Source: AcroRd32.exe | String found in binary or memory: file:/// |
Source: turla.exe | String found in binary or memory: file:///C:/Users/user/AppData/Roaming/Scr.js0 |
Source: turla.exe | String found in binary or memory: file:///C:/Users/user/AppData/Roaming/Scr.jsD |
Source: turla.exe | String found in binary or memory: file:///C:/Users/user/AppData/Roaming/Scr.jsV |
Source: turla.exe | String found in binary or memory: file:///C:/Users/user/Desktop/ |
Source: turla.exe | String found in binary or memory: file:///C:/Users/user/Desktop/turla.exev1.0 |
Source: turla.exe | String found in binary or memory: file:///C:/Windows/Microsoft.NET/Framework/v2.0.50727/ |
Source: wscript.exe | String found in binary or memory: file:///C:/Windows/System32/cmd.exe |
Source: AcroRd32.exe | String found in binary or memory: file://AcrobatMedia009424 |
Source: AcroRd32.exe | String found in binary or memory: file://AcrobatMedia009424/c/0 |
Source: AcroRd32.exe | String found in binary or memory: file://AcrobatMedia009424/c/07 |
Source: AcroRd32.exe | String found in binary or memory: file://AcrobatMedia009424/c/0Error |
Source: AcroRd32.exe | String found in binary or memory: file://AcrobatMedia009424/c/0Vector. |
Source: AcroRd32.exe | String found in binary or memory: file://AcrobatMedia009424/c/0file://AcrobatMedia009424/c/0file://AcrobatMedia009424/c/0 |
Source: AcroRd32.exe | String found in binary or memory: file://AcrobatMedia009424/c/0spark.components::Applicationspark.components.ApplicationError |
Source: AcroRd32.exe | String found in binary or memory: file://AcrobatMedia009424/c/0xi |
Source: AcroRd32.exe | String found in binary or memory: file://AcrobatMedia009424/d/0 |
Source: AcroRd32.exe | String found in binary or memory: http:// |
Source: AcroRd32.exe | String found in binary or memory: http://$( |
Source: AcroRd32.exe | String found in binary or memory: http://.acrocomcontent.com |
Source: AcroRd32.exe | String found in binary or memory: http://E |
Source: AcroRd32.exe | String found in binary or memory: http://cipa.jp/exif/1.0/ |
Source: AcroRd32.exe | String found in binary or memory: http://cipa.jp/exif/1.0/ul |
Source: AcroRd32.exe | String found in binary or memory: http://crl.geotrust.com/crls/gtglobal.crl04 |
Source: AcroRd32.exe | String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0 |
Source: AcroRd32.exe | String found in binary or memory: http://evcs-aia.ws.symantec.com/evcs.cer0 |
Source: AcroRd32.exe | String found in binary or memory: http://evcs-crl.ws.symantec.com/evcs.crl0 |
Source: AcroRd32.exe | String found in binary or memory: http://evcs-ocsp.ws.symantec.com04 |
Source: AcroRd32.exe | String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/ |
Source: AcroRd32.exe | String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/PK |
Source: AcroRd32.exe | String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/ |
Source: AcroRd32.exe | String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/)K |
Source: AcroRd32.exe | String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/.K |
Source: AcroRd32.exe | String found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/ |
Source: AcroRd32.exe | String found in binary or memory: http://ocsp.geotrust.com0K |
Source: AcroRd32.exe | String found in binary or memory: http://ocsp.thawte.com0 |
Source: AcroRd32.exe | String found in binary or memory: http://recentfiles |
Source: AcroRd32.exe, UserCache.bin.4.dr | String found in binary or memory: http://recentfiles. |
Source: AcroRd32.exe, UserCache.bin.4.dr | String found in binary or memory: http://recentfiles.com.adobe.acrobat.extensions.files_description |
Source: wscript.exe | String found in binary or memory: http://schemas.m |
Source: wscript.exe | String found in binary or memory: http://treso |
Source: wscript.exe | String found in binary or memory: http://tresor-rare.com.hk/wp-content/plugins/wordpress-seo/v= |
Source: AcroRd32.exe | String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0 |
Source: AcroRd32.exe | String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0( |
Source: AcroRd32.exe | String found in binary or memory: http://ts-ocsp.ws.symantec.com07 |
Source: AcroRd32.exe | String found in binary or memory: http://w |
Source: AcroRd32.exe | String found in binary or memory: http://ww |
Source: AcroRd32.exe | String found in binary or memory: http://ww4 |
Source: AcroRd32.exe | String found in binary or memory: http://www |
Source: AcroRd32.exe | String found in binary or memory: http://www.ad |
Source: AcroRd32.exe | String found in binary or memory: http://www.adob |
Source: AcroRd32.exe | String found in binary or memory: http://www.adobl- |
Source: AcroRd32.exe | String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/ |
Source: AcroRd32.exe | String found in binary or memory: http://www.aiim.org/pdfa/ns/field# |
Source: AcroRd32.exe | String found in binary or memory: http://www.aiim.org/pdfa/ns/id/ |
Source: AcroRd32.exe | String found in binary or memory: http://www.aiim.org/pdfa/ns/property# |
Source: AcroRd32.exe | String found in binary or memory: http://www.aiim.org/pdfa/ns/schema# |
Source: AcroRd32.exe | String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#5K |
Source: AcroRd32.exe | String found in binary or memory: http://www.aiim.org/pdfa/ns/type# |
Source: AcroRd32.exe | String found in binary or memory: http://www.aiim.org/pdfe/ns/id/ |
Source: AcroRd32.exe | String found in binary or memory: http://www.dictionary.com/cgi-bin/dict.pl?term=$o8 |
Source: AcroRd32.exe | String found in binary or memory: http://www.geotrust.com/resources/cps0( |
Source: wscript.exe | String found in binary or memory: http://www.huluwa.uk/wp-content/plugin |
Source: wscript.exe | String found in binary or memory: http://www.huluwa.uk/wp-content/plugins/woocommerce/includes/class-wc-log.php |
Source: AcroRd32.exe | String found in binary or memory: http://www.macromedia.com |
Source: AcroRd32.exe | String found in binary or memory: http://www.macromedia.comfile://AcrobatMedia009424/c/0file://AcrobatMedia009424 |
Source: AcroRd32.exe | String found in binary or memory: http://www.npes.org/pdfx/ns/id/ |
Source: AcroRd32.exe | String found in binary or memory: http://www.symauth.com/cps0( |
Source: AcroRd32.exe | String found in binary or memory: http://www.symauth.com/cps09 |
Source: AcroRd32.exe | String found in binary or memory: http://www.symauth.com/rpa04 |
Source: AcroRd32.exe | String found in binary or memory: http://www.w3 |
Source: AcroRd32.exe | String found in binary or memory: http://www.w3z |
Source: AcroRd32.exe | String found in binary or memory: http://wwwf |
Source: AcroRd32.exe | String found in binary or memory: http://wwwi8 |
Source: AcroRd32.exe | String found in binary or memory: https:// |
Source: AcroRd32.exe | String found in binary or memory: https://.acrocomcontent.com |
Source: AcroRd32.exe | String found in binary or memory: https://QA |
Source: AcroRd32.exe | String found in binary or memory: https://WebServiceJob/com.adobe.acrobat.ADotCom/Resource/ |
Source: AcroRd32.exe | String found in binary or memory: https://WebServiceJob/com.adobe.acrobat.ADotCom/Resource/api |
Source: AcroRd32.exe | String found in binary or memory: https://WebServiceJob/com.adobe.acrobat.RFLMAP/Resource/ |
Source: AcroRd32.exe | String found in binary or memory: https://WebServiceJob/com.adobe.acrobat.RFLMAP/Resource/) |
Source: AcroRd32.exe | String found in binary or memory: https://idisk.mac.com/ |
Source: AcroRd32.exe | String found in binary or memory: https://ims-na1.adobelogin.com |
Source: AcroRd32.exe, ReaderMessages-journal.4.dr | String found in binary or memory: https://www.acro |
Source: AcroRd32.exe | String found in binary or memory: https://www.macromedia.com/support/flashplayer/sys/ |
Source: AcroRd32.exe | String found in binary or memory: https://www.macromedia.com/support/flashplayer/sys/broadcastMessage |
Source: AcroRd32.exe | String found in binary or memory: https://www.macromedia.com/support/flashplayer/sys/xehttps://www.macromedia.com/support/flashplayer/ |
Source: unknown | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c systeminfo > 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: unknown | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c net view >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: unknown | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c net view /domain >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: unknown | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c tasklist /v >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: unknown | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c gpresult /z >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: unknown | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c netstat -nao >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: unknown | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c ipconfig /all >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: unknown | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c arp -a >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: unknown | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c net share >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: C:\Windows\System32\wscript.exe | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c systeminfo > 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: C:\Windows\System32\wscript.exe | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c net view >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: C:\Windows\System32\wscript.exe | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c net view /domain >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: C:\Windows\System32\wscript.exe | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c tasklist /v >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: C:\Windows\System32\wscript.exe | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c gpresult /z >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: C:\Windows\System32\wscript.exe | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c netstat -nao >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: C:\Windows\System32\wscript.exe | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c ipconfig /all >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: C:\Windows\System32\wscript.exe | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c arp -a >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: C:\Windows\System32\wscript.exe | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c net share >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: C:\Windows\System32\wscript.exe | Key opened: HKEY_USERS\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\System32\wscript.exe | Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\System32\wscript.exe | Key opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Source: C:\Windows\System32\wscript.exe | Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Source: C:\Windows\System32\wscript.exe | Key opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Progid |
Source: C:\Windows\System32\wscript.exe | Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Progid |
Source: C:\Windows\System32\wscript.exe | Key opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ProgID |
Source: C:\Windows\System32\wscript.exe | Key opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Progid |
Source: C:\Windows\System32\wscript.exe | Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Progid |
Source: C:\Windows\System32\wscript.exe | Key opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ProgID |
Source: C:\Windows\System32\wscript.exe | Key opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd} |
Source: C:\Windows\System32\wscript.exe | Key opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd} |
Source: C:\Windows\System32\wscript.exe | Key opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Source: C:\Windows\System32\wscript.exe | Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Source: C:\Windows\System32\wscript.exe | Key opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Source: C:\Windows\System32\wscript.exe | Key opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Source: C:\Windows\System32\wscript.exe | Key opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Source: C:\Windows\System32\wscript.exe | Key opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Source: C:\Windows\System32\wscript.exe | Key opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Source: C:\Windows\System32\wscript.exe | Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Source: C:\Windows\System32\wscript.exe | Key opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Source: C:\Windows\System32\wscript.exe | Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Source: C:\Windows\System32\wscript.exe | Key opened: HKEY_USERS\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\System32\wscript.exe | Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Source: C:\Windows\System32\wscript.exe | Key opened: HKEY_USERS\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Source: C:\Windows\System32\wscript.exe | Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Source: C:\Windows\System32\systeminfo.exe | Console Write: ..@.......|u..........|up.............|u..0.............t...~...............(.................>w......@................. |
Source: C:\Windows\System32\systeminfo.exe | Console Write: ..........|u........L.o.a.d.i.n.g. .O.p.e.r.a.t.i.n.g. .S.y.s.t.e.m. .I.n.f.o.r.m.a.t.i.o.n. .......\...P.....@......... |
Source: C:\Windows\System32\systeminfo.exe | Console Write: ..@.......|u..........|u..............|u..0.............\...................|...........P.....>wP.....@................. |
Source: C:\Windows\System32\systeminfo.exe | Console Write: ..........|u........L.o.a.d.i.n.g. .C.o.m.p.u.t.e.r. .I.n.f.o.r.m.a.t.i.o.n. ...........P.....>wP.......@.....@......... |
Source: C:\Windows\System32\systeminfo.exe | Console Write: ..@.......|u..........|u(.............|u..0.............\...k.................................>w......@................. |
Source: C:\Windows\System32\systeminfo.exe | Console Write: ..........|u........L.o.a.d.i.n.g. .P.r.o.c.e.s.s.o.r. .I.n.f.o.r.m.a.t.i.o.n. ...............>w........B.....@......... |
Source: C:\Windows\System32\systeminfo.exe | Console Write: ..@.......|u..........|u..............|u..0.............\...F............................#....>w.#....@................. |
Source: C:\Windows\System32\systeminfo.exe | Console Write: ..........|u........L.o.a.d.i.n.g. .B.I.O.S. .I.n.f.o.r.m.a.t.i.o.n. ....................#....>w.#......8.....@......... |
Source: C:\Windows\System32\systeminfo.exe | Console Write: ..@.......|u..........|u<.............|u..0.............\...a...........................H.....>wH.....@................. |
Source: C:\Windows\System32\systeminfo.exe | Console Write: ..........|u........L.o.a.d.i.n.g. .I.n.p.u.t. .L.o.c.a.l.e. .I.n.f.o.r.m.a.t.i.o.n. .........>wH...(...H.....@......... |
Source: C:\Windows\System32\systeminfo.exe | Console Write: ..@.......|u..........|u<.............|u..0.............\...<.................................:w..{...@................. |
Source: C:\Windows\System32\systeminfo.exe | Console Write: ..........|u........L.o.a.d.i.n.g. .T.i.m.e.Z.o.n.e. .I.n.f.o.r.m.a.t.i.o.n. .................:w..{.(...@.....@......... |
Source: C:\Windows\System32\systeminfo.exe | Console Write: ..@.......|u..........|uP.............|u..0.............\...W.................................:w..{...@................. |
Source: C:\Windows\System32\systeminfo.exe | Console Write: ..........|u........L.o.a.d.i.n.g. .P.r.o.f.i.l.e. .I.n.f.o.r.m.a.t.i.o.n. ...................:w..{.<...>.....@......... |
Source: C:\Windows\System32\systeminfo.exe | Console Write: ..@.......|u..........|u8.............|u..0.............@...............................@.....>w@.....@................. |
Source: C:\Windows\System32\systeminfo.exe | Console Write: ..........|u........L.o.a.d.i.n.g. .P.a.g.e.f.i.l.e. .I.n.f.o.r.m.a.t.i.o.n. ...........@.....>w@...$...@.....@......... |
Source: C:\Windows\System32\systeminfo.exe | Console Write: ..@.......|u..........|u,.............|u..0.............@................................"....>w."....@................. |
Source: C:\Windows\System32\systeminfo.exe | Console Write: ..........|u........L.o.a.d.i.n.g. .H.o.t.f.i.x. .I.n.f.o.r.m.a.t.i.o.n. ................"....>w."......<.....@......... |
Source: C:\Windows\System32\systeminfo.exe | Console Write: ..@.......|u..........|u..............|u..0.............@...............................P.....>wP.....@................. |
Source: C:\Windows\System32\systeminfo.exe | Console Write: ..........|u........L.o.a.d.i.n.g. .N.e.t.w.o.r.k. .C.a.r.d. .I.n.f.o.r.m.a.t.i.o.n. .........>wP.......H.....@......... |
Source: C:\Windows\System32\systeminfo.exe | Console Write: ..@.......|u..........|u|.............|u..0.................n...............D.w...........6. .........@................. |
Source: C:\Windows\System32\gpresult.exe | Console Write: ..#.......|u..........|u<.............|u..0.....(...........S...........................Px/...>wPx/...#..............W.. |
Source: C:\Windows\System32\gpresult.exe | Console Write: ..........|u........G.e.t.t.i.n.g. .t.h.e. .u.s.e.r. .d.a.t.a. .........................Px/...>wPx/.(...2.....#......... |
Source: C:\Windows\System32\gpresult.exe | Console Write: ..#.......|u..........|u..............|u..0.....(...........[...............x...........HQ/...>wHQ/...#..............W.. |
Source: C:\Windows\System32\gpresult.exe | Console Write: ..........|u........C.o.n.n.e.c.t.i.n.g. .t.o. .t.h.e. .R.S.O.P. .n.a.m.e.s.p.a.c.e. .........>wHQ/.....H.....#......... |
Source: C:\Windows\System32\gpresult.exe | Console Write: ..#.......|u..........|u..............|u..0.....(...........o...............x............x/...>w.x/...#..............W.. |
Source: C:\Windows\System32\gpresult.exe | Console Write: ..........|u........G.e.t.t.i.n.g. .t.h.e. .R.S.O.P. .m.e.t.h.o.d. .........x............x/...>w.x/.....6.....#......... |
Source: C:\Windows\System32\gpresult.exe | Console Write: ..#.......|u..........|u..............|u..0.....(...........w...............x.............-...>w..-...#..............W.. |
Source: C:\Windows\System32\gpresult.exe | Console Write: ..........|u........G.e.t.t.i.n.g. .t.h.e. .S.I.D. .i.n.f.o.r.m.a.t.i.o.n. ...............-...>w..-.....>.....#......... |
Source: C:\Windows\System32\gpresult.exe | Console Write: ..#.......|u..........|u..............|u..0.....(.......0...C...............x............x/...>w.x/...#..............W.. |
Source: C:\Windows\System32\gpresult.exe | Console Write: ..........|u........G.e.t.t.i.n.g. .t.h.e. .u.s.e.r. .n.a.m.e. .............x............x/...>w.x/.....2.....#......... |
Source: C:\Windows\System32\gpresult.exe | Console Write: ..#.......|u..........|u..............|u..0.....(.......0..._...........................H....Q..0.....#..............W.. |
Source: C:\Windows\System32\gpresult.exe | Console Write: ..#.......|u..........|u..............|u..0.....(.......0...e...............x.................>w......#..............W.. |
Source: C:\Windows\System32\gpresult.exe | Console Write: ..........|u........G.e.t.t.i.n.g. .t.h.e. .l.o.c.a.l. .p.r.o.f.i.l.e. .f.o.r. ...............>w........B.....#......... |
Source: C:\Windows\System32\gpresult.exe | Console Write: ..#.......|u..........|u..............|u..0.....(.......0...................x.................>w......#..............W.. |
Source: C:\Windows\System32\gpresult.exe | Console Write: ..........|u........G.e.t.t.i.n.g. .t.h.e. .c.o.m.m.o.n. .i.n.f.o.r.m.a.t.i.o.n. .............>w........D.....#......... |
Source: C:\Windows\System32\gpresult.exe | Console Write: ..#.......|u..........|ut.............|u..0.....(.......0...................,...........0.-...>w0.-...#..............W.. |
Source: C:\Windows\System32\gpresult.exe | Console Write: ..........|u........G.e.t.t.i.n.g. .t.h.e. .O.S. .i.n.f.o.r.m.a.t.i.o.n. ...............0.-...>w0.-.`...<.....#......... |
Source: C:\Windows\System32\gpresult.exe | Console Write: ..#.......|u..........|u..............|u..0.....(...........{.................................:w..{...#..............W.. |
Source: C:\Windows\System32\gpresult.exe | Console Write: ..........|u........R.e.t.r.i.e.v.i.n.g. .R.S.O.P. .d.a.t.a. .................................:w..{.....0.....#......... |
Source: C:\Windows\System32\gpresult.exe | Console Write: ..#.......|u..........|u<.............|u..0.....(.......................................P.-...>wP.-...#..............W.. |
Source: C:\Windows\System32\gpresult.exe | Console Write: ..........|u........G.e.t.t.i.n.g. .t.h.e. .R.S.O.P. .p.r.o.v.i.d.e.r. .................P.-...>wP.-.(...:.....#......... |
Source: C:\Windows\System32\gpresult.exe | Console Write: ..#.......|u..........|u<.............|u..0.....(........................................y/...>w.y/...#..............W.. |
Source: C:\Windows\System32\gpresult.exe | Console Write: ..........|u........G.e.t.t.i.n.g. .t.h.e. .R.S.O.P. .m.e.t.h.o.d. ......................y/...>w.y/.(...6.....#......... |
Source: C:\Windows\System32\gpresult.exe | Console Write: ..#.......|u..........|u<.............|u..0.....(.............................................:w..{...#..............W.. |
Source: C:\Windows\System32\gpresult.exe | Console Write: ..........|u........P.u.t.t.i.n.g. .t.h.e. .S.I.D. ...........................................:w..{.(...&.....#......... |
Source: C:\Windows\System32\gpresult.exe | Console Write: ..#.......|u..........|u<.............|u..0.....(.............................{.........PY>w..........#..............W.. |
Source: C:\Windows\System32\gpresult.exe | Console Write: ..#.......|u..........|u<.............|u..0.....(.............................{.........PY>w..........#.......#......... |
Source: C:\Windows\System32\gpresult.exe | Console Write: ..#.......|u..........|u<.............|u..0.....(.......................................C..........~..#..............W.. |
Source: C:\Windows\System32\gpresult.exe | Console Write: ..#.......|u..........|u<.............|u..0.....(.......................................C..........~..#.j.....#......... |
Source: C:\Windows\System32\gpresult.exe | Console Write: ..#.......|u..........|u@.............|u..0.....(...........3&.................v........c......v 2/...#..............W.. |
Source: C:\Windows\System32\gpresult.exe | Console Write: ..#.......|u..........|u..............|u..0.....(............B................................:w..{...#..............W.. |
Source: C:\Windows\System32\gpresult.exe | Console Write: ..........|u........G.e.t.t.i.n.g. .t.h.e. .u.s.e.r. .n.a.m.e. ...............................:w..{.....2.....#......... |
Source: C:\Windows\System32\gpresult.exe | Console Write: ..#.......|u..........|u..............|u..0.....(...........9B........................................#..............W.. |
Source: C:\Windows\System32\gpresult.exe | Console Write: ..#.......|u..........|u..............|u..0.....(...........?B................................:w..{...#..............W.. |
Source: C:\Windows\System32\gpresult.exe | Console Write: ..#.......|u..........|u..............|u..0.....(...........JB........................................#..............W.. |
Source: unknown | Process created: C:\Users\user\Desktop\turla.exe 'C:\Users\user\Desktop\turla.exe' |
Source: unknown | Process created: C:\Windows\System32\wscript.exe 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Roaming\Scr.js' |
Source: unknown | Process created: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe 'C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe' 'C:\Users\user\AppData\Roaming\Save the Date G20 Digital Economy Taskforce 23 24 October.pdf' |
Source: unknown | Process created: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe 'C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe' --channel=3412.0.1190326145 --type=renderer 'C:\Users\user\AppData\Roaming\Save the Date G20 Digital Economy Taskforce 23 24 October.pdf' |
Source: unknown | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c systeminfo > 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: unknown | Process created: C:\Windows\System32\systeminfo.exe systeminfo |
Source: unknown | Process created: C:\Windows\System32\taskeng.exe taskeng.exe {1CB75A7D-1803-47C7-91DA-EA5266AAF4C1} S-1-5-21-312302014-279660585-3511680526-1004:computer\user:Interactive:[1] |
Source: unknown | Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe 'appidpolicyconverter.js' FileTypeXML gwVAj83JsiqTz5fG |
Source: unknown | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c net view >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: unknown | Process created: C:\Windows\System32\net.exe net view |
Source: unknown | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c net view /domain >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: unknown | Process created: C:\Windows\System32\net.exe net view /domain |
Source: unknown | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c tasklist /v >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: unknown | Process created: C:\Windows\System32\tasklist.exe tasklist /v |
Source: unknown | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c gpresult /z >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: unknown | Process created: C:\Windows\System32\gpresult.exe gpresult /z |
Source: unknown | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c netstat -nao >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: unknown | Process created: C:\Windows\System32\NETSTAT.EXE netstat -nao |
Source: unknown | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c ipconfig /all >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: unknown | Process created: C:\Windows\System32\ipconfig.exe ipconfig /all |
Source: unknown | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c arp -a >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: unknown | Process created: C:\Windows\System32\ARP.EXE arp -a |
Source: unknown | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c net share >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: unknown | Process created: C:\Windows\System32\net.exe net share |
Source: unknown | Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 share |
Source: unknown | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c net use >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: C:\Users\user\Desktop\turla.exe | Process created: C:\Windows\System32\wscript.exe 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Roaming\Scr.js' |
Source: C:\Users\user\Desktop\turla.exe | Process created: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe 'C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe' 'C:\Users\user\AppData\Roaming\Save the Date G20 Digital Economy Taskforce 23 24 October.pdf' |
Source: C:\Windows\System32\wscript.exe | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c systeminfo > 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: C:\Windows\System32\wscript.exe | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c net view >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: C:\Windows\System32\wscript.exe | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c net view /domain >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: C:\Windows\System32\wscript.exe | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c tasklist /v >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: C:\Windows\System32\wscript.exe | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c gpresult /z >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: C:\Windows\System32\wscript.exe | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c netstat -nao >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: C:\Windows\System32\wscript.exe | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c ipconfig /all >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: C:\Windows\System32\wscript.exe | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c arp -a >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: C:\Windows\System32\wscript.exe | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c net share >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: C:\Windows\System32\wscript.exe | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c net use >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: C:\Windows\System32\wscript.exe | Process created: unknown unknown |
Source: C:\Windows\System32\wscript.exe | Process created: unknown unknown |
Source: C:\Windows\System32\wscript.exe | Process created: unknown unknown |
Source: C:\Windows\System32\wscript.exe | Process created: unknown unknown |
Source: C:\Windows\System32\wscript.exe | Process created: unknown unknown |
Source: C:\Windows\System32\wscript.exe | Process created: unknown unknown |
Source: C:\Windows\System32\wscript.exe | Process created: unknown unknown |
Source: C:\Windows\System32\wscript.exe | Process created: unknown unknown |
Source: C:\Windows\System32\wscript.exe | Process created: unknown unknown |
Source: C:\Windows\System32\wscript.exe | Process created: unknown unknown |
Source: C:\Windows\System32\wscript.exe | Process created: unknown unknown |
Source: C:\Windows\System32\wscript.exe | Process created: unknown unknown |
Source: C:\Windows\System32\wscript.exe | Process created: unknown unknown |
Source: C:\Windows\System32\wscript.exe | Process created: unknown unknown |
Source: C:\Windows\System32\wscript.exe | Process created: unknown unknown |
Source: C:\Windows\System32\wscript.exe | Process created: unknown unknown |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process created: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe 'C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe' --channel=3412.0.1190326145 --type=renderer 'C:\Users\user\AppData\Roaming\Save the Date G20 Digital Economy Taskforce 23 24 October.pdf' |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\systeminfo.exe systeminfo |
Source: C:\Windows\System32\taskeng.exe | Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe 'appidpolicyconverter.js' FileTypeXML gwVAj83JsiqTz5fG |
Source: C:\Windows\System32\taskeng.exe | Process created: unknown unknown |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\net.exe net view |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\net.exe net view /domain |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\tasklist.exe tasklist /v |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\gpresult.exe gpresult /z |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\NETSTAT.EXE netstat -nao |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\ipconfig.exe ipconfig /all |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\ARP.EXE arp -a |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\net.exe net share |
Source: C:\Windows\System32\net.exe | Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 share |
Source: C:\Windows\System32\cmd.exe | Process created: unknown unknown |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Code function: 4_2_00712A10 NtOpenKey, | 4_2_00712A10 |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Code function: 4_2_007129D0 NtCreateKey, | 4_2_007129D0 |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Code function: 4_2_00712AD0 NtCreateMutant, | 4_2_00712AD0 |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Code function: 4_2_00712B90 NtDeleteValueKey, | 4_2_00712B90 |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Code function: 4_2_00712B10 NtCreateSection, | 4_2_00712B10 |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Code function: 4_2_00712E90 NtMapViewOfSection, | 4_2_00712E90 |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Code function: 4_2_00712850 NtOpenFile, | 4_2_00712850 |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Code function: 4_2_00712890 NtQueryAttributesFile, | 4_2_00712890 |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Code function: 4_2_00712B50 NtOpenSection, | 4_2_00712B50 |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Code function: 4_2_00712A50 NtOpenKeyEx, | 4_2_00712A50 |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Code function: 4_2_00712800 NtCreateFile, | 4_2_00712800 |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Code function: 4_2_00712910 NtSetInformationFile, | 4_2_00712910 |
Source: C:\Users\user\Desktop\turla.exe | Process created: C:\Windows\System32\wscript.exe 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Roaming\Scr.js' |
Source: C:\Users\user\Desktop\turla.exe | Process created: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe 'C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe' 'C:\Users\user\AppData\Roaming\Save the Date G20 Digital Economy Taskforce 23 24 October.pdf' |
Source: C:\Windows\System32\wscript.exe | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c systeminfo > 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: C:\Windows\System32\wscript.exe | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c net view >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: C:\Windows\System32\wscript.exe | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c net view /domain >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: C:\Windows\System32\wscript.exe | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c tasklist /v >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: C:\Windows\System32\wscript.exe | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c gpresult /z >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: C:\Windows\System32\wscript.exe | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c netstat -nao >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: C:\Windows\System32\wscript.exe | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c ipconfig /all >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: C:\Windows\System32\wscript.exe | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c arp -a >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: C:\Windows\System32\wscript.exe | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c net share >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: C:\Windows\System32\wscript.exe | Process created: C:\Windows\System32\cmd.exe 'C:\Windows\System32\cmd.exe' /c net use >> 'C:\Users\user\AppData\Roaming\Microsoft\Protect\~~.tmp' |
Source: C:\Windows\System32\wscript.exe | Process created: unknown unknown |
Source: C:\Windows\System32\wscript.exe | Process created: unknown unknown |
Source: C:\Windows\System32\wscript.exe | Process created: unknown unknown |
Source: C:\Windows\System32\wscript.exe | Process created: unknown unknown |
Source: C:\Windows\System32\wscript.exe | Process created: unknown unknown |
Source: C:\Windows\System32\wscript.exe | Process created: unknown unknown |
Source: C:\Windows\System32\wscript.exe | Process created: unknown unknown |
Source: C:\Windows\System32\wscript.exe | Process created: unknown unknown |
Source: C:\Windows\System32\wscript.exe | Process created: unknown unknown |
Source: C:\Windows\System32\wscript.exe | Process created: unknown unknown |
Source: C:\Windows\System32\wscript.exe | Process created: unknown unknown |
Source: C:\Windows\System32\wscript.exe | Process created: unknown unknown |
Source: C:\Windows\System32\wscript.exe | Process created: unknown unknown |
Source: C:\Windows\System32\wscript.exe | Process created: unknown unknown |
Source: C:\Windows\System32\wscript.exe | Process created: unknown unknown |
Source: C:\Windows\System32\wscript.exe | Process created: unknown unknown |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\systeminfo.exe systeminfo |
Source: C:\Windows\System32\taskeng.exe | Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe 'appidpolicyconverter.js' FileTypeXML gwVAj83JsiqTz5fG |
Source: C:\Windows\System32\taskeng.exe | Process created: unknown unknown |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\net.exe net view |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\net.exe net view /domain |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\tasklist.exe tasklist /v |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\gpresult.exe gpresult /z |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\NETSTAT.EXE netstat -nao |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\ipconfig.exe ipconfig /all |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\ARP.EXE arp -a |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\net.exe net share |
Source: C:\Windows\System32\net.exe | Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 share |
Source: C:\Windows\System32\cmd.exe | Process created: unknown unknown |
Source: C:\Users\user\Desktop\turla.exe TID: 3368 | Thread sleep time: -922337203685477s >= -60000s |
Source: C:\Windows\System32\wscript.exe TID: 3484 | Thread sleep time: -60000s >= -60000s |
Source: C:\Windows\System32\systeminfo.exe TID: 3604 | Thread sleep time: -120000s >= -60000s |
Source: C:\Windows\System32\systeminfo.exe TID: 3604 | Thread sleep time: -60000s >= -60000s |
Source: C:\Windows\System32\wscript.exe TID: 3952 | Thread sleep time: -180000s >= -60000s |
Source: C:\Windows\System32\wscript.exe TID: 3952 | Thread sleep time: -60000s >= -60000s |
Source: C:\Windows\System32\tasklist.exe TID: 4076 | Thread sleep time: -180000s >= -60000s |
Source: C:\Windows\System32\tasklist.exe TID: 4076 | Thread sleep time: -60000s >= -60000s |
Source: C:\Windows\System32\gpresult.exe TID: 2216 | Thread sleep count: 34 > 30 |
Source: C:\Windows\System32\gpresult.exe TID: 2216 | Thread sleep time: -2040000s >= -60000s |
Source: C:\Windows\System32\ipconfig.exe TID: 2512 | Thread sleep time: -120000s >= -60000s |
Source: C:\Windows\System32\ipconfig.exe TID: 2512 | Thread sleep time: -60000s >= -60000s |
Source: C:\Users\user\Desktop\turla.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\turla.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\turla.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\turla.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\turla.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\turla.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\turla.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\turla.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\turla.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\turla.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\turla.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\turla.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\turla.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\turla.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\turla.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\turla.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\turla.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\turla.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\turla.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\turla.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\turla.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\turla.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\turla.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\turla.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\cmd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\cmd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\cmd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\taskeng.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\taskeng.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\taskeng.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\taskeng.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\cmd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\cmd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\cmd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\cmd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\cmd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\cmd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\cmd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\cmd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\cmd.exe | Process information set: NOOPENFILEERRORBOX |