Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_0022DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose, |
0_2_0022DBBE |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_002368EE FindFirstFileW,FindClose, |
0_2_002368EE |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_0023698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime, |
0_2_0023698F |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_0022D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
0_2_0022D076 |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_0022D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
0_2_0022D3A9 |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_00239642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_00239642 |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_0023979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_0023979D |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_00239B2B FindFirstFileW,Sleep,FindNextFileW,FindClose, |
0_2_00239B2B |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_00235C97 FindFirstFileW,FindNextFileW,FindClose, |
0_2_00235C97 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_001EDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose, |
5_2_001EDBBE |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_001F68EE FindFirstFileW,FindClose, |
5_2_001F68EE |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_001F698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime, |
5_2_001F698F |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_001ED076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
5_2_001ED076 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_001ED3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
5_2_001ED3A9 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_001F9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
5_2_001F9642 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_001F979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
5_2_001F979D |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_001F9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose, |
5_2_001F9B2B |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_001F5C97 FindFirstFileW,FindNextFileW,FindClose, |
5_2_001F5C97 |
Source: RegSvcs.exe, 00000006.00000002.4201582089.0000000003170000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.4201582089.0000000003148000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.4201582089.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.4201582089.00000000031AC000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.4201582089.0000000003163000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.4201582089.000000000319D000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.00000000035D2000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.000000000360D000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.0000000003516000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.00000000035C4000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.00000000035FF000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.00000000035A9000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.00000000035B7000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.com |
Source: RegSvcs.exe, 00000006.00000002.4201582089.00000000030A7000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.4201582089.0000000003170000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.4201582089.000000000317E000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.4201582089.00000000030F8000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.4201582089.0000000003148000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.4201582089.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.4201582089.00000000031AC000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.4201582089.0000000003163000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.4201582089.000000000319D000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.00000000035D2000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.000000000360D000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.0000000003516000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.0000000003559000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.00000000035C4000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.0000000003504000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.00000000035FF000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.00000000035DF000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.00000000035A9000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.00000000035B7000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org |
Source: RegSvcs.exe, 00000006.00000002.4201582089.0000000003001000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.0000000003459000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org/ |
Source: RegSvcs.exe, 00000006.00000002.4200956918.0000000002AC5000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.4201397576.0000000002ED0000.00000004.08000000.00040000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4203176239.00000000043F5000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201171700.0000000003370000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.org/q |
Source: RegSvcs.exe, 00000006.00000002.4201582089.0000000003170000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.4201582089.00000000030CD000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.4201582089.0000000003148000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.4201582089.00000000031AC000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.4201582089.0000000003163000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.4201582089.000000000319D000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.00000000035D2000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.000000000360D000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.000000000352E000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.00000000035C4000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.00000000035FF000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.00000000035A9000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.00000000035B7000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://reallyfreegeoip.org |
Source: RegSvcs.exe, 00000006.00000002.4201582089.000000000319D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://reallyfreegeoip.orgX |
Source: RegSvcs.exe, 00000006.00000002.4201582089.0000000003001000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.0000000003459000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: RegSvcs.exe, 00000006.00000002.4201582089.00000000031BA000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.000000000361B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://scratchdreams.tk |
Source: RegSvcs.exe, 00000006.00000002.4201582089.0000000003170000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.4201582089.00000000030F8000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.4201582089.0000000003148000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.4201582089.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.4201582089.00000000031AC000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.4201582089.0000000003163000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.4201582089.000000000319D000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.00000000035D2000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.000000000360D000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.0000000003516000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.0000000003559000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.00000000035C4000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.00000000035FF000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.00000000035A9000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.00000000035B7000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org |
Source: RegSvcs.exe, 00000006.00000002.4200956918.0000000002AC5000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.4201582089.00000000030B6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.4201397576.0000000002ED0000.00000004.08000000.00040000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4203176239.00000000043F5000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.0000000003516000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201171700.0000000003370000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/ |
Source: RegSvcs.exe, 00000009.00000002.4201350059.00000000035B7000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/81.181.54.104 |
Source: RegSvcs.exe, 00000006.00000002.4201582089.0000000003170000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.4201582089.00000000030F8000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.4201582089.0000000003148000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.4201582089.00000000031AC000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.4201582089.0000000003163000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.4201582089.000000000319D000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.00000000035D2000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.000000000360D000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.0000000003559000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.00000000035C4000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.00000000035FF000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.00000000035A9000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.00000000035B7000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://reallyfreegeoip.org/xml/81.181.54.104$ |
Source: RegSvcs.exe, 00000006.00000002.4201582089.0000000003001000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000006.00000002.4201582089.00000000031BA000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.0000000003459000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.000000000361B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://scratchdreams.tk |
Source: RegSvcs.exe, 00000006.00000002.4201582089.00000000031BA000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.4201350059.000000000361B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://scratchdreams.tk/_send_.php?TS |
Source: 8.2.name.exe.3440000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects RedLine infostealer Author: ditekSHen |
Source: 5.2.name.exe.1590000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects RedLine infostealer Author: ditekSHen |
Source: 6.2.RegSvcs.exe.2b0503e.2.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 6.2.RegSvcs.exe.2b0503e.2.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 9.2.RegSvcs.exe.3370000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 6.2.RegSvcs.exe.2b0503e.2.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 6.2.RegSvcs.exe.2b0503e.2.unpack, type: UNPACKEDPE |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 9.2.RegSvcs.exe.3370000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 9.2.RegSvcs.exe.3370000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 9.2.RegSvcs.exe.3370000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 9.2.RegSvcs.exe.3370ee8.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 9.2.RegSvcs.exe.3370ee8.1.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 9.2.RegSvcs.exe.3370ee8.1.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 9.2.RegSvcs.exe.3370ee8.1.unpack, type: UNPACKEDPE |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 6.2.RegSvcs.exe.2ed0000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 6.2.RegSvcs.exe.2ed0000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 6.2.RegSvcs.exe.2ed0000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 6.2.RegSvcs.exe.2ed0000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 6.2.RegSvcs.exe.2b0503e.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 6.2.RegSvcs.exe.2b0503e.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 6.2.RegSvcs.exe.2b0503e.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 6.2.RegSvcs.exe.2b0503e.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 6.2.RegSvcs.exe.2b05f26.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 6.2.RegSvcs.exe.2b05f26.1.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 6.2.RegSvcs.exe.2b05f26.1.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 6.2.RegSvcs.exe.2b05f26.1.unpack, type: UNPACKEDPE |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 9.2.RegSvcs.exe.4429390.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 9.2.RegSvcs.exe.4429390.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 9.2.RegSvcs.exe.4429390.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 9.2.RegSvcs.exe.4429390.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 9.2.RegSvcs.exe.4429390.4.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 9.2.RegSvcs.exe.4429390.4.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 9.2.RegSvcs.exe.4429390.4.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 9.2.RegSvcs.exe.4429390.4.unpack, type: UNPACKEDPE |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 9.2.RegSvcs.exe.43f5570.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 9.2.RegSvcs.exe.43f5570.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 9.2.RegSvcs.exe.43f5570.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 9.2.RegSvcs.exe.43f5570.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 9.2.RegSvcs.exe.3370000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 9.2.RegSvcs.exe.3370000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 9.2.RegSvcs.exe.3370000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 9.2.RegSvcs.exe.3370000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 9.2.RegSvcs.exe.3370ee8.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 9.2.RegSvcs.exe.3370ee8.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 9.2.RegSvcs.exe.3370ee8.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 9.2.RegSvcs.exe.3370ee8.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 9.2.RegSvcs.exe.43f5570.3.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 9.2.RegSvcs.exe.43f5570.3.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 9.2.RegSvcs.exe.43f5570.3.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 9.2.RegSvcs.exe.43f5570.3.unpack, type: UNPACKEDPE |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 9.2.RegSvcs.exe.43f6458.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 9.2.RegSvcs.exe.43f6458.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 9.2.RegSvcs.exe.43f6458.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 9.2.RegSvcs.exe.43f6458.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 6.2.RegSvcs.exe.2ed0000.3.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 6.2.RegSvcs.exe.2ed0000.3.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 6.2.RegSvcs.exe.2ed0000.3.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 6.2.RegSvcs.exe.2ed0000.3.unpack, type: UNPACKEDPE |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 6.2.RegSvcs.exe.2b05f26.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 6.2.RegSvcs.exe.2b05f26.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 6.2.RegSvcs.exe.2b05f26.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 6.2.RegSvcs.exe.2b05f26.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 9.2.RegSvcs.exe.43f6458.2.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 9.2.RegSvcs.exe.43f6458.2.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 9.2.RegSvcs.exe.43f6458.2.unpack, type: UNPACKEDPE |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 9.2.RegSvcs.exe.43f6458.2.unpack, type: UNPACKEDPE |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 00000005.00000002.3560592156.0000000001590000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects RedLine infostealer Author: ditekSHen |
Source: 00000006.00000002.4200956918.0000000002AC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 00000006.00000002.4200956918.0000000002AC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 00000009.00000002.4203176239.00000000043F5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 00000009.00000002.4203176239.00000000043F5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 00000009.00000002.4201171700.0000000003370000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 00000009.00000002.4201171700.0000000003370000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 00000009.00000002.4201171700.0000000003370000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 00000009.00000002.4201171700.0000000003370000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 00000006.00000002.4201397576.0000000002ED0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 00000006.00000002.4201397576.0000000002ED0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 00000006.00000002.4201397576.0000000002ED0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 00000006.00000002.4201397576.0000000002ED0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: 00000008.00000002.3718438860.0000000003440000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects RedLine infostealer Author: ditekSHen |
Source: Process Memory Space: RegSvcs.exe PID: 5236, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: Process Memory Space: RegSvcs.exe PID: 5236, type: MEMORYSTR |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: Process Memory Space: RegSvcs.exe PID: 4416, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: Process Memory Space: RegSvcs.exe PID: 4416, type: MEMORYSTR |
Matched rule: Detects Snake Keylogger Author: ditekSHen |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_001CBF40 |
0_2_001CBF40 |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_00232046 |
0_2_00232046 |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_001C8060 |
0_2_001C8060 |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_00228298 |
0_2_00228298 |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_001FE4FF |
0_2_001FE4FF |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_001F676B |
0_2_001F676B |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_00254873 |
0_2_00254873 |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_001ECAA0 |
0_2_001ECAA0 |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_001CCAF0 |
0_2_001CCAF0 |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_001DCC39 |
0_2_001DCC39 |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_001F6DD9 |
0_2_001F6DD9 |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_001DB119 |
0_2_001DB119 |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_001C91C0 |
0_2_001C91C0 |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_001E1394 |
0_2_001E1394 |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_001E1706 |
0_2_001E1706 |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_001E781B |
0_2_001E781B |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_001C7920 |
0_2_001C7920 |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_001D997D |
0_2_001D997D |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_001E19B0 |
0_2_001E19B0 |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_001E7A4A |
0_2_001E7A4A |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_001E1C77 |
0_2_001E1C77 |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_001E7CA7 |
0_2_001E7CA7 |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_0024BE44 |
0_2_0024BE44 |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_001F9EEE |
0_2_001F9EEE |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_001E1F32 |
0_2_001E1F32 |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_011936F0 |
0_2_011936F0 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_0018BF40 |
5_2_0018BF40 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_001F2046 |
5_2_001F2046 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_00188060 |
5_2_00188060 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_001E8298 |
5_2_001E8298 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_001BE4FF |
5_2_001BE4FF |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_001B676B |
5_2_001B676B |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_00214873 |
5_2_00214873 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_001ACAA0 |
5_2_001ACAA0 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_0018CAF0 |
5_2_0018CAF0 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_0019CC39 |
5_2_0019CC39 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_001B6DD9 |
5_2_001B6DD9 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_0019B119 |
5_2_0019B119 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_001891C0 |
5_2_001891C0 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_001A1394 |
5_2_001A1394 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_001A1706 |
5_2_001A1706 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_001A781B |
5_2_001A781B |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_00187920 |
5_2_00187920 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_0019997D |
5_2_0019997D |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_001A19B0 |
5_2_001A19B0 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_001A7A4A |
5_2_001A7A4A |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_001A1C77 |
5_2_001A1C77 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_001A7CA7 |
5_2_001A7CA7 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_0020BE44 |
5_2_0020BE44 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_001B9EEE |
5_2_001B9EEE |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_001A1F32 |
5_2_001A1F32 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_015836F0 |
5_2_015836F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_00408C60 |
6_2_00408C60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_0040DC11 |
6_2_0040DC11 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_00407C3F |
6_2_00407C3F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_00418CCC |
6_2_00418CCC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_00406CA0 |
6_2_00406CA0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_004028B0 |
6_2_004028B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_0041A4BE |
6_2_0041A4BE |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_00408C60 |
6_2_00408C60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_00418244 |
6_2_00418244 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_00402F20 |
6_2_00402F20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_004193C4 |
6_2_004193C4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_00418788 |
6_2_00418788 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_00402F89 |
6_2_00402F89 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_00402B90 |
6_2_00402B90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_004073A0 |
6_2_004073A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_02A912B0 |
6_2_02A912B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_02A912C0 |
6_2_02A912C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_02A91560 |
6_2_02A91560 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_02A91550 |
6_2_02A91550 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_02F4AAF0 |
6_2_02F4AAF0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_02F4A220 |
6_2_02F4A220 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_02F48370 |
6_2_02F48370 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_02F44B38 |
6_2_02F44B38 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_02F430F0 |
6_2_02F430F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_02F4B0D0 |
6_2_02F4B0D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_02F4A800 |
6_2_02F4A800 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_02F49ED0 |
6_2_02F49ED0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_02F4ADE0 |
6_2_02F4ADE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_02F4A510 |
6_2_02F4A510 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_02F4AAE0 |
6_2_02F4AAE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_02F4A210 |
6_2_02F4A210 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_02F42372 |
6_2_02F42372 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_02F430E1 |
6_2_02F430E1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_02F4B0C1 |
6_2_02F4B0C1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_02F4C970 |
6_2_02F4C970 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_02F4C95F |
6_2_02F4C95F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_02F4A7F0 |
6_2_02F4A7F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_02F49F20 |
6_2_02F49F20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_02F4ADD0 |
6_2_02F4ADD0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_02F4A500 |
6_2_02F4A500 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 6_2_02F4D5DC |
6_2_02F4D5DC |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 8_2_034336F0 |
8_2_034336F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 9_2_00401650 |
9_2_00401650 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 9_2_02F612C0 |
9_2_02F612C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 9_2_02F612B0 |
9_2_02F612B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 9_2_02F61560 |
9_2_02F61560 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 9_2_02F61550 |
9_2_02F61550 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 9_2_0597ADE0 |
9_2_0597ADE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 9_2_0597A510 |
9_2_0597A510 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 9_2_05979ED0 |
9_2_05979ED0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 9_2_0597B0D0 |
9_2_0597B0D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 9_2_059730F0 |
9_2_059730F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 9_2_0597A800 |
9_2_0597A800 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 9_2_05974B38 |
9_2_05974B38 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 9_2_05978370 |
9_2_05978370 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 9_2_059752B0 |
9_2_059752B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 9_2_0597AAF0 |
9_2_0597AAF0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 9_2_0597A220 |
9_2_0597A220 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 9_2_0597ADD0 |
9_2_0597ADD0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 9_2_0597A500 |
9_2_0597A500 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 9_2_0597A7F0 |
9_2_0597A7F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 9_2_05979F20 |
9_2_05979F20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 9_2_0597B0C0 |
9_2_0597B0C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 9_2_059730E2 |
9_2_059730E2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 9_2_05972372 |
9_2_05972372 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 9_2_0597AAE0 |
9_2_0597AAE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 9_2_0597A210 |
9_2_0597A210 |
Source: 8.2.name.exe.3440000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
Source: 5.2.name.exe.1590000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
Source: 6.2.RegSvcs.exe.2b0503e.2.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 6.2.RegSvcs.exe.2b0503e.2.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 9.2.RegSvcs.exe.3370000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 6.2.RegSvcs.exe.2b0503e.2.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 6.2.RegSvcs.exe.2b0503e.2.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 9.2.RegSvcs.exe.3370000.0.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 9.2.RegSvcs.exe.3370000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 9.2.RegSvcs.exe.3370000.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 9.2.RegSvcs.exe.3370ee8.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 9.2.RegSvcs.exe.3370ee8.1.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 9.2.RegSvcs.exe.3370ee8.1.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 9.2.RegSvcs.exe.3370ee8.1.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 6.2.RegSvcs.exe.2ed0000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 6.2.RegSvcs.exe.2ed0000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 6.2.RegSvcs.exe.2ed0000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 6.2.RegSvcs.exe.2ed0000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 6.2.RegSvcs.exe.2b0503e.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 6.2.RegSvcs.exe.2b0503e.2.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 6.2.RegSvcs.exe.2b0503e.2.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 6.2.RegSvcs.exe.2b0503e.2.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 6.2.RegSvcs.exe.2b05f26.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 6.2.RegSvcs.exe.2b05f26.1.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 6.2.RegSvcs.exe.2b05f26.1.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 6.2.RegSvcs.exe.2b05f26.1.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 9.2.RegSvcs.exe.4429390.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 9.2.RegSvcs.exe.4429390.4.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 9.2.RegSvcs.exe.4429390.4.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 9.2.RegSvcs.exe.4429390.4.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 9.2.RegSvcs.exe.4429390.4.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 9.2.RegSvcs.exe.4429390.4.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 9.2.RegSvcs.exe.4429390.4.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 9.2.RegSvcs.exe.4429390.4.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 9.2.RegSvcs.exe.43f5570.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 9.2.RegSvcs.exe.43f5570.3.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 9.2.RegSvcs.exe.43f5570.3.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 9.2.RegSvcs.exe.43f5570.3.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 9.2.RegSvcs.exe.3370000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 9.2.RegSvcs.exe.3370000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 9.2.RegSvcs.exe.3370000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 9.2.RegSvcs.exe.3370000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 9.2.RegSvcs.exe.3370ee8.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 9.2.RegSvcs.exe.3370ee8.1.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 9.2.RegSvcs.exe.3370ee8.1.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 9.2.RegSvcs.exe.3370ee8.1.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 9.2.RegSvcs.exe.43f5570.3.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 9.2.RegSvcs.exe.43f5570.3.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 9.2.RegSvcs.exe.43f5570.3.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 9.2.RegSvcs.exe.43f5570.3.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 9.2.RegSvcs.exe.43f6458.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 9.2.RegSvcs.exe.43f6458.2.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 9.2.RegSvcs.exe.43f6458.2.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 9.2.RegSvcs.exe.43f6458.2.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 6.2.RegSvcs.exe.2ed0000.3.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 6.2.RegSvcs.exe.2ed0000.3.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 6.2.RegSvcs.exe.2ed0000.3.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 6.2.RegSvcs.exe.2ed0000.3.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 6.2.RegSvcs.exe.2b05f26.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 6.2.RegSvcs.exe.2b05f26.1.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 6.2.RegSvcs.exe.2b05f26.1.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 6.2.RegSvcs.exe.2b05f26.1.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 9.2.RegSvcs.exe.43f6458.2.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 9.2.RegSvcs.exe.43f6458.2.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 9.2.RegSvcs.exe.43f6458.2.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 9.2.RegSvcs.exe.43f6458.2.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 00000005.00000002.3560592156.0000000001590000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
Source: 00000006.00000002.4200956918.0000000002AC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000006.00000002.4200956918.0000000002AC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 00000009.00000002.4203176239.00000000043F5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000009.00000002.4203176239.00000000043F5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 00000009.00000002.4201171700.0000000003370000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000009.00000002.4201171700.0000000003370000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000009.00000002.4201171700.0000000003370000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 00000009.00000002.4201171700.0000000003370000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 00000006.00000002.4201397576.0000000002ED0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000006.00000002.4201397576.0000000002ED0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000006.00000002.4201397576.0000000002ED0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 00000006.00000002.4201397576.0000000002ED0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: 00000008.00000002.3718438860.0000000003440000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
Source: Process Memory Space: RegSvcs.exe PID: 5236, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: Process Memory Space: RegSvcs.exe PID: 5236, type: MEMORYSTR |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: Process Memory Space: RegSvcs.exe PID: 4416, type: MEMORYSTR |
Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: Process Memory Space: RegSvcs.exe PID: 4416, type: MEMORYSTR |
Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: sxs.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: vbscript.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: msisip.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: wshext.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: scrobj.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: mlang.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: scrrun.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: appresolver.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\wscript.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 600000 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599858 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599750 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599641 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599532 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599407 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599282 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599157 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599032 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598907 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598797 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598688 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598563 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598438 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598313 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598188 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598078 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597969 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597844 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597709 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597008 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596469 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596350 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596234 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596125 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596016 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595891 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595766 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595652 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595543 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595422 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595313 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595203 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595094 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594981 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594874 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594766 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594656 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594547 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594437 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594319 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594203 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594094 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 593985 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 593860 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 593735 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 593610 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 593485 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 593361 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 593216 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 590720 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 590366 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 600000 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599891 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599766 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599656 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599547 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599438 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599313 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599188 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599078 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598969 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598844 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598734 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598625 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598516 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598406 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598297 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598188 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598063 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597953 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597844 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597719 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597609 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597500 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597391 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597281 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597172 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597063 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596938 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596828 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596719 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596594 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596484 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596375 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596266 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596156 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596047 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595938 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595813 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595703 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595594 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595469 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595358 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595250 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595140 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595031 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594922 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594813 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594688 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594578 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594469 |
Jump to behavior |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_0022DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose, |
0_2_0022DBBE |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_002368EE FindFirstFileW,FindClose, |
0_2_002368EE |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_0023698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime, |
0_2_0023698F |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_0022D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
0_2_0022D076 |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_0022D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
0_2_0022D3A9 |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_00239642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_00239642 |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_0023979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_0023979D |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_00239B2B FindFirstFileW,Sleep,FindNextFileW,FindClose, |
0_2_00239B2B |
Source: C:\Users\user\Desktop\7Ql51TchBG.exe |
Code function: 0_2_00235C97 FindFirstFileW,FindNextFileW,FindClose, |
0_2_00235C97 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_001EDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose, |
5_2_001EDBBE |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_001F68EE FindFirstFileW,FindClose, |
5_2_001F68EE |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_001F698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime, |
5_2_001F698F |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_001ED076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
5_2_001ED076 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_001ED3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
5_2_001ED3A9 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_001F9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
5_2_001F9642 |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_001F979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
5_2_001F979D |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_001F9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose, |
5_2_001F9B2B |
Source: C:\Users\user\AppData\Local\directory\name.exe |
Code function: 5_2_001F5C97 FindFirstFileW,FindNextFileW,FindClose, |
5_2_001F5C97 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 600000 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599858 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599750 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599641 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599532 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599407 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599282 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599157 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599032 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598907 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598797 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598688 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598563 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598438 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598313 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598188 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598078 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597969 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597844 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597709 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597008 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596469 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596350 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596234 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596125 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596016 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595891 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595766 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595652 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595543 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595422 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595313 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595203 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595094 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594981 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594874 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594766 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594656 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594547 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594437 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594319 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594203 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594094 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 593985 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 593860 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 593735 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 593610 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 593485 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 593361 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 593216 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 590720 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 590366 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 600000 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599891 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599766 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599656 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599547 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599438 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599313 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599188 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 599078 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598969 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598844 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598734 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598625 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598516 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598406 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598297 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598188 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 598063 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597953 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597844 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597719 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597609 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597500 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597391 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597281 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597172 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 597063 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596938 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596828 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596719 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596594 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596484 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596375 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596266 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596156 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 596047 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595938 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595813 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595703 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595594 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595469 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595358 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595250 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595140 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 595031 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594922 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594813 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594688 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594578 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Thread delayed: delay time: 594469 |
Jump to behavior |