegSvcs.exe.3df5d90.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.2.RegSvcs.exe.29b00f6.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.2.RegSvcs.exe.52e0000.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.2.RegSvcs.exe.52e0000.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.2.RegSvcs.exe.5360000.6.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000006.00000002.3724793852.0000000002E2B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000E.00000002.4074056598.000000000304F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000006.00000002.3724793852.0000000002E1F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000006.00000002.3724793852.0000000002DF4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000E.00000002.4074056598.0000000003024000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000006.00000002.3727604621.0000000005360000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000E.00000002.4074056598.000000000305B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000006.00000002.3727264751.00000000052E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000006.00000002.3726494091.0000000003DA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000006.00000002.3723541613.0000000002970000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: RegSvcs.exe PID: 5100, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: RegSvcs.exe PID: 2024, type: MEMORYSTR |