Internet Provider seen in connection with other malwareįound strings which match to known social media urls IP address seen in connection with other malware Process created: C:\Windows \System32\ nslookup.e xe nslooku p myip.op resolver1. Multi AV Scanner detection for submitted fileĪntivirus or Machine Learning detection for unpacked file Multi AV Scanner detection for dropped file Multi AV Scanner detection for domain / URL com/wp-con tent/uploa ds/2019/10 /data.exeĪntivirus or Machine Learning detection for dropped fileĪntivirus or Machine Learning detection for sampleĪvira: detection malicious, Label: VB A/Dldr.Age nt.yyeyv Report size getting too big, too many NtSetInformationFile calls found.ĭeobfuscate/Decode Files or Information 1Įxfiltration Over Command and Control Channel.Report size getting too big, too many NtReadVirtualMemory calls found.Report size getting too big, too many NtQueryValueKey calls found.Report size getting too big, too many NtQueryAttributesFile calls found.Report size getting too big, too many NtProtectVirtualMemory calls found.Report size getting too big, too many NtOpenKeyEx calls found.Report size getting too big, too many NtEnumerateKey calls found.Report size getting too big, too many NtDeviceIoControlFile calls found.Report size getting too big, too many NtCreateFile calls found.Report size exceeded maximum capacity and may have missing disassembly code.Report size exceeded maximum capacity and may have missing behavior information.Execution Graph export aborted for target powershell.exe, PID 3220 because it is empty.Execution Graph export aborted for target RuntimeBroker.exe, PID 4792 because it is empty.Execution Graph export aborted for target RuntimeBroker.exe, PID 3652 because it is empty.Execution Graph export aborted for target RuntimeBroker.exe, PID 3412 because it is empty.Execution Graph export aborted for target RuntimeBroker.exe, PID 2972 because it is empty.Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, wermgr.exe, conhost.exe, CompatTelRunner.exe, svchost.exe.
Found Word or Excel or PowerPoint or XPS Viewer.
0 kommentar(er)
