Analysis
-
max time kernel
152s -
max time network
137s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
05-02-2022 10:16
General
-
Target
DHL INTERNATIONAL GMBH.exe
-
Size
798KB
-
MD5
cb46aab04048194cea26e4ddedd3f10e
-
SHA1
39ec5673efcfb1633cc5d96e115918ecdf317eca
-
SHA256
6bd0bafbf71604a763081677bfa46355b40bc53d66fd70d46ce65b9232a273e5
-
SHA512
a634679620d308add87d9bcf4ae56cf718baab8855afc4ff0aa7a4efe346d80dc94b466d9287499d8905beb3edfd958fe1ce7dfdf3f1a69df826ca17072f5a95
Score
10/10
Malware Config
Extracted
Family
hawkeye_reborn
Version
10.1.2.2
Credentials
Protocol: smtp- Host:
mail.bigmanstan.com - Port:
587 - Username:
[email protected] - Password:
@wealth$2020
Mutex
0328d550-8862-4359-a227-677f0e33ae61
Attributes
-
fields
map[_AntiDebugger:false _AntiVirusKiller:false _BotKiller:false _ClipboardLogger:true _Delivery:0 _DisableCommandPrompt:false _DisableRegEdit:false _DisableTaskManager:false _Disablers:false _EmailPassword:@wealth$2020 _EmailPort:587 _EmailSSL:false _EmailServer:mail.bigmanstan.com _EmailUsername:[email protected] _ExecutionDelay:10 _FTPPort:0 _FTPSFTP:false _FakeMessageIcon:0 _FakeMessageShow:false _FileBinder:false _HideFile:false _HistoryCleaner:false _Install:false _InstallLocation:0 _InstallStartup:false _InstallStartupPersistance:false _KeyStrokeLogger:false _LogInterval:10 _MeltFile:false _Mutex:0328d550-8862-4359-a227-677f0e33ae61 _PasswordStealer:true _ProcessElevation:false _ProcessProtection:false _ScreenshotLogger:false _SystemInfo:false _Version:10.1.2.2 _WebCamLogger:false _WebsiteBlocker:false _WebsiteVisitor:false _WebsiteVisitorVisible:false _ZoneID:false]
-
name
HawkEye Keylogger - RebornX, Version=10.1.2.2, Culture=neutral, PublicKeyToken=null
Signatures
-
HawkEye Reborn
HawkEye Reborn is an enhanced version of the HawkEye malware kit.
-
M00nd3v_Logger
M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
M00nD3v Logger Payload 3 IoCs
Detects M00nD3v Logger payload in memory.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles 1 TTPs 64 IoCs
-
Looks up external IP address via web service 4 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: MapViewOfSection 64 IoCs
-
Suspicious behavior: SetClipboardViewer 56 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
outlook_office_path 1 IoCs
-
outlook_win_path 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 33⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"2⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"3⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 34⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"3⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"4⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 35⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"4⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"5⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"5⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 36⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"5⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"6⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"6⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 37⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"6⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"7⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"7⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 38⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"7⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"8⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"8⤵
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"8⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 39⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"8⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"9⤵
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"9⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 310⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"9⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"10⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"10⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 311⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"10⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"11⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"11⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"11⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 312⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"11⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"12⤵
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"12⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 313⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"12⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"13⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"13⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 314⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"13⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"14⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"14⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 315⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"14⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"15⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"15⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 316⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"15⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"16⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"16⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 317⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"16⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"17⤵
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"17⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 318⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"17⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"18⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"18⤵
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"18⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 319⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"18⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"19⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"19⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 320⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"19⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"20⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"20⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 321⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"20⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"21⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"21⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 322⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"21⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"22⤵
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"22⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 323⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"22⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"23⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"23⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 324⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"23⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"24⤵
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"24⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 325⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"24⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"25⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"25⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 326⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"25⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"26⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"26⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"26⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 327⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"26⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"27⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"27⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 328⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"27⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"28⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"28⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 329⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"28⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"29⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"29⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 330⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"29⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"30⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"30⤵
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"30⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 331⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"30⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"31⤵
- Suspicious behavior: SetClipboardViewer
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"31⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 332⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"31⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"32⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"32⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 333⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"32⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"33⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"33⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 334⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"33⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"34⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"34⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 335⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"34⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"35⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"35⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 336⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"35⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"36⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"36⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 337⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"36⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"37⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"37⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"37⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 338⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"37⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"38⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"38⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 339⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"38⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"39⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"39⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 340⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"39⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"40⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"40⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 341⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"40⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"41⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"41⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 342⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"41⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"42⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"42⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 343⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"42⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"43⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"43⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 344⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"43⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"44⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"44⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 345⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"44⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"45⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"45⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 346⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"45⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"46⤵
- Suspicious behavior: SetClipboardViewer
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"46⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 347⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"46⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"47⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"47⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 348⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"47⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"48⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"48⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 349⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"48⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"49⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"49⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 350⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"49⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"50⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"50⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 351⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"50⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"51⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"51⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 352⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"51⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"52⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"52⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 353⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"52⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"53⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"53⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 354⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"53⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"54⤵
- Suspicious behavior: SetClipboardViewer
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"54⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 355⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"54⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"55⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"55⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 356⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"55⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"56⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"56⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: SetClipboardViewer
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"56⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 357⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"56⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"57⤵
- Suspicious behavior: SetClipboardViewer
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"57⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 358⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"57⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"58⤵
- Suspicious behavior: SetClipboardViewer
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"58⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 359⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"58⤵
- Suspicious use of SetThreadContext
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"59⤵
- Suspicious behavior: SetClipboardViewer
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"59⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 360⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"59⤵
- Suspicious use of SetThreadContext
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"60⤵
- Accesses Microsoft Outlook profiles
- outlook_office_path
- outlook_win_path
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"60⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 361⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"60⤵
- Suspicious use of SetThreadContext
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"61⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"61⤵
- Accesses Microsoft Outlook profiles
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"61⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 362⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"61⤵
- Suspicious use of SetThreadContext
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"62⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"62⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 363⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"62⤵
- Suspicious use of SetThreadContext
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"63⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"63⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 364⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"63⤵
- Suspicious use of SetThreadContext
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"64⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"64⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 365⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"64⤵
- Suspicious use of SetThreadContext
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"65⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"65⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 366⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"65⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"66⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"66⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 367⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"66⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"67⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 368⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"67⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"67⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"67⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"67⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"68⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"68⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 369⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"68⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"69⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"69⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 370⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"69⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"70⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"70⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 371⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"70⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"71⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"71⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 372⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"71⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"72⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"72⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 373⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"72⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"73⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"73⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 374⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"73⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"74⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"74⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"74⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 375⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"74⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"75⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"75⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 376⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"75⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"76⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"76⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 377⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"76⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"77⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"77⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 378⤵
-
C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"C:\Users\Admin\AppData\Local\Temp\DHL INTERNATIONAL GMBH.exe"77⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"78⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
-
Filesize
4KB
-
Filesize
68KB
-
Filesize
4KB
-
Filesize
320KB
-
Filesize
320KB
-
Filesize
4KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
448KB
-
Filesize
824KB
-
Filesize
608KB
-
Filesize
576KB
-
Filesize
24KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
68KB
-
Filesize
33.1MB
-
Filesize
33.1MB
-
Filesize
192KB
-
Filesize
324KB
-
Filesize
4KB
-
Filesize
68KB
-
Filesize
320KB
-
Filesize
964KB
-
Filesize
192KB
-
Filesize
12KB
-
Filesize
256KB
-
Filesize
256KB
-
Filesize
68KB
-
Filesize
4KB
-
Filesize
68KB
-
Filesize
4KB
-
Filesize
324KB
-
Filesize
4KB
-
Filesize
68KB
-
Filesize
4KB
-
Filesize
580KB
-
Filesize
4KB
-
Filesize
68KB
-
Filesize
4KB
-
Filesize
68KB
-
Filesize
4KB
-
Filesize
320KB
-
Filesize
4KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
4KB
-
Filesize
192KB
-
Filesize
320KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
896KB
-
Filesize
2.4MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
33.3MB
-
Filesize
192KB
-
Filesize
4KB
-
Filesize
1.3MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
192KB